Please fill in the form below to subscribe to our blog

The Week in Breach: 01/22/20 – 01/28/20

January 29, 2020

This week, malware compromises online stores, accidents lead to expensive data breaches, and phishing scams top the UK’s threat list.  

Dark Web ID Trends:

Top Source Hits: ID Theft Forums 
Top Compromise Type: 
Domain
Top Industry:
High-Tech & IT
Top Employee Count:
1 – 10 Employees 


United States – Hanna Andersson
https://www.securityweek.com/hanna-andersson-data-breach-hackers-compromise-website-childrens-clothier

Exploit: Malware attack
Hanna Andersson: Children’s clothing maker

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.222 = Severe: Cybercriminals infected Hanna Andersson’s online store with payment skimming malware that collects customers’ personally identifiable information. The breach impacted customers shopping between September 16 and November 11, 2019. The company only identified the breach after being notified by law enforcement, and the consequences were exacerbated because Hanna Andersson failed to follow PCI standards for payment card encryption and CVV management. As a result, the company will likely face both customer blowback and regulatory scrutiny, neither of which will help the business thrive.
1.51 – 2.49 = Severe Risk

Individual Risk: 2.285 = Severe: Hackers obtained customers’ personal and financial data entered at checkout. This includes their names, shipping addresses, billing addresses, payment card numbers, CVV codes, and expiration dates. Unfortunately, it appears that some customers were already victimized by hackers, as law enforcement identified the breach because of fraudulent purchases made online using these credentials. Therefore, anyone impacted by the breach should immediately notify their financial institutions of the event. They also need to carefully review their account details for unusual or fraudulent activity. Credit and identity monitoring services can keep an eye on long-term misuse, ensuring that victims’ information remains secure even after the urgency of the matter has decreased.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Payment skimming malware is a significant, ongoing threat for online retailers. It undermines customer confidence in the buying process and invites costly repercussions from a data breach. However, malware always requires a foothold to gain access to these systems, and every business can fight back by ensuring that their defensive posture is prepared for this increasingly common attack methodology.

ID Agent to the Rescue: Compliance Manager™ automates data privacy standards, eliminating guesswork and ensuring efficiency at every stage. Learn more at: https://www.idagent.com/compliance-manager.

United States – Health Quest
https://www.tripwire.com/state-of-security/security-data-protection/health-quest-begins-notifying-patients-affected-by-phishing-incident/

Exploit: Phishing scam
Health Quest: Network of hospitals and healthcare providers

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.666 = Severe: Health Quest is updating its data breach announcement from an event that initially occurred in July 2018 when several employees fell for a phishing attack that compromised patients protected health information (PHI). In the attack, employees provided their email account credentials to hackers who used their information to access patient data. The hospital sent breach notifications in May 2019, but the latest announcement expands the depth and scope of the breach. However, it’s unclear why it took the company nearly a year to issue the initial notification and another year to update their assessment. Healthcare breaches are the most expensive of any sector, and Health Quest will likely endure high recovery costs along with intense regulatory scrutiny.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: After the breach, Health Quest announced that it would implement two-factor authentication to secure employee accounts and is instituting employee awareness training to guard against future phishing attacks. Unfortunately, these efforts won’t recover any compromised data, and it won’t mitigate the damage from this breach. To protect data, these highly effective defense tactics need to be deployed before a breach occurs.

ID Agent to the Rescue: With Passly™, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more: https://www.idagent.com/passly.

United States – The Center for Neurological and Neurodevelopment 
https://finance.yahoo.com/news/center-neurological-neurodevelopmental-health-notifies-223000719.html

Exploit: Phishing scam
The Center for Neurological and Neurodevelopment (CNNH): Healthcare provider

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.777 = Severe: Hackers gained access to an employee account containing patients’ protected health information. The unauthorized access lasted for more than a month, occurring between October 7, 2019 and November 22, 2019. In response, CNNH secured the account and hired a third-party forensics team to investigate the breach. However, the diagnosis is unlikely to be positive, and the company likely faces an expensive road ahead.
1.51 – 2.49 = Severe Risk

Individual Risk: 2 = Severe: The data breach doesn’t include all CNNH patients, but hackers did have access to patient data contained in the employee email account. This could include patient names, addresses, dates of birth, health insurance information, medical/patient record numbers, and treatment information. CNNH encourages all victims to closely monitor their accounts and insurance statements to check for fraudulent activity and to notify their insurance providers if they discover false charges.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: CNNH secured the account by resetting its credentials and is updating company-wide email standards by enabling two-factor authentication and updating employee training initiatives. These simple data security measures should be standard at every company, and they have to be implemented before a breach occurs. With the cost and consequences of a breach continually increasing, companies can’t afford to wait until it’s too late to take steps to protect their data.

ID Agent to the Rescue: BullPhish IDTM simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

United Kingdom – EuroTickets2020
https://www.bleepingcomputer.com/news/security/euro-cup-and-olympics-ticket-reseller-hit-by-magecart/

Exploit: Malware attack
EuroTickets2020: Online ticket reseller

1.51 – 2.49 = Severe Risk Risk to Small Business: 2 = Severe: PlanetDrugsDirect sent emails and direct mail to its customers, notifying them of a data breach that compromised customers’ personal health information (PHI). In addition to customer blowback, PlanetDrugsDirect will face intense regulatory scrutiny because of the sensitive nature of the data compromised. Additionally, their response was ambiguous at best, minimizing the company’s ability to begin restoring customer confidence in the wake of the data breach.
1.51 – 2.49 = Severe Risk

Individual Risk: 2.428 = Severe: Anyone shopping on EuroTickets2020 on or after January 7th likely had their personal information and payment card details compromised. It’s recommended that those impacted by the breach notify their financial institution of the breach and request a new payment card. In addition, they should carefully monitor their accounts for unusual or suspicious activity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: More people than ever before are looking to make purchases online, but businesses erode their viability when they can’t secure the checkout process. MageCart and other payment skimming malware is increasingly common in online stores, which means that companies offering these services should actively look for this malware in their system. When it happens routinely, there is no need to be surprised by bad actors’ attack methodologies.


ID Agent to the Rescue: Dark Web IDTM can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web.

Germany – Regus 
https://www.telegraph.co.uk/technology/2020/01/20/wework-rival-regus-massive-employee-data-breach/

Exploit: Accidental data sharing
Regus: Local municipality

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.222 = Severe: A third-party contractor hired to evaluate employee performance accidentally published their work online through the task management platform Trello. In addition to compromising employees’ personal information, it exposed secret recording initiatives used by the company to assess employees’ performance. It also revealed the company’s obsession with a primary competitor, an embarrassing and potentially damaging disclosure for the company. Regus is sure to face severe backlash from its employees, and the breach will likely have implications under GDPR, which could lead to fines that will hurt the Regus’ financial outlook.
1.51 – 2.49 = Severe Risk

Individual Risk: 2.428 = Severe: Those impacted by the breach had their names, addresses, and performance review details exposed online. This information can be used to craft spear phishing campaigns that further compromise sensitive data, so victims should be especially critical of online communications.

Customers Impacted: 900
How it Could Affect Your Customers’ Business: This incident is a reminder that a data breach is a public relations nightmare with serious implications. Brand erosion and long-term reputational damage often accompany a breach, but every organization can be proactive in this regard by prioritizing data privacy and security in every facet of their business.

ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal AssistTM, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.

Germany – GEDIA Automotive Group
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-threatens-to-publish-data-of-automotive-group/

Exploit: Ransomware
GEDIA Automotive Group: Automotive parts supplier

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.111 = Severe: Hackers infected GEDIA Automotive Group with ransomware. However, when the company refused to pay the ransom, the attackers began releasing company data online. First, the hackers released a spreadsheet containing details about the company’s Active Directory Environment, which could make it more difficult to protect their IT in the future. At the same time, it reflects an escalation in ransomware attacks, which have seen a substantial uptick in the past year. Rather than moving on if a company refuses to pay a ransom, hackers are exfiltrating data to further motivate companies to pay up or face an even more devastating data breach.

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks spiked in 2019, and it appears that this trend is likely to escalate in the year ahead. This increases the impetus for every organization to reassess their data security status. Ransomware attacks always require a vulnerability or foothold to inflict damage, and companies can take intentional steps to mitigate the opportunities for these to result in a costly data breach.

ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

United Kingdom – Capita Education Services
https://www.theregister.co.uk/2020/01/22/capita_education_services_email_spaff/

Exploit: Accidental data sharing
Capita Education Services: Software management and support service

1.51 – 2.49 = Severe Risk Risk to Small Business: 2 = Severe: Capita Education Services accidentally sent an email to customers containing more than 100 user email addresses in the subject line. The event sparked a broad backlash from their customer base, who took to social media and discussion boards to complain about the company’s data privacy standards. Making matters worse, the message led many recipients to believe that they received a phishing scam, further eroding the brand’s reputation. This is the company’s second data breach in the past several years, and they face an uphill battle to regain the trust of their already incredulous customers.
2.5 – 3 = Moderate Risk

Individual Risk: 2.571 = Moderate: 100 users had their email addresses exposed in the data breach. This information directly puts users’ privacy at risk since it can be deployed in phishing scams or cybercrime. Those impacted by the breach should be on the lookout for these types of attacks.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Customers are increasingly unwilling to work with companies that can’t protect their data. In this case, Capita Education Services relies on contracts from school districts that can’t afford a data breach, which could negatively impact their bottom line. However, regardless of the sector, nobody wants to work with a company that appears feckless or indifferent about data security.

ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.

Australia – Atlassian
https://www.crn.com.au/news/atlassian-uncovers-vulnerability-with-exposed-private-certificate-key-535023

Exploit: Software vulnerability
Atlassian: Enterprise software company

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.888 = Severe: Security researchers identified a flaw in Atlassian’s software that exposed an SSL key that could be used by cybercriminals to redirect app traffic to malicious sites. In response, Atlassian pulled the website’s authentication certificate while it identifies and implements solutions. However, the matter is being openly discussed on Twitter, which means that the company will likely endure a degree of reputational damage. As an enterprise-focused business, this could dissuade potential clients from working with Atlassian in the future.

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: While it appears that the company caught the problem before it was exploited by cybercriminals, these types of oversights can lead to devastating data breaches that cause long-lasting reputational damage and carry incredible recovery costs. Accidental, avoidable data breaches are becoming increasingly common, which should serve as a reminder to every organization to routinely examine its defensive posture and data security standards.

ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here: https://www.idagent.com/goal-assist.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.



In Other News:

Phishing Tops UK Cyber Threat Landscape 

Today’s companies face a litany of cybersecurity threats, but, according to the results of a new study, none are more prevalent than phishing attacks. The study, which surveyed UK ICO reports, found that there were 1,080 phishing-related beaches in 2019, a significant increase from 877 the year before. In total, phishing attacks caused 45% of all data breaches. While other notable causes like unauthorized access, ransomware, and brute force password attacks run rampant, none are even close to as prominent as phishing attacks.

This trend reflects cybercriminals’ desire to target employees and individuals who may not be prepared to identify and respond to the innocent-looking messages that frequently arrive in their inboxes. In response, companies can focus their defense initiatives to combat this trend. Employee awareness training is a proven way for companies to transform their employees from a potent risk to a proven line of defense against cybercrime.

To get help implementing comprehensive employee awareness training, contact ID Agent to learn more about how our simulated phishing attacks can equip your employees to respond to this prominent threat.

https://www.bmmagazine.co.uk/news/phishing-dominates-uk-cyber-threat-landscape/


Where in the World is ID Agent:

Jan. 30 – Long Beach, CA: Kaseya Connect IT Local
Jan. 31 – Franklin, TN: Robin Robins’ Producers Club
Feb. 3 – 7 – Phoenix, AZ: ConnectWise Evolve Quarterly
Feb. 4 – Dallas/Ft. Worth, TX: Kaseya Connect IT Local
Feb. 4 – Birmingham, UK: Kaseya Connect IT Local
Feb. 5 – London, UK: Kaseya Connect IT Local
Feb. 6 – Austin, TX: Kaseya Connect IT Local


A Note for Your Customers:

Data Privacy Fines Reach $126 Million 

It’s been just over a year and a half since GDPR’s implementation, and the fines are starting to add up. According to the latest report, the expansive data privacy regulation has levied $126 million in penalties on companies throughout Europe. To some, the fines are relatively modest, a reminder that regulatory oversight can be slow to impact businesses’ bottom lines. However, others see the figure as an ominous reminder that data privacy failures won’t come without consequences. 

At the same time, Europe isn’t the only place imposing financial penalties on companies that can’t protect customer data. California’s Consumer Privacy Act and New York’s SHIELD Act both carry monetary penalties. In 2020, it’s clear that regulation is going to become more normative, not less, and businesses need to prepare. Contact ID Agent today to improve your defensive posture and avoid regulatory fines resulting from a breach.

https://www.cnbc.com/amp/2020/01/19/eu-gdpr-privacy-law-led-to-over-100-million-in-fines.html

 


Data Breach Lists by State:

There are a lot of U.S. state agencies that publish lists of reported data breaches in their respective states. We created a chart of published lists and will keep this updated:

STATE BREACHES
California 1,806 (2012-present)
Delaware 47 (2018-present)
Hawaii 61 (2007-present)
Indiana 5,207 (2014-present)
Iowa 223 (2011-present)
Maine 2,653 (2010-present)
Maryland 4,487 (2015-present)
Massachusetts 14,298 (2007-present)
Montana 1,695 (2015-present)
New Hampshire 2,786 (2007-present)
New Jersey 152 (2017-present)
North Carolina 6,230 (2005-present)
North Dakota 56
Oregon 377 (2015-present)
South Carolina 568
Vermont 536 (2017-2020)
Virginia 3,244 (2012-2018)
Washington 342 (2015-2019)
Wisconsin 166 (2012-2019)


 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!