The Week in Breach: 01/29/20 – 02/04/20
This week, a phishing scam compromised an entire healthcare network, malware impacted productivity, and ransomware attacks become costlier than ever.
Dark Web ID Trends:
Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: Media & Entertainment
Top Employee Count: 251 – 500 Employees
United States – Tampa Bay Times
https://www.cyberscoop.com/tampa-bay-times-ransomware/
Exploit: Ransomware
Tampa Bay Times: Local news organization
 |
Risk to Small Business: 2.111 = Severe: Cybercriminals infected Hanna Andersson’s online store with payment skimming malware that collects customers’ personally identifiable information. The breach impacted customers shopping between September 16 and November 11, 2019. The company only identified the breach after being notified by law enforcement, and the consequences were exacerbated because Hanna Andersson failed to follow PCI standards for payment card encryption and CVV management. As a result, the company will likely face both customer blowback and regulatory scrutiny, neither of which will help the business thrive.
Individual Risk: No personal information was compromised in the breach. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Cybercriminals are frequently turning to ransomware attacks to exploit companies that can’t or won’t protect their critical IT. These attacks are relatively easy to deploy, and, for organizations unprepared to defend themselves, they are uniquely expensive. With today’s threat landscape, it’s critical to regularly assess and update your defense posture to meet the moment.
ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist™, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.
United States – California Healthcare Network
https://portswigger.net/daily-swig/california-healthcare-data-breach-could-impact-nearly-200-000-patients
Exploit: Phishing scam
California Healthcare Network: Hospital and urgent care center operator
|
Risk to Small Business: 1.888 = Severe: Employees fell for a phishing scam that compromised patients’ protected health information (PHI). The company first discovered the breach on June 19, 2019, when it secured accounts by resetting login credentials. However, an additional investigation revealed that patient data was compromised in the breach. The California Healthcare Network is notifying patients of the incident and updating the email security standards, but the real test is certainly still ahead. Healthcare data breaches are the most expensive of any sector, and the company will undoubtedly endure intense regulatory scrutiny because of the sensitive nature of the breach. |
|
Individual Risk: 2.428 = Severe: Hackers had access to patient data contained in employee email accounts. California Health Network declined to provide specific data categories, but healthcare records often include patients’ most sensitive personal data. The access is limited between June 11, 2019 and June 18, 2019, but the information has now been available for more than six months, so those impacted by the breach will want to work quickly to secure their data. The California Healthcare Network is offering free credit monitoring services to all victims. |
Customers Impacted: 199,548
How it Could Affect Your Customers’ Business: Most data breaches begin with a successful phishing scam. Every organization has a responsibility to train its employees in defensive best practices, which is a relative bargain compared to the high cost of a data breach. In doing so, organizations transform a known vulnerability into a valuable asset to their defensive posture.
ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.
Canada – Rogers Communications
https://www.itworldcanada.com/article/rogers-internal-passwords-and-source-code-found-open-on-github/426429
Exploit: Intentional data exposure
Rogers Communications: Telecommunications company
|
Risk to Small Business: 1.777 = Severe: Security researchers found sensitive data from Rogers Communications posted on two public GitHub accounts. The information included application source code, internal usernames, passwords, and the company’s private keys. The data was dumped on the website by a former employee. Although the company claims that the information is outdated and couldn’t lead to a data breach, other specialists note that it could provide cybercriminals with insights into the company’s IT infrastructure. At the very least, it’s a black mark on the company’s data privacy reputation, but that’s unlikely to be the only consequence the company faces. |
|
Individual Risk: 2.285 = Severe: While customer data wasn’t compromised, the incident exposed employee account information. These credentials may no longer be relevant, but employees would be wise to update their passwords and, if possible, enable two-factor authentication. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Employee email accounts are often the gateway for all types of data loss events. Securing this easy avenue into your company’s critical IT can go a long way towards preventing a data breach. Since email credentials are some of the most frequently sought out by cybercriminals, an extra security layer, like two-factor authentication, can ensure that accounts remain secure even if usernames or passwords are compromised.
ID Agent to the Rescue: With PasslyTM, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at: https://www.idagent.com/passly.
Canada – Bird Construction
https://www.infosecurity-magazine.com/news/bird-construction-compromised-in/
Exploit: Ransomware
Bird Construction: Commercial and institutional building construction company
|
Risk to Small Business: 1.888 = Severe: A December ransomware attack has encrypted critical company data. In a statement, Bird Construction noted that the organization continues to function without interruption. However, after the company refused to pay a ransom, cybercriminals began releasing the stolen data online, creating a more expansive and expensive data loss event. The company relies on hundreds of millions of dollars in government contracts, and sensitive government and military information may be included in the breach. The recovery process is bound to be incredibly expensive, and it could have long-term implications for their business model. |
|
Individual Risk: 2.285 = Severe: Cybercriminals have begun publishing employees’ personal data online. The hacking group is slowly releasing the data, perhaps trying to encourage the company to pay up. The specific details of the exposed data remain unclear, but all employees should reset their account credentials and closely monitor their accounts for unusual or suspicious activity. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks are a growing threat for every organization, and cybercriminals appear to be upping the ante. Rather than moving on when companies refuse to pay up, many have begun releasing company data online, increasing the cost and scope of the attack. Therefore, every organization to reassess its defensive posture to account for this burgeoning threat.
ID Agent to the Rescue: Dark Web IDTM monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web.
United Kingdom – Royal Yachting Association
https://www.theregister.co.uk/2020/01/24/royal_yachting_association_data_breach/
Exploit: Unauthorized database access
Royal Yachting Association: Boating organization
|
Risk to Small Business: 1.777 = Severe: Hackers infiltrated the company’s network and downloaded a database containing customers’ personal information. The organization identified the breach on January 17th and hired cybersecurity specialists to investigate the event and secure customer data. To prevent unauthorized account access, the Royal Yachting Association reset all customer passwords. Although the database contains information from several years ago, there are still many ways that bad actors can deploy this information in additional cybercrimes. |
|
Individual Risk: 2.428 = Severe: The data breach compromised members’ personally identifiable information, including names, email addresses, and hashed passwords. No financial data was compromised. Those impacted by the breach should immediately reset their password on any accounts using these login credentials. In addition, they should carefully assess online communications, as this data can be used to craft spear phishing attacks that can dupe unsuspecting recipients into compromising even more personal information. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Data breaches compromising usernames and passwords can have far-reaching consequences for an organization, as this data can be used in many ways to make an already bad situation even worse. Moreover, cybercriminals can come up with many ways to misuse this information, and businesses need tools to stop its spread as soon as possible.
ID Agent to the Rescue: Dark Web ID alerts MSPs when their customers’ employee emails and passwords have been compromised and are for sale to the highest bidder, before a breach occurs. Learn how you can partner up with us here: https://www.idagent.com/dark-web.
Germany – City of Potsdam
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-threatens-to-publish-data-of-automotive-group/
Exploit: Malware attack
City of Potsdam: Local municipality
|
Risk to Small Business: 2 = Severe: A malware attack forced the City of Potsdam to bring its network entirely offline to prevent further expansion and data exfiltration. As a result, government employees cannot send or receive email, and most administrative functions are inaccessible. While emergency services remain unharmed, there will be a significant cost for the government, as worker productivity slows, sales opportunities are missed, and recovery efforts eat away at precious resources.
Individual Risk: No personal information was compromised in the breach. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Data breaches continue to become more expensive, partly because the opportunity costs are so high. In the digital age, cyberattacks can render an organization useless, eroding their bottom line and dampening the future financial outlook. Unfortunately, many organizations can’t sustain that level of financial loss and are forced to close their doors. However, a strong defense posture can ensure that your business is ready to thrive amidst today’s evolving threat landscape.
ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.
United Kingdom – SuperCasino
https://www.technadu.com/supercasino-breached-customer-info-leaked/90769/
Exploit: Unauthorized data access
SuperCasino: Online gambling platform
|
Risk to Small Business: 1.888 = Severe: SuperCasino experienced a data breach that compromised users’ personally identifiable information. While the online gambling outfit identified and investigated the breach, their customer communications were blasé at best, minimizing the potential harm to customers’ data privacy. The company will likely endure intense scrutiny under GDPR and other privacy regulations, which could mean painful penalties alongside other financial implications of the data breach. |
|
Individual Risk: 2.285 = Severe: SuperCasino claims that users’ financial data was not compromised in the event. However, hackers did access users’ names, usernames, email addresses, telephone numbers, residential addresses, and account activity data. SuperCasino is asking all users to reset their passwords and to reset passwords on any platforms that may use duplicate credentials. Victims are at a heightened risk for phishing attacks and other scam messages, so they should carefully scrutinize their online communications. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Protecting against a data breach should be every company’s first priority but deploying an adequate response to an event needs to be a close second. Moreover, as data privacy regulation becomes the new norm, every organization needs to consider the necessary steps to compliance that can prevent a breach or mitigate the consequences after an event occurs. Pre-planning for both of these contingencies can ensure that your organization is ready to thrive in today’s digital environment.
ID Agent to the Rescue: With Compliance Manager, any company can automate data privacy standards and documentation responsibilities, making compliance a simple, intuitive process for everyone. Click the link to get started today: https://www.idagent.com/compliance-manager.
New Zealand – Toll Group
https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=12305031
Exploit: Cyberattack
Toll Group: Transport and logistics company
|
Risk to Small Business: 2.222 = Severe: A cyberattack has forced Toll Group to shut down many of its customer-facing network systems to contain any impact on customers and operations. Although Toll Group is referring to the incident as a “cyberattack,” it’s likely that this episode is the result of a ransomware attack. The company expects that many customer applications will be impacted. The incident underscores that opportunity cost that is increasingly driving up the cost of ransomware attacks. During the outage, it’s unlikely that Toll Group will be able to collect revenue, meaning the event could have a significant impact on its bottom line.
Individual Risk: No personal information was compromised in the breach. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks will likely be one of the most expensive and pervasive cyber risks in 2020. The holistic high costs associated with these breaches should make a robust defense a top priority at every organization. Ultimately, cybercriminals always require an access point to infect a company with ransomware, and closing off common loopholes like phishing scams, outdated software, and compromised credentials can go a long way toward ensuring that your company isn’t the next victim of a ransomware attack.
ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here: https://www.idagent.com/goal-assist.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News:
Recovering From a Ransomware Attack is More Expensive Than Ever
2019 saw a steep rise in the number of ransomware attacks impacting vulnerable organizations. Unfortunately, recovering from these attacks is becoming more expensive than ever. According to a new report, the total recovery cost of a ransomware attack doubled in the last quarter of the year, reaching $84,116.
In some cases, the cost is increasing because cybercriminals demand higher ransoms, but other factors, including hardware replacement, lost revenue, and brand erosion, all contribute to this incredibly high sum.
In addition, the report detailed the latest escalation in ransomware attacks. Cybercriminals are not content with just encrypting data and demanding Bitcoin payments anymore. They are increasingly willing to release company data online, which can provide both a greater incentive for companies to pay the ransomware and add a secondary revenue stream for criminal operations. Taken together, it’s clear that today’s organizations need to reassess their defensive postures as it relates to this escalating threat.
Notably, ransomware always requires an access point and a foothold to encrypt company data. Closing off common loopholes like phishing emails and securing employee accounts with simple, effective tools like two-factor authentication can help ensure that your organization isn’t the next victim of an expensive ransomware attack.
Where in the World is ID Agent:
Feb. 3 – 7 – Phoenix, AZ: ConnectWise Evolve Quarterly
Feb. 5 – London, UK: Kaseya Connect IT Local
Feb. 6 – Austin, TX: Kaseya Connect IT Local
Feb. 12 – 14 – Franklin, TN: Robin Robins Rapid Implementation
Feb. 19 – Tampa, FL: ID Agent Roadshow
Feb. 20 – Raleigh, NC: Kaseya Connect IT Local
Feb. 27 – Virtual: MSP Growth Summit 2020
A Note for Your Customers:
Canada Plans to Update Its Data Privacy Laws
Data privacy regulations are becoming par for the course in today’s dangerous digital landscape. In addition to Europe’s tone-setting General Data Protection Regulation, California’s Consumer Privacy Act and New York’s SHIELD Act bring robust privacy regulation to the US. Now, Canadian authorities are indicating that they are ready to update the country’s data privacy laws as well.
According to the country’s Privacy Commissioner, David Therrien, Canada wants to update its mechanisms for providing support to individuals and accountability for companies. Currently, two federal statutes regulate data privacy in Canada, and when the country updated their requirements in 2018, the number of reported breaches increased six-fold in the following year.
It’s likely that Canada will continue to update its guidelines, specifically in the area of enforcement. By implementing financial penalties for data security, Canada would more closely align its data privacy laws with other prominent regulations. Collectively, it’s clear that digital platforms no longer operate in a veritable Wild West. Instead, companies are going to need to learn how to achieve and demonstrate compliance with multifaceted privacy laws around the world.
https://portswigger.net/daily-swig/canada-plans-revamp-of-its-data-privacy-law
Data Breach Lists by State:
There are a lot of U.S. state agencies that publish lists of reported data breaches in their respective states. We created a chart of published lists and will keep this updated:
| STATE | BREACHES |
| California | 1,806 (2012-present) |
| Delaware | 47 (2018-present) |
| Hawaii | 61 (2007-present) |
| Indiana | 5,207 (2014-present) |
| Iowa | 223 (2011-present) |
| Maine | 2,653 (2010-present) |
| Maryland | 4,487 (2015-present) |
| Massachusetts | 14,298 (2007-present) |
| Montana | 1,695 (2015-present) |
| New Hampshire | 2,786 (2007-present) |
| New Jersey | 152 (2017-present) |
| North Carolina | 6,230 (2005-present) |
| North Dakota | 56 |
| Oregon | 377 (2015-present) |
| South Carolina | 568 |
| Vermont | 536 (2017-2020) |
| Virginia | 3,244 (2012-2018) |
| Washington | 342 (2015-2019) |
| Wisconsin | 166 (2012-2019) |
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!
Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!