Please fill in the form below to subscribe to our blog

The Week in Breach: 02/24/19 – 03/04/19

March 07, 2019

This week, Topps gets form-jacked, Canadian government employee is robbed of patient data, UK adoption service accidentally leaks sensitive information, and records in New Zealand are “blown away.”

Dark Web ID Trends:

Top Source Hits: ID Theft Forums (99%) 
Top Compromise Type: 
Domain (99%)
Top Industry: 
Construction and Engineering
Top Employee Count: 
11 – 50 Employees 



United States – Topps
https://www.beckett.com/news/topps-website-attacked-for-a-second-time/

Exploit: Form-jacking attack
Topps: Sports trading card and collectible company

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.666 = Severe: After initially discovering unauthorized access in December and investigating, the company confirmed that customers who had placed orders from November through January may have been compromised. Payment card details including credit/debit card numbers, card expiration dates, and security codes were breached. This is the second breach suffered by the company in recent years, which may compound customer churn and security costs.
1.51 – 2.49 = Severe Risk Individual Risk: 2.428 = Severe: Personal information such as customer names, mailing addresses, telephone numbers, and email addresses were also exposed during the attack. Users are being asked to review their payment card statements and stay alert for possible identity theft.

Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: Form-jacking attacks are being deployed by hackers at an unprecedented rate, with a targeted focus towards online retailers. Once customer data is skimmed from an e-commerce site using malicious code, it can be sold on the Dark Web for profit or used to carry out various forms of cyber fraud. Even worse, such attacks can go unnoticed for long periods of time, causing more damage to both companies and their customers.

ID Agent to the Rescue:  Dark Web ID™ can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – St. Francis Physician Services
https://www.wspa.com/news/st-francis-physicians-services-notifies-patients-of-data-breach/1821354482

Exploit: Unauthorized access of electronic health record system
St. Francis Physician Services: Health system based in South Carolina

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.888 = Severe: On January 4th, it was discovered that an unauthorized individual gained access to systems of Milestone Family Medicine, a medical practice in Greenville. The SFPS health system previously employed the physicians that worked at Milestone Family Medicine, leading the larger organization to launch an investigation. While there is currently no indication of information misuse, letters have been sent to patients alerting them of the breach.
1.51 – 2.49 = Severe Risk Individual Risk: 2.142 = Severe: Patient health information including names, dates of birth, social security numbers, addresses, health insurance company details, and more were exposed. The company is offering credit monitoring and identity protection services to those whose social security numbers were included in the breach.

Customers Impacted: To be disclosed 
How it Could Affect Your Customers’ BusinessIn this scenario, SFPS was obligated to disclose the data breach even though Milestone Family Medicine was no longer a part of its network. Small businesses should be educated on data breach notification requirements that are becoming increasingly stringent. To avoid similar situations from arising, companies must shield themselves from third party or employee-related breaches..

ID Agent to the Rescue: Dark Web ID combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor customer data. Find out how you can work with us here: https://www.idagent.com/dark-web/

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Canada – Samsung Canada
https://mobilesyrup.com/2019/02/26/glentel-samsung-canada-breach-customers-data/

Exploit: Third-party employee breach
Samsung Canada: Canadian arm of the Samsung Electronics company

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.777 = Severe: On November 29th, 2018, an intruder gained account credentials for a Glentel employee and was able to view personal details of shoppers on the Samsung Canada online store. Glentel is the independent wireless retailer that operates the Samsung website, and was able to address the vulnerability within the same day. The company was forced to disclose the breach to its customers but has offered assurances that no financial information was exposed.
1.51 – 2.49 = Severe Risk Individual Risk: 2.428 = Severe: Names, addresses, emails, phone numbers, and product purchase details were compromised. However, only customers that were making purchases during the time of exposure would have been affected.

Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: Disguising or diminishing the consequences of a data breach can be detrimental for any organization. A customer openly spoke out against the data breach notification on Twitter, sarcastically noting that “only my address, phone number, email was accessed… Thanks Samsung Canada”. In the event of a breach, it is important to communicate effectively with customers in order to restore trust and get back to business.

ID Agent to the Rescue: Dark Web ID can help you proactively monitor if customer data is being leaked on the Dark Web without interrupting business processes. See how you can benefit here:  https://www.idagent.com/dark-web/

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Canada – NWT Department of Health and Social Services
https://www.cbc.ca/news/canada/north/stolen-laptop-nwt-security-details-ottawa-1.5024775

Exploit: Theft of government employee laptop
NWT Department of Health and Social Services: Health department for the Northwest Territories of Canada

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.666 = SevereOn May 9th, 2018, an intruder broke into a car and stole a government employee’s laptop, resulting in a severe privacy breach. It is estimated that the device contained information on up to 40,000 Canadian citizens, and included sensitive health information. Officials are citing inadequate privacy training as the core issue, since managers are instructed to delete sensitive data immediately after using them. The department will now be required to conduct a list of privacy initiatives by 2020, resulting in expensive investments measured in time and money.
1.51 – 2.49 = Severe Risk Individual Risk: 2.428 = Severe: Although less than half of those affected were only identified by health card numbers, the remaining 53% could be at risk since their names, dates of birth, health card numbers, and diagnoses were stored on the exposed laptop. Such sensitive data can be sold on the Dark Web to the highest bidder or leveraged for harmful identity theft.

Customers Impacted: 40,000 Canadian residents
How it Could Affect Your Customers’ Business: Employees are identified as agents, or extensions, of the company they work for. When news breaks that an employee is responsible for a data compromise, the entire organization is put under a microscope. Businesses must ensure that their workforce acts as custodians of customer data, and this can be accomplished through privacy training and proper vetting
.

ID Agent to the Rescue: Dark Web ID allows MSPs to deliver actionable stolen credential data for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/dark-web/.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United Kingdom – Kent County Council
https://www.bbc.com/news/uk-england-kent-47390022

Exploit: Human error
Kent County Council: Adoption service for the British county of Kent

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.888 = Severe: Contact details for hundreds of adoptive parents was disclosed in an accidental council email. A member of staff copied a mailing list into the carbon copy (CC) section instead of the blind carbon copy (BCC) area, exposing the sensitive information. The council is currently investigating if the breach needs to be reported to the ICO, and if any fines will surface.
2.5 – 3 = Moderate Risk Individual Risk: 2.714 = Moderate: The exposure of personal information for adoptive parents and support workers has serious implications, with the potential to affect birth families and vulnerable children.

Customers Impacted: Approximately 300
How it Could Affect Your Customers’ Business:  Even innocent breaches come with significant repercussions. An honest mistake can spawn expensive fines and customer churn, and businesses should pay attention. By installing thresholds that protect employees from compromising sensitive data, security teams can save a company’s reputation and customer base.

ID Agent to the Rescue: Dark Web ID can monitor the Dark Web and find out if your customers’ data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

India – University of Madras
https://www.deccanchronicle.com/nation/current-affairs/260219/madras-university-comes-under-ransomware-attack.html

Exploit: Ransomware attack
University of Madras: Public state university in Chennai 

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.777 = Severe: Last week, the university database faced a ransomware attack in which a hacker encrypted all information and demanded a ransom of 1.8M Rupees (~25K USD). However, the university was able to sidestep the attack entirely by having back-up data stored on a system that was outside of its network. Nevertheless, the institution will do a security audit and augment their existing measures.
2.5 – 3 = Moderate Risk Individual Risk: 2.522 = Moderate: Since the server was not hacked directly and only compromised by malware, none of the data was copied and is still completely secure.

Customers Impacted: None
How it Could Affect Your Customers’ Business: Such an incident is a perfect example of best practice in the event of a ransomware attack. When an organization is able to store backup data on a server that is outside of its network’s scope, it can quickly avert a hacker’s malware attack. Along with leaving a hacker powerless and less likely to attack again, such an event engenders trust between a business and its customers.

ID Agent to the RescueFind out why the largest private and public sector organizations globally rely on Dark Web ID to provide actionable stolen credential data and make informed decisions here: https://www.idagent.com/dark-web/.

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Australia – Melbourne Heart Group
https://securityboulevard.com/2019/02/ransomware-attack-encrypts-medical-records-at-australian-hospital/

Exploit: Ransomware attack
Melbourne Heart Group: Cardiology unit of Cabrini Hospital in Malvern

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.333 = Severe: After infiltrating medical records of 15,000 patients at Cabrini Hospital, hackers demanded a cryptocurrency ransom to regain access. 3 weeks later, the Melbourne Heart Group issued a notice that the breach was resolved and patient privacy was not compromised. However, some believe that the organization ended up paying the ransom, and the data may have been inappropriately accessed by hackers.
2.5 – 3 = Moderate Risk Individual Risk: 2.512 = ModerateIf hackers were able to gain access to the data, they would be able to sell patient health information on the Dark Web or orchestrate large-scale identity theft. What makes matters worse is that the investigation has not yet uncovered the culprits or motives behind the attack. In summary, this can pose moderately high risk to the patients affected

Customers Impacted: 15,000 records
How it Could Affect Your Customers’ Business: Ransomware attacks can bring crucial systems down for multiple weeks at a time, interrupting business processes and eliminating control. Without a detection tool to monitor for loss in customer or employee data, companies are left speculating the severity of consequences.

ID Agent to the Rescue:  Dark Web ID combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor customer data. Learn how you can partner with us here: https://www.idagent.com/dark-web/

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

New Zealand – West Coast District Health Board
https://www.forbes.com/sites/leemathews/2019/02/28/even-the-wind-is-causing-data-breaches-now/amp

Exploit: Exposure of printed records
West Coast District Health Board: Health board based in New Zealand

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.111 = Severe: An employee is under investigation after misplacing hundreds of patient records printed on pages, which were reportedly “blown away in a gust of wind”. Only 40 pages were lost, but 300 individuals may have been affected. Although the situation has been mostly contained, journalists from around the world are citing the incident as an example of safeguarding offline data.
1.51 – 2.49 = Severe Risk Individual Risk: 2.428 = SevereOf the 40 pages that were lost, 6 have been recovered. However, the remaining records, which could amount to as many as 300, contained both names and health card numbers. Overall risk for patients is relatively low, but such data could become harmful if placed in the wrong hands.

Customers Impacted: Up to 300
How it Could Affect Your Customers’ BusinessOnce offline data is compromised, it can be difficult to understand how or when it is being used. Without a digital trace, internal security teams are left wondering whether or not a breach will occur. However, employing a detection tool that constantly monitors leaked customer data can give peace of mind to employees and customers.

ID Agent to the Rescue:  Find out why the largest private and public sector organizations globally rely on Dark Web ID to provide actionable stolen credential data and make informed decisions here: https://www.idagent.com/dark-web/

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:

How American companies can benefit from a global perspective

There’s a reason why we cover breaches from countries around the globe. Over the last few years, cybercrime has exploded into an international phenomenon, leaving no continent unturned. By examining how the cybersecurity measures of other countries, the US can borrow pages from their playbooks and predict the future. Here are a few thought starters inspired by China, India, Brazil, and the UK:

1. Improve authentication

Internal control measures are becoming a topic of discussion, given the climate of employee-related data scandals in recent years. By building in reporting systems that have fail-safes and multi-factor authentication, companies can stop fraud in its tracks.

2. ID proofing

Establishing added trust in a credential such as a mobile ID can go a long way in protecting consumers from identity theft. By authenticating devices and users and understanding common fraud patterns, companies can take their security to the next level.

3. Validation certificates

Image-based phishing is growing increasingly sophisticated and effective against consumers, and it’s up to businesses to help them navigate safely. By implementing secure browser certificates, users can feel reassured that they are logging into a trusted source while distinguishing your brand from the fraudsters.

https://www.techzone360.com/topics/techzone/articles/2019/02/26/441382-why-american-companies-need-global-perspective-fraud.htm


What We’re Listening To:

Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e


A note for your customers:

UK consumers most likely to jump ship on breached businesses

According to a recent study from PCI Pal, 41% of British consumers said that they would stop spending with a business or brand forever in the event of a breach. This compares to just 21% in the US.

The divergence in attitudes continues in their views of small businesses vs national companies. Over half of UK respondents felt that they could trust a local store with their data more than a national chain. On the other hand, only 47% in the US felt that they could trust a local business more than a national company, citing adherence to security protocols (28%) and cybersecurity investments (25%) as main reasons.

Public perceptions carry significant influence on the business landscape, and companies must build a reputation for security in order to win their customers’ hearts. As the world becomes increasingly cyber vigilant, consumers will start to think twice before placing their data in the wrong hands.

https://www.scmagazine.com/home/security-news/data-breach/uk-consumers-more-likely-to-abandon-a-breached-company/


 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!