The Week in Breach: 09/11/19 - 09/17/19

This week, phishing scams continue to trap employees, weak passwords put company data at risk, and the consequences of a breach are higher for SMBs.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums 
Top Compromise Type: 
Domain
Top Industry:
High-Tech & IT
Top Employee Count:
51 - 100 Employees 


 

United States - Metro Mobility
https://www.kare11.com/article/tech/metro-mobility-data-breach/89-0020c759-f8e4-4056-823d-aa273629c089

Exploit: Phishing attack
Metro Mobility: Shared ride public transportation service for riders with disabilities and health complications
twib-severe Risk to Small Business: 2.111 = Severe: A company employee fell victim to a phishing scam that provided hackers with access to an email account that contained customer data. The breach was discovered on August 14th, and it includes information from rides starting on June 13th. The company issued an apology for the incident, and they are upgrading their email security protocols to prevent this from happening in the future. However, it’s impossible to retroactively secure personal data, and Metro Mobility will certainly incur a significant cost for failing to protect sensitive information in advance.
correct severe gauge

 

Individual Risk: 2.714 = Moderate: Hackers had access to personal information for over a month, which ranged from riders’ names, pickup and drop-off addresses, ride times, and, in some cases, phone numbers. Fortunately, financial data and Social Security information was not accessed in the breach. However, such seemingly innocent information can be used to perpetuate crippling attacks, and those impacted by the breach should be especially careful to monitor their accounts for suspicious or unusual activity.

Customers Impacted: 15,200
How it Could Affect Your Customers’ Business: A data breach has far-reaching consequences for any company, which makes a preventable attack like a phishing scam especially problematic. Protecting customer data means protecting your bottom line, and cybersecurity training is a low-cost initiative to ensure that phishing threats are neutralized before they compromise customer data and put your company at risk.

ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

 

United States - Premier Family Medical
https://healthitsecurity.com/news/320k-patients-impacted-by-premier-family-medical-ransomware-attack

Exploit: Ransomware
Premier Family Medical: Comprehensive family healthcare provider
twib-severe

Risk to Small Business: 2.111 = Severe: A ransomware attack on Premier Family Medical has significantly restricted employees’ access to patient data and company services, halting key business operations. In some cases, the opportunity cost associated with a ransomware attack can be more costly than the actual recovery effort, placing a multifaceted strain on a business’s finances.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: 320,000
How it Could Affect Your Customers’ Business: Ransomware attacks have been on the rise in 2019, often targeting SMBs with limited resources for cybersecurity initiatives. Unfortunately, whether companies pay a ransom or restore operations using other recovery efforts, the implications can lead to lower ROI, or even worse, closed doors. When it comes to protecting your network against a ransomware attack, a strong defensive posture is the only option, and it’s one that every business should consider to be mission-critical in today’s digital environment.

ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

 

United States - Entercom Communications
https://www.cyberscoop.com/entercom-ransomware-attack-radio-hack/

Exploit: Ransomware
Entercom Communications: Broadcasting and radio company based in Bala Cynwyd, Pennsylvania
twib-severe

Risk to Small Business: 2.111 = Severe: Hackers were able to spread ransomware across a company’s network using one company computer. The attack brought down email services, billing networks, and shared drives. While broadcasts continue uninterrupted, employees have been warned not to connect any devices to the company network, and Entercom expects several days of outages before services will be fully restored. Hackers are demanding $500,000 to decrypt the ransomware, but the company is choosing to use cybersecurity services to restore their network instead.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Regardless of the recovery methodology, recovering from a ransomware attack is incredibly expensive. In this case, hackers demanded $500,000 to restore Entercom’s network, a cost that comes without guarantees that bad actors will follow through on their promises. However, restoring a network often carries similar or even higher costs, meaning that there are no good solutions once an attack occurs. In a similar breach early this year, a station estimated that they lost up to $800,000 in revenue in addition to the $500,000 recovery charge. Consequently, it’s clear that every business needs to protect its bottom line by ensuring that its cybersecurity standards align with today’s emerging threat landscape.


ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist™ helps with this mission by offering hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for dark web monitoring. Learn more here: https://www.idagent.com/goal-assist.

 

United Kingdom - Tavistock and Portman NHS Foundation Trust
https://www.theguardian.com/society/2019/sep/06/nhs-gender-identity-clinic-discloses-email-contacts-data-breach

Exploit: Accidental sharing
Tavistock and Portman NHS Foundation Trust: Healthcare provider specializing in gender identity services
twib-severe Risk to Small Business: 2 = Severe: An employee accidentally included the visible email addresses for thousands of clinic visitors, amounting to a significant privacy breach for a particularly sensitive patient group. The incident is classified as a “serious incident” by UK law, and the company will have to report the event to the information commissioner. In total, the provider believes that the breach could cost them millions of pounds in damages, along with intense regulatory scrutiny because of the nature of the breach and the privacy violation that ensued. Moreover, the breach is a deep stain on their reputation that could discourage people from seeking the clinic’s services in the future.
correct severe gauge

 

Individual Risk: 2.857 = Moderate: The data breach exposed patient email addresses that can be linked to identities, which is uniquely troubling given the private nature of the clinic’s offerings. While there is little risk of this information being used to perpetuate cybercrimes, those impacted by the breach could face untold personal repercussions if they are identified.

Customers Impacted: 2,000
How it Could Affect Your Customers’ Business: Valuing your customers requires protecting their information, especially when that data is sensitive and private. Apologies and improvements are the right response, but companies can demonstrate they care by developing and implementing protocols to ensure that accidental sharing and other avoidable cybersecurity threats don’t compromise user data.


ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id.

 

United Kingdom - UNICEF 
https://www.itpro.co.uk/security/34388/unicef-leaks-personal-data-of-8000-users

Exploit: Accidental sharing
UNICEF: International fund providing emergency food and healthcare for children
twib-severe Risk to Small Business: 1.888 = Severe: An employee accidentally sent an email to 20,000 recipients that contained the personal information of more than 8,000 people who enrolled in immunization courses. While the information is contained to those on the mailing list, it can easily be made available to a broad audience. What’s more, it’s impossible to recover the compromised information, underscoring the importance of implementing data security practices before a data breach occurs.
twib-severe Individual Risk: 2.285 = Severe: The personal information exposed in the breach includes names, addresses, duty stations, genders, organizations, names of supervisors, and contact preferences. This data can be used to develop and deliver spear phishing campaigns that trick users into disclosing additional personal details through social engineering. Those impacted by the breach should be on the lookout for suspicious communications and stay vigilant about monitoring their accounts for potential misuse.

Customers Impacted: 8,253
How it Could Affect Your Customers’ Business: Today’s data landscape is undoubtedly dangerous, but insider threats, can be avoided with comprehensive awareness training. When these initiatives are in place, everything from accidental sharing to weak passwords can be identified and avoided resulting in a devastating data breach.


ID Agent to the Rescue: Dark Web ID™ can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web.

 

Australia - Get 
https://amp.theguardian.com/education/2019/sep/10/data-breach-may-affect-50000-australian-university-students-using-get-app

Exploit: Unauthorized database access
Get: Payment service for university societies and clubs
twib-severe Risk to Small Business: 1.777 = Severe: Due to a technical glitch, a platform user was able to access personal information on other accounts. After multiple attempts to contact the company, the users made the report public on Reddit, and Get ultimately responded by updating its network to prevent this access. Previously known as Qnect, the company endured a similar breach in the past and ultimately changed its name after users impacted by the breach were continually exploited with information ransom requests. It’s a reminder that data breaches have cascading consequences for businesses and their customers, and the only way to truly avert these repercussions is to prevent a breach from occurring in the first place.
extreme gauge Individual Risk: 2.142 = Severe Risk: User data was released to the public, including names, email addresses, dates of birth, Facebook IDs, and phone numbers. This information is extremely valuable on the Dark Web, and it can spread quickly, reemerging in other attacks that can further magnify the effects of a breach. Those impacted should enroll in credit and identity monitoring services, while being aware that their data could be misused again in the near future.

Customers Impacted: 50,000
How it Could Affect Your Customers’ Business: Customers and employees are increasingly unwilling to remain loyal to a company that can’t protect people’s personal information. This is especially true for organizations with a demonstrated pattern of carelessness regarding cybersecurity standards. Rather than leaving data security up to chance, every business should proactively defend user data by partnering with the right solutions.


ID Agent to the Rescue: Helping your SMB customers understand the importance of security is critical but complicated. With Goal Assist, we offer hands-on assistance with your direct sales interactions by providing the resources necessary to make a case for dark web monitoring. Learn more here: https://www.idagent.com/goal-assist.

 

New Zealand - New Zealand Transport Agency 
https://www.stuff.co.nz/business/115645154/data-breach-after-lax-nzta-security

Exploit: Unauthorized database access
New Zealand Transport Agency: Government agency overseeing transportation and land policy
twib-severe

Risk to Small Business: 2 = Severe: An API that integrates the New Zealand Transport Agency was left open, providing public access to company databases containing information related to traffic patterns, maintenance contractors, and policing services. The compromised data was available for more than a year, and the agency reported significant spikes in activity during specific periods. Such a blatant database leak is indicative of a lack of oversight that will cost taxpayers money and sharply reduce organizational efficiency.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Customer data isn’t the only thing vulnerable to lax cybersecurity standards. Proprietary information or intellectual property is often targeted by bad actors who can use this data to eliminate a company’s competitive edge or otherwise harm business interests. Data protection at every level is a critical component of doing business in the digital age.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

 

South Africa - Garmin SA 
https://www.bleepingcomputer.com/news/security/garmin-sa-shopping-portal-breach-leads-to-theft-of-payment-data/

Exploit: Malware attack
Garmin SA: Maker and distributor of GPS technology
twib-severe Risk to Small Business: 1.777 = Severe: Malware injected into the Garmin’s South African online store stole customer payment information when they made purchases on the site. Garmin’s online store is currently unavailable as the company works to repair its IT infrastructure after the malware attack. Consequently, the company is missing out on all online sales during the recovery process. At the same time, Garmin will have to work to restore its damaged reputation and to upgrade its cybersecurity standards to ensure that customer information is secure moving forward.
twib-severe Individual Risk: 2.142 = Severe: Hackers stole sensitive payment information, including names, addresses, phone numbers, email addresses, payment card numbers, and CVV codes. This information can be used to commit financial fraud, and it has a comprehensive market on the Dark Web where this information can quickly spread among bad actors. Those impacted by the breach should notify their bank or payment card providers, and they need to actively monitor their accounts for unusual or suspicious activity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Online stores are a critical revenue stream for many companies and compromised online payment details can significantly reduce sales opportunities for years to come. Therefore, protecting these systems should be a top priority for every business with an online store, as studies have shown that companies may not get a chance to demonstrate their efficacy in this regard.

ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for dark web monitoring. Learn more here: https://www.idagent.com/goal-assist.


Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.



In Other News:


Data Breaches Put Small Businesses at Risk 

Data loss events are a huge risk for any company, but the aftermath of a data breach can be especially problematic for SMBs, a recent study by Bank of America Merchant Services concluded. 

The survey, which included 522 small businesses and 409 consumers in the US, questioned consumers and small businesses about the cybersecurity risks underscoring today’s digital environment. In response, one in five SMBs reported a data breach in the past two years, a 17% increase in two years. Moreover, 41% of small businesses endured a data breach that cost the company more than $50,000.

This financial component is especially troubling for SMBs, which don’t have extravagant resources that large corporations can use to hasten their recovery efforts. Making matters worse, 30% of consumers indicated that they would never return to a small business that endured a data breach, a 20% increase year-over-year.

These trends are taking place as SMBs are increasingly moving online. 51% of SMBs run their own websites, and 70% have some form of e-commerce component to their business.

In total, it’s evident that SMBs have every reason to prioritize data security protocols as a foundational element of a successful, sustainable business model.

https://www.techrepublic.com/article/how-data-breaches-are-hurting-small-businesses/



What We’re Listening to:

Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e


A Note for Your Customers:

Brute Force Attacks are the Preferred Method for Spreading Ransomware 

Ransomware attacks are on the rise in 2019, making headlines as they afflict local governments and SMBs with frightening regularity. At the same time, the cost of a ransomware attack is rising precipitously, making these attacks one of the most complicated and feared cybersecurity risks this year. 

However, cybersecurity researchers at F-Secure found that brute force attacks are one of the most prevalent methodologies deployed by hackers, occurring in 31% of ransomware attacks. This approach leverages common or weak passwords to access employee email accounts or company networks where malware can be deployed.

Consequently, companies can reduce their exposure to ransomware threats by ensuring that employees maintain strong, unique passwords for all their accounts. This simple cybersecurity standard is just one best practice that employers can instill in their employees through comprehensive awareness training that can help thwart cyberattacks.

https://www.zdnet.com/article/ransomware-attacks-weak-passwords-are-now-your-biggest-risk/

 


 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to marketing@idagent.com to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!

comments
0