The Week in Breach: 09/23/18 – 09/29/18

Breach news to share with your customers!

This week Medical Data is on our minds, due to a new study on the healthcare industry and cyber security. Facebook and the United Nations were also breached this week, and both were very large datasets, impacting tens of millions of people.

Dark Web ID Weekly Trends:

  • Total Compromises: 861
  • Top Source Hits: ID Theft Forum
  • Top PIIs compromised: Domains
    • Clear Text Passwords: 501
  • Top Company Size: 11-50
  • Top Industry: High-Tech & IT

United States - Facebook

https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html

Exploit: Web vulnerability.
Facebook: Facebook is a social media platform that is one of the Internet’s most popular websites.
Risk to Small Business: 2.333 = Severe: The loss of trust any organization would feel after a breach of this magnitude would greatly harm the organization’s ability to retain or obtain customers.
Individual Risk: 2.571 = Moderate: The data accessed puts those affected by this breach at an increased risk for identity theft, spam and targeted phishing campaigns.
Customers Impacted: 50 million.

How it Could Affect Your Customer’s Business: Facebook being such a large and widely-used social media platform means that it has data on a large amount of the population that uses the Internet. If employees post information to this site, they could now be open to targeted phishing campaigns and spam.

ID Agent to the Rescue: Spotlight ID™ by ID Agent offers comprehensive identity monitoring that also includes social media monitoring. Learn more: https://www.idagent.com/identity-monitoring-programs

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – Aspire Health

https://www.usatoday.com/story/money/nation-now/2018/09/26/aspire-health-hacked-phishing-scheme-patient-health-data/1430262002/

Exploit: Compromised email account hacked through a phishing scheme.
Aspire Health: According to Aspire health website, “Aspire Health specializes in providing an extra layer of support and relief from stress, pain and symptoms to patients facing a serious illness.”
Risk to Small Business: 2.333 = Severe: The risk to small business is severe due to medical data as well as confidential information being accessed.
Individual Risk: 2.571 = Moderate: The data accessed puts those affected by this breach at an increased risk for identity theft.
Customers Impacted: This information has not been released as the investigation is ongoing.

How it Could Affect Your Customer’s Business: Breaches that involve medical data can have serious long-lasting effects on the reputation of a business, due to the sensitive nature of the data.

ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United Nations

https://cyware.com/news/united-nation-wordpress-site-publicly-exposes-thousands-of-resumes-2f2a8cf1

Exploit: WordPress Vulnerability.
United Nation: An intergovernmental organization tasked to promote international cooperation and to create and maintain international order.
Risk to Small Business: 2.333 = Severe: While the United Nations is unlikely to see any repercussions for this breach, a small business would face serious PR consequences if they experienced a breach such as this.
Individual Risk: 2.714 = Moderate Risk: Resumes contain a significant amount of personal information and job history, which can be used for spear phishing attacks and identity theft.
Customers Impacted: Resumes that have been submitted to the UN since 2016.

How it Could Affect Your Customer’s Business:  The exposure of resumes for 2 years would deal a serious blow to an organization of any size: the amount of time the data was exposed, and the type of data included in resumes makes this breach score severe on our risk score scale.

ID Agent to the Rescue:  Spotlight ID by ID Agent offers comprehensive identity monitoring that would help if one's resume information was accessed. Learn more: https://www.idagent.com/identity-monitoring-programs

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:

No Fly Zone 
The Dark Web is known to have all things illegal for sale, from medical information to illicit drugs. A new trend has been discovered by researchers where frequent flyer miles are being sold for significantly less than what legitimate buyers would pay. The average rate that a batch of frequent flyer miles sells for is $31, although the price depends on the airline and number of miles.
https://www.hackread.com/stolen-frequent-flyer-miles-of-top-airlines-sold-on-dark-web/

Podcasts:
Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show!


 A note for your customers:
The Cost of Healthcare on The Dark Web.
We all know that compromised health records and other medical information is highly valuable and sought after on the Dark Web. A new study by JAMA helps us conceptualize the volume of medical information for sale, and how much your health records go for on the Dark Web. 

The annual data breach tally has increased every year since 2010 (except for 2015). The median number of records accessed per breach: 2,300. The mean number of records accessed per breach: 84,456. With patient records selling on the Dark Web for $300 - $500, hackers could make close to $700,000 ($690,000) by breaching an organization that stores medical information.

Who in the healthcare sector was hit the hardest?

  • Healthcare providers: 1,503 data breaches or 37.1 million records
  • Health plans: 278 data breaches or 110.4 million records

Be careful where you allow your medical records to be stored!
https://www.hcanews.com/news/yes-healthcares-data-breach-problem-really-is-that-bad


Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to marketing@idagent.com to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today! 

comments
0