The Week in Breach: 12/11/19 - 12/17/19

This week, hackers gain front door access to company IT infrastructure, ransomware cripples social services, and lax employee password security continues to present severe financial risk.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums 
Top Compromise Type: 
Domain
Top Industry:
Finance & Insurance
Top Employee Count:
101 - 250 Employees 


 

United States - Academy Sports + Outdoors 
https://www.chron.com/business/article/Academy-Sports-notifies-online-customers-of-14887751.php

Exploit: Credential stuffing attack
Academy Sports + Outdoors: Sporting goods retailer
extreme gauge

 

Risk to Small Business: 2 = Severe: Hackers used previously stolen, legitimate login credentials to access customer accounts. The company noticed the breach after unusual activity was detected on certain user logins. In response, Academy Sports + Outdoors is encouraging customers to reset their passwords. Unfortunately, the breach occurred during the busy holiday shopping season, and customers have increasingly shown that they are less willing to engage with platforms that have a track record of cybersecurity lapses. This could harm the company’s sales at a critical time for gaining traction.

twib-severe

 

Individual Risk: 2.428 = Severe: Academy Sports + Outdoors noted that customers’ financial data wasn’t compromised in the breach, but account information, including usernames and passwords, was impacted. Every Academy Sports + Outdoors customer should reset their login credentials while carefully scrutinizing their accounts for suspicious or unusual activity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Customers are fed up with data breaches, and they are taking out their anger on companies that can’t secure their information. Therefore, a data breach is more than just a cyber incident. It’s a collapse in customer service of the highest magnitude, and a priority that retailers looking to succeed in today’s digital environment must immediately address.

ID Agent to the Rescue: Dark Web ID™ monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web.

 

United States - Complete Technology Solutions
https://krebsonsecurity.com/2019/12/ransomware-at-colorado-it-provider-affects-100-dental-offices/

Exploit: Ransomware
Complete Technology Solutions: IT service provider
twib-severe

 

Risk to Small Business: 1.888 = Severe: A ransomware attack on Complete Technology Solutions, an IT service provider for dentistry practices, disrupted operations at more than 100 practices. When a company server was compromised, it allowed hackers to infect client computers with ransomware that disabled network security, data backups, and phone services. The attack began on November 25th and has continued to disrupt services more than two weeks later. Complete Technology Solutions declined to pay a $700,000 ransom to release the information, and decryption keys later provided by the hackers only unlocked some of the affected computers. As a result, the recovery process is incredibly complicated, and it will certainly have long-term repercussions for the company.

Individual Risk: No personal data was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks always extract an expense from their victims, but the opportunity cost and reputational damage associated with a cybersecurity incident can be the most devastating. In this case, Complete Technology Solutions will almost certainly lose customers because of this incident, and their long-term business prospects are likely to be diminished. It underscores the importance of cybersecurity for any company that wants to remain competitive amidst an ominous threat landscape.

ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist™, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.

 

United States - Prison Rehabilitative Industries & Diversified Enterprises 
https://www.bleepingcomputer.com/news/security/ransomware-hits-florida-pride-on-saturday-systems-still-down/

Exploit: Ransomware
Prison Rehabilitative Industries & Diversified Enterprises (PRIDE): Private, non-profit social services organization
extreme gauge

 

Risk to Small Business: 2.111 = Severe: PRIDE was struck by a ransomware attack that crippled its website and brought its services offline. The attack, which first occurred on December 7th, continues to disrupt services nearly a week later. As a non-profit organization, PRIDE will have a difficult time procuring the resources to remove the malware, and the service outages are making it difficult or impossible to fulfill their mission and provide critical services to a client base in need.

Individual Risk: No personal data was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks can feel ominous and inevitable. However, organizations can protect against these common, increasingly expensive malware attacks by ensuring that their IT infrastructure doesn’t provide a foothold for infiltration. For instance, securing employee accounts, guarding against phishing scams, and updating firewall protections can all ensure that ransomware doesn’t compromise your company’s mission or bottom line.


ID Agent to the Rescue: With AuthAnvil, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at: https://www.idagent.com/authanvil-multi-authentication.

 

Canada - Alectra Utilities
https://www.cbc.ca/news/canada/hamilton/alectra-breach-1.5393106

Exploit: Unauthorized data access
Alectra Utilities: Electricity and utility distributor
twib-severe

 

Risk to Small Business: 1.666 = Severe: A data breach at Alectra Utilities compromised customers’ personally identifiable information. The data, which does not include financial information, was gleaned from customers’ water bills that were viewed by hackers. While the company notes that there is no evidence of data misuse, some of its third-party vendors may have had access to customer data without appropriate credentials, making this a near miss for what could have been a widespread data breach.

twib-severe

 

Individual Risk: 2.142 = Severe: Customers’ personal information, including names, addresses, water bill details were compromised in the breach. Alectra Utilities hasn’t identified instances of misuse, but it is encouraging all customers to scrutinize their accounts for unusual activity and ensure that their passwords are not being reused across other platforms.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Today’s businesses can’t afford to leave cybersecurity up to chance. The exposure at Alectra Utilities compromised sensitive data, and their lax cybersecurity standards could have made this incident much worse. Rather than waiting for a doomsday scenario to unfold, assess your cybersecurity vulnerabilities and take precautions to avoid a costly data loss event.


ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

 

Canada - City of Woodstock 
https://www.cbc.ca/news/canada/london/cyber-attack-woodstock-cost-1.5391680

Exploit: Ransomware
City of Woodstock: Local government organization
twib-severe

 

Risk to Small Business: 2.111 = Severe: A ransomware attack on the City of Woodstock has cost the municipality more than $667,000. Although the government declined to pay the ransom, they spent over $560,000 on cybersecurity assistance, $55,000 on overtime compensation for IT staff, and $31,000 on IT infrastructure upgrades. It took the city more than two months to fully recover from the ransomware attack, an extreme duration that underscores the long-term opportunity costs that often accompany a ransomware attack.

Individual Risk: No personal data was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This incident illustrates the fact that there are no affordable or advantageous response plans once a ransomware attack occurs. Instead, every organization needs to regularly review its cybersecurity standards to prevent ransomware from finding its way on networks. This form of malware always requires an access point and phishing scams are a prominent delivery vector, giving companies a tangible place to start for defending against ransomware attacks.


ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

 

United Kingdom - Cheshire West 
https://www.cheshire-live.co.uk/news/chester-cheshire-news/confidential-details-published-error-cheshire-17403564

Exploit: Accidental data exposure
Cheshire West: Local government organization
twib-severe

 

Risk to Small Business: 2.333 = Severe: Cheshire West inadvertently published the personal information of 50 foster caregivers on its website. The error was related to a government best practice standard requiring publication of all transactions over £500. Unfortunately, this oversight undermines a valuable social program, effectively punishing people who are doing important, selfless work.

twib-severe

 

Individual Risk: 2.428 = Severe: The published information included foster caregivers’ surnames and was made available online. In addition, information related to amounts paid for accommodation, mileage, and other expenses was shared. This data could be used by bad actors who are developing authentic-looking phishing campaigns or other scams, so those impacted by the breach should remain vigilant when assessing digital communications.

Customers Impacted: 50
How it Could Affect Your Customers’ Business: While the error was quickly identified and corrected, the event illustrates a harsh reality: companies need to regularly revisit their data management standards and have provisions in place to protect sensitive information. These assessments should certainly include an overview of data management expectations, but they can extend to broader practices such as multi-factor authentication and Dark Web monitoring.


ID Agent to the Rescue: With AuthAnvil, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at: https://www.idagent.com/authanvil-multi-factor-authentication.

 

United Kingdom - Landauer
https://arstechnica.com/tech-policy/2017/03/hackers-steal-nhs-staff-data-landauer-server-breached/

Exploit: Unauthorized database access
Landauer: Radiation monitoring technology provider
extreme gauge

 

Risk to Small Business: 1.888 = Severe: Late last year, Landauer’s UK-based servers were breached by hackers, exposing the personally identifiable information of employees from several of the company’s clients. Notably, the breach impacted hundreds of employees at the National Health Service who use the company’s radiation monitoring technology at many of their healthcare facilities. The delayed reporting time is especially alarming given that the company waited almost a near before publicly reporting the breach. Not only will industry regulators likely take issue with this timeline, customers are already expressing their displeasure to news outlets, construing the breach as “deeply disappointing.” Surely, the company has a long road to reputational recovery ahead.

twib-severe

 

Individual Risk: 2.285 = Severe: Fortunately, the data breach did not include patient data, but it did compromise employee information, including their names, dates of birth, National Insurance Numbers, and radiation dose records. Since this information can be used in spear phishing or other cyber attacks, those impacted by the breach should be especially critical of communications across all their digital channels.

Customers Impacted: 530
How it Could Affect Your Customers’ Business: With customers and companies increasingly demonstrating an unwillingness to work with businesses that can’t protect data, a robust response plan is a must-have element to any cybersecurity strategy. A quick response and clear communication can go a long way toward rebuilding trust and beginning the often tedious journey toward full restoration. In contrast, lengthy response times and opaque messaging are a turnoff to consumers, and they compound the damage of any data breach.

ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here: https://www.idagent.com/goal-assist.

 

Australia - Woolworths 
https://www.dailymail.co.uk/news/article-7778897/Woolworths-Rewards-customers-lose-points-phishing-scam.html

Exploit: Phishing scam
Woolworths: Supermarket chain
twib-severe

 

Risk to Small Business: 2.111 = Severe: A Woolworths’ employee fell for a phishing scam that ultimately compromised customer login credentials to the company’s customer rewards system. Hackers repurposed this information to access user accounts using valid credentials and then siphoned off rewards money. Now, just weeks before Christmas, Woolworths is scrambling to identify compromised accounts and to rectify the situation with their customers, many of whom are taking to social media to complain about the missing funds. A data breach during the holidays can amplify customer blowback, which can have long-term reputational damage that negatively impacts the bottom line for years to come.

twib-severe

 

Individual Risk: 2.285 = Severe: Woolworths emphasized that this data breach is not a widespread episode, but an undisclosed number of accounts were compromised. While it appears that hackers used this access to steal rewards money, user credentials could also be compromised. Anyone identifying suspicious account activity should immediately report it to the company. In addition, they should be aware that personal details are often redeployed in other cybercrimes, like phishing attacks, that can compromise additional data. Therefore, continued vigilance is advised.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Phishing scams are arriving in employees’ inboxes with regularity, and when acted upon, have the potential to wreak havoc on your company’s data. Not only does failure in this regard come with an immense cost, but the less quantifiable reputational damages and brand erosion invite an inevitable drag on future growth. In that sense, employee awareness training, which can equip employees to detect and report these scams, is a relative bargain compared to the total cost of a data breach.

ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.


Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.



In Other News:


Third-Party Breaches Present a Serious Risk 

While everyone is well aware of the comprehensive threat landscape facing today’s companies, many forget that this threat is amplified when third-party partnerships are involved. As this week’s newsletter reminds us, these often necessary associations can place your company’s data at risk in a major way, and it’s a risk factor that every business should consider when exploring new collaborative opportunities. 

For instance, many vendors are so overwhelmed by data breaches that they struggle to bring their services back online, if they survive at all. In either case, your company’s data may not be their top priority, which puts your business at risk.

Naturally, third-parties have a vested interest in pursuing what’s best for themselves, an inherent liability that every business should evaluate when making decisions. In today’s regulatory environment, organizations face intense scrutiny when a data breach occurs, even if it doesn’t originate at your company. That threat should give every company working with third parties a reason to carefully consider cybersecurity implications before signing the contract.

https://securityboulevard.com/2019/12/the-hidden-cost-of-a-third-party-data-breach/



What We’re Listening to:

Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e


A Note for Your Customers:

Too Many Employees Don’t Change Their Passwords 

Data breaches are a constant threat for any company, and a new survey by YouGov research found that many employees aren’t taking even the most basic steps to secure their accounts. According to the survey, which was specific to Ireland but likely represents a globally commonplace approach to password security, 39% of employees haven’t updated their passwords in more than a year. In part, the study found that convenience is a significant factor when determining standards, as many respondents expressed annoyances with security features like Captcha random image or one-time passcodes sent via text or email. 

However, with the number of compromised email accounts growing every day, strong password standards coupled with additional security features like two-factor authentication can significantly decrease the risk of a data breach. It’s an obvious and proactive step that everyone can take to protect their personal and professional data from falling into the wrong hands.

https://www.independent.ie/business/technology/almost-two-in-five-irish-people-dont-change-online-passwords-and-are-vulnerable-to-being-hacked-poll-38752329.html

 


 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to marketing@idagent.com to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!

comments
0