Ransomware sails a major shipping company into trouble, Microsoft makes a rare flub, Luxottica fails to see a threat, malicious insiders shop for data at Shopify, details about our sponsorship of REBOUND from SKOUT, and a sneak peek at our first product update event!
Dark Web ID’s Top Threats
- Top Source Hits: ID Theft Forum
- Top Compromise Type: Domain
- Top Industry: Education & Research
- Top Employee Count: 1 – 10
The Week in Breach – United States
United States – Arbiter Sports
https://www.techtimes.com/articles/252742/20200922/hacker-breached-540-000-referees-league-officials-and-school-representatives-for-ransom-and-won.htm
Exploit: Ransomware
Arbiter Sports: Sports Software and Services Provider
Risk to Business: 1.301 = Extreme
Arbiter Sports, a software provider for many athletic associations including the NCAA (National Collegiate Athletic Association) experienced a ransomware attack that led to significant data loss. The shifting story ultimately crystallized into the company paying the ransom to have data freed from what it classifies as a backup server containing a database of more than 540,000 540,000 of its registered members — consisting of referees, league officials, and school representatives. The data was from several applications and records including ArbiterOne, ArbiterGame, and even ArbiterWorks.
Individual Risk: 1.816 = Severe
Arbiter Sports said the backups contained sensitive information about users who registered on these web apps, such as account usernames, passwords, real names, addresses, dates of birth, email addresses, and Social Security numbers. Social Security numbers and passwords were encrypted. The company paid the ransom, but the data could have still been copied. Users should be aware of the potential for identity theft or spear phishing using this information.
Customers Impacted: 540,000+
How it Could Affect Your Customers’ Business: Ransomware is every company’s worst nightmare. Even when a company pays the ransom, there’s no guarantee that the encrypted data wasn’t copied or resold before it was released by the cybercriminals.
ID Agent to the Rescue: If you’ve been hit with ransomware, it probably started as a phishing attack. You need Graphus, the powerful automatic phishing defender that evolves with your business. LEARN MORE>>
United States – IPG Photonics
https://www.bleepingcomputer.com/news/security/leading-us-laser-developer-ipg-photonics-hit-with-ransomware/
Exploit: Ransomware
IP Photonics: Laser Developer
Risk to Business: 2.305 = Severe
Defense contractor and laser developer IP Photonics was hit with a nasty ransomware attack using the RansomExx strain of ransomware, sometimes also dubbed Ransom X. IPG Photonics IT operations were affected worldwide, including internal IT, phones, manufacturing, parts, and shipping.
Individual Risk: No individual information was reported as compromised in this incident
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Manufacturers that get shut down from ransomware don’t just lose data – they also lose production time, fulfillment capability, access to maintenance or operations technology, and other business essentials that can be hard to quantify yet devastating.
ID Agent to the Rescue: BullPhish ID helps companies fight back against ransomware and other phishing-related attacks with easy to deploy phishing resistance training featuring “set it and forget it” campaign management and plug-and-play training kits. LEARN MORE>>
United States – Microsoft
https://www.zdnet.com/article/microsoft-secures-backend-server-that-leaked-bing-data/
Exploit: Unsecured Database
Microsoft: Technology Conglomerate
Risk to Business: 2.781 = Moderate
In a rare security blunder, Microsoft failed to secure a backend server for Bing. The server is estimated to have leaked more than 6.5TB of log files containing 13 billion records originating from the Bing search engine. The leak included the server exposed technical details, such as search queries, details about the user’s system (device, OS, browser, etc.), geo-location details (where available), and various tokens, hashes, and coupon codes.
Individual Risk: No individual data is believed to have been impacted in this breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Elementary security failures are embarrassing, and may lead your company’s customers to take their business elsewhere because if you’re forgetting the basics, how are you handling the more serious stuff?
ID Agent to the Rescue: Make sure that staffers are dotting the Is and crossing the Ts when it comes to basic security best practices with security awareness training from ID Agent, including phishing resistance with BullPhish ID LEARN MORE>>
United States – Town Sports International
https://securityboulevard.com/2020/09/town-sports-international-data-breach-exposed-personal-information-of-600000-members/
Exploit: Unsecured Database
Town Sports International: Sports Club Operator
Risk to Business: 1.753 = Severe
Cybersecurity researchers discovered an unsecured database owned by Town Sports International that was unprotected for nearly one year, leaving room for unauthorized individuals to browse and steal customer information. The Amazon S3 bucket contained full names, addresses, contact information, credit card last 4 digits and expiry dates, billing histories, and other sensitive information for 60,000 members of health clubs along the East Coast, including clubs in Boston and New York. Employee records were also stored in this database, and their personal information was also likely exposed.
Individual Risk: 1.601 = Severe
This database was left wide open for at least a year, giving cybercriminals and databrokers ample time to harvest it for fuel to empower phishing attacks, identity theft, and other cybercrime.
Customers Impacted: 600,000
How it Could Affect Your Customers’ Business: Minor security errors happen, but colossal blunders like this speak to a culture of sloppy security and lack of regard for data privacy across an organization.
ID Agent to the Rescue: Password reuse is an epidemic, and incidents like this are how huge lists of passwords end up on the Dark Web. Make sure yours aren’t there with 24/7/365 Dark Web monitoring. LEARN MORE>>
United States – Universal Health Services
https://www.bleepingcomputer.com/news/security/uhs-hospitals-hit-by-reported-country-wide-ryuk-ransomware-attack/
Exploit: Ransomware
Universal Health Services: Healthcare System Operator
Risk to Business: 1.442 = Extreme
Ryuk Ransomware did massive damage at Universal Health Services (UHS), resulting in damage that left UHS hospitals in the US including those from California, Florida, Texas, Arizona, and Washington D.C. without access to computers and phone systems. The healthcare giant operates over 400 healthcare facilities in the US and the UK, has more than 90,000 employees, and provides healthcare to approximately 3.5 million patients each year. The affected systems are still not fully restored, but patient care impacts are reported as minimal.
Individual Risk: No personal data has been reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a devastating weapon that bad actors are using to shut down essential services – and attacks are escalating.
ID Agent to the Rescue: Ransomware typically arrives with a phishing email. Automate your company’s defense against phishing with Graphus to put three layers of protection between a phishing email and your data fast. SEE HOW IT WORKS>>
United States – Tyler Technologies
https://dfw.cbslocal.com/2020/09/23/texas-company-software-local-governments-schools-data-breach/
Exploit: Ransomware
Tyler Technologies – Public and Defense Sector Software Provider
Risk to Business: 1.779 = Severe
North Texas company Tyler Technologies, provider of software services for everything from jail and court management systems to payroll, human resources, tax, and bill collection and land records, experienced a devastating ransomware attack. The company says that the impact of the incident is limited to internal corporate network and phone systems and that there has been no impact on hosted client environments, including its election results reporting software, although some clients are reporting escalating login problems since the attack.
Individual Risk: No personal data was reported as part of this incident.
How it Could Affect Your Customers’ Business: An event like this at a technology provider is not a good look, especially for a contractor that handles both defense sector jobs and election reporting software.
ID Agent to the Rescue: Security awareness training with cutting-edge solutions like BullPhish ID reduces a company’s chance of suffering a cybersecurity incident by up to 70%. SEE BULLPHISH ID IN ACTION>>
The Week in Breach – Canada
Canada – Shopify
https://www.reuters.com/article/us-shopify-cyber/shopify-says-customer-data-likely-exposed-as-employees-accessed-records-idUSKCN26D36J
Exploit: Malicious Insider
Shopify: e -Commerce Platform
Risk to Business: 2.314 = Severe
The data of customers for an estimated 200 merchants on Shopify was exposed in an insider incident at the e-commerce giant. Two employees who were working a scheme to steal transaction data are to blame. The data exposed includes client details like email, name, and street address, as well as order details, but does not involve complete payment card numbers or financial information. The company hosts over one million businesses across more than 175 countries on its platform.
Individual Risk: 2.603 = Moderate
The rogue staffers were only able to expose a small amount of information from a few businesses. Merchants on the platform are being informed by Shopify as the investigation continues. Users who think they may be at risk should be alert for spear phishing attempts.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The economy in the rest of the world may be challenged, but the Dark Web data markets are thriving, and staffers who need a little extra cash can be tempted to expose company data, sell their logins, or dip their feet into the cybercrime as-a-service market.
ID Agent to the Rescue: Are your staffers selling their credentials on the Dark Web – or even worse, your customers’ credentials? Find out fast with human and machine powered always on credential monitoring from Dark Web ID. SEE DARK WEB ID IN ACTION>>
The Week in Breach – United Kingdom & European Union
France – CMA CGM
https://gcaptain.com/shipping-giant-cma-cgm-hit-by-cyber-attack/
Exploit: Ransomware
CMA CGM: Maritime Shipping and Logistics
Risk to Business: 1.702 = Severe
Ragnar Locker ransomware sailed into the systems of French cargo giant CMA CGM, leaving havoc in its wake. The company’s website and external access to all applications was taken offline. This is the latest in a series of attacks against logistics targets, including major shipping and trucking companies. No ransom has been named in the attack, and CMA CGMis still experiencing outages.
Individual Risk: No personal information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The number one cause of ransomware flooding your systems is a phishing email. Increasing security awareness training including phishing resistance training with BullPhish ID can prevent these types of cybersecurity disasters.
ID Agent to the Rescue: BullPhish ID makes your staffers more wary of suspicious messages. Combine that increased awareness with Graphus’ Phish 911 a feature that enables employees to report dodgy messages to give phishing a knockout blow. SEE OUR SOLUTIONS IN ACTION>>
Italy- Luxottica
https://www.insurancebusinessmag.com/asia/news/cyber/eyewear-giant-gets-blindsided-by-cyberattack-234390.aspx
Exploit: Ransomware
University Hospital Dusseldorf: Healthcare Provider
Risk to Business: 1.752 = Severe
Ransomware definitely blindsided Italian eyewear giant Luxottica, producer of popular brands including Ray-Ban, Oakley, Armani, Bulgari, Chanel, Prada, Ferrari, Giorgio Armani, Michael Kors, Burberry, Versace, Dolce and Gabbana, Miu Miu, and Tory Burch. The company’s brand websites and service provider websites for Ray-Ban, EyeMed, Pearle Vision, and Sunglass Hut went down after a ransomware attack disrupted operations worldwide. Investigation and restoration is ongoing.
Individual Risk: No individual information has been reported as compromised in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware can shut an organization down entirely, and these days bad actors are just as interested in disrupting business and manufacturing operations as stealing data.
ID Agent to the Rescue: Add 3 layers of protection against email threats like ransomware that can devastate your business with Graphus, the automated phishing guardian that’s on duty 24/7/365. LEARN MORE>>
Poland – BrandBQ
https://www.infosecurity-magazine.com/news/fashion-retailer-brandbq-seven/
Exploit: Unsecured Database
BrandBQ – Fashion Retailer
Risk to Business: 1.667 = Severe
An unsecured Elasticsearch database spelled trouble for Krakow-based fashion retailer BrandBQ. Security researchers uncovered the unencrypted Elasticsearch server on June 28 and BrandBQ finally secured it around a month later, but not before records for millions of clients were exposed. Observers reported one billion entries in the exposed database including 6.7 million records related to online customers, with each entry featuring personally identifiable information (PII) including full names, email and home addresses, dates of birth, phone numbers, and payment records (although not card details). Also available on the server were 50,000 records relating to local contractors in certain jurisdictions including VAT numbers and purchase information
Individual Risk: 2.863 = Severe
Information contained in this database sat unguarded and available to cybercriminals for at least a month. Clients of BrandBQ or any of its retail stores including online stores and operations in Poland, Romania, Hungary, Bulgaria, Slovakia, Ukraine, and the Czech Republic should be wary of spear phishing attempts using this data.
Customers Impacted: 7,000,000
How it Could Affect Your Customers’ Business: An exposed database of this magnitude is shocking, and it definitely indicates that your company isn’t following cybersecurity best practices like securing sensitive customer data with multifactor authentication.
ID Agent to the Rescue: Put Passly to work for you. This secure identity and access management solution includes all of the features that your business needs, like multifactor authentication and shared secured password vaults at a price that you’ll love. LEARN MORE>>
The Week in Breach – Australia & New Zealand
Australia – Trading Reference Australia
https://www.theguardian.com/australia-news/2020/sep/22/potential-data-breach-at-top-tenancy-blacklist-firm-trading-reference-australia-under-investigation
Exploit: Unauthorized Database Access
Trading References Australia: Digital Real Estate Services
Risk to Business: 2.077 = Severe
The Office of the Australian Information Commissioner is investigating a data breach at the keeper of one of Australia’s largest tenant information databases, Trading Reference Australia. In addition to real estate services, the company also maintains a legendary blacklist of tenants. No word yet on what data was stolen and the matter is in current litigation.
Individual Risk: No personal or financial data has been reported as compromised in this breach so far, but it remains under investigation.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Failing to keep information secure, especially damaging information like a tenant blacklist has the potential to be very messy as both a recovery operation and a regulatory headache. Data like this sells fast in the Dark Web data markets.
ID Agent to the Rescue: Reduce your risk of a cyberattack using credentials that have been compromised in a data breach like this one with 24/7/365 credential monitoring using Dark Web ID. SEE A DEMO>>
The Week in Breach – Asia & Pacific
Singapore – ShopBack
https://www.marketing-interactive.com/shopback-says-consumer-cashback-is-safe-despite-data-breach
Exploit: Unauthorized Database Access
ShopBack: Digital Coupon Company
Risk to Business: 2.203= Moderate
Cashback reward app ShopBack has reported a data breach as a result of unauthorized access to company systems that contained customers’ personal data. Investigation of the incident is ongoing, but the company says that the damage included an extensive amount of exposed customer records that contained data such as users’ names, contact information, gender, date of birth, and bank account numbers. Singapore’s Personal Data Protection Commission is investigating.
Individual Risk: 2.419 = Severe
The possibility of bank account information becoming compromised as well as PII opens consumers up to a variety of nasty potential consequences including identity theft, fraud, and dangerous spear phishing attacks.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Unauthorized access to systems containing consumer financial data like bank information is not just a PR disaster, it’s also a potential fine and compliance nightmare that can cost a fortune to clean up.
ID Agent to the Rescue: Secure access to your data and systems with the multifunctional capability of Passly, the cost-effective, efficient secure identity and access management tool that is ideal for making sure that the right people have access to the right things – and only the right people. SEE A DEMO>>
The Week in Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Bit by bit helps client networks run smooth and secure.. visit our website at
