United States - Toppshttps://www.beckett.com/news/topps-website-attacked-for-a-second-time/
Exploit: Form-jacking attack
Topps: Sports trading card and collectible company
Topps: Sports trading card and collectible company
 | Risk to Small Business: 1.666 = Severe: After initially discovering unauthorized access in December and investigating, the company confirmed that customers who had placed orders from November through January may have been compromised. Payment card details including credit/debit card numbers, card expiration dates, and security codes were breached. This is the second breach suffered by the company in recent years, which may compound customer churn and security costs. |
| | Individual Risk: 2.428 = Severe: Personal information such as customer names, mailing addresses, telephone numbers, and email addresses were also exposed during the attack. Users are being asked to review their payment card statements and stay alert for possible identity theft. |
Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: Form-jacking attacks are being deployed by hackers at an unprecedented rate, with a targeted focus towards online retailers. Once customer data is skimmed from an e-commerce site using malicious code, it can be sold on the Dark Web for profit or used to carry out various forms of cyber fraud. Even worse, such attacks can go unnoticed for long periods of time, causing more damage to both companies and their customers.
ID Agent to the Rescue: Dark Web ID™ can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/
How it Could Affect Your Customers’ Business: Form-jacking attacks are being deployed by hackers at an unprecedented rate, with a targeted focus towards online retailers. Once customer data is skimmed from an e-commerce site using malicious code, it can be sold on the Dark Web for profit or used to carry out various forms of cyber fraud. Even worse, such attacks can go unnoticed for long periods of time, causing more damage to both companies and their customers.
ID Agent to the Rescue: Dark Web ID™ can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
United States - St. Francis Physician Serviceshttps://www.wspa.com/news/st-francis-physicians-services-notifies-patients-of-data-breach/1821354482
Exploit: Unauthorized access of electronic health record system
St. Francis Physician Services: Health system based in South Carolina
St. Francis Physician Services: Health system based in South Carolina
 | Risk to Small Business: 1.888 = Severe: On January 4th, it was discovered that an unauthorized individual gained access to systems of Milestone Family Medicine, a medical practice in Greenville. The SFPS health system previously employed the physicians that worked at Milestone Family Medicine, leading the larger organization to launch an investigation. While there is currently no indication of information misuse, letters have been sent to patients alerting them of the breach. |
| | Individual Risk: 2.142 = Severe: Patient health information including names, dates of birth, social security numbers, addresses, health insurance company details, and more were exposed. The company is offering credit monitoring and identity protection services to those whose social security numbers were included in the breach. |
Customers Impacted: To be disclosed
How it Could Affect Your Customers’ Business: In this scenario, SFPS was obligated to disclose the data breach even though Milestone Family Medicine was no longer a part of its network. Small businesses should be educated on data breach notification requirements that are becoming increasingly stringent. To avoid similar situations from arising, companies must shield themselves from third party or employee-related breaches..
ID Agent to the Rescue: Dark Web ID combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor customer data. Find out how you can work with us here: https://www.idagent.com/dark-web/
How it Could Affect Your Customers’ Business: In this scenario, SFPS was obligated to disclose the data breach even though Milestone Family Medicine was no longer a part of its network. Small businesses should be educated on data breach notification requirements that are becoming increasingly stringent. To avoid similar situations from arising, companies must shield themselves from third party or employee-related breaches..
ID Agent to the Rescue: Dark Web ID combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor customer data. Find out how you can work with us here: https://www.idagent.com/dark-web/
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Canada - Samsung Canada https://mobilesyrup.com/2019/02/26/glentel-samsung-canada-breach-customers-data/
Exploit: Third-party employee breach
Samsung Canada: Canadian arm of the Samsung Electronics company
Samsung Canada: Canadian arm of the Samsung Electronics company
| Risk to Small Business: 1.777 = Severe: On November 29th, 2018, an intruder gained account credentials for a Glentel employee and was able to view personal details of shoppers on the Samsung Canada online store. Glentel is the independent wireless retailer that operates the Samsung website, and was able to address the vulnerability within the same day. The company was forced to disclose the breach to its customers but has offered assurances that no financial information was exposed. |
| Individual Risk: 2.428 = Severe: Names, addresses, emails, phone numbers, and product purchase details were compromised. However, only customers that were making purchases during the time of exposure would have been affected. |
Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: Disguising or diminishing the consequences of a data breach can be detrimental for any organization. A customer openly spoke out against the data breach notification on Twitter, sarcastically noting that “only my address, phone number, email was accessed... Thanks Samsung Canada”. In the event of a breach, it is important to communicate effectively with customers in order to restore trust and get back to business.
ID Agent to the Rescue: Dark Web ID can help you proactively monitor if customer data is being leaked on the Dark Web without interrupting business processes. See how you can benefit here: https://www.idagent.com/dark-web/
How it Could Affect Your Customers’ Business: Disguising or diminishing the consequences of a data breach can be detrimental for any organization. A customer openly spoke out against the data breach notification on Twitter, sarcastically noting that “only my address, phone number, email was accessed... Thanks Samsung Canada”. In the event of a breach, it is important to communicate effectively with customers in order to restore trust and get back to business.
ID Agent to the Rescue: Dark Web ID can help you proactively monitor if customer data is being leaked on the Dark Web without interrupting business processes. See how you can benefit here: https://www.idagent.com/dark-web/
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Canada - NWT Department of Health and Social Services https://www.cbc.ca/news/canada/north/stolen-laptop-nwt-security-details-ottawa-1.5024775
Exploit: Theft of government employee laptop NWT Department of Health and Social Services: Health department for the Northwest Territories of Canada
| Risk to Small Business: 1.666 = Severe: On May 9th, 2018, an intruder broke into a car and stole a government employee’s laptop, resulting in a severe privacy breach. It is estimated that the device contained information on up to 40,000 Canadian citizens, and included sensitive health information. Officials are citing inadequate privacy training as the core issue, since managers are instructed to delete sensitive data immediately after using them. The department will now be required to conduct a list of privacy initiatives by 2020, resulting in expensive investments measured in time and money. |
| | Individual Risk: 2.428 = Severe: Although less than half of those affected were only identified by health card numbers, the remaining 53% could be at risk since their names, dates of birth, health card numbers, and diagnoses were stored on the exposed laptop. Such sensitive data can be sold on the Dark Web to the highest bidder or leveraged for harmful identity theft. |
Customers Impacted: 40,000 Canadian residents
How it Could Affect Your Customers’ Business: Employees are identified as agents, or extensions, of the company they work for. When news breaks that an employee is responsible for a data compromise, the entire organization is put under a microscope. Businesses must ensure that their workforce acts as custodians of customer data, and this can be accomplished through privacy training and proper vetting.
ID Agent to the Rescue: Dark Web ID allows MSPs to deliver actionable stolen credential data for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/dark-web/.
How it Could Affect Your Customers’ Business: Employees are identified as agents, or extensions, of the company they work for. When news breaks that an employee is responsible for a data compromise, the entire organization is put under a microscope. Businesses must ensure that their workforce acts as custodians of customer data, and this can be accomplished through privacy training and proper vetting.
ID Agent to the Rescue: Dark Web ID allows MSPs to deliver actionable stolen credential data for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/dark-web/.
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
United Kingdom - Kent County Council https://www.bbc.com/news/uk-england-kent-47390022
Exploit: Human error
Kent County Council: Adoption service for the British county of Kent
Kent County Council: Adoption service for the British county of Kent
| Risk to Small Business: 1.888 = Severe: Contact details for hundreds of adoptive parents was disclosed in an accidental council email. A member of staff copied a mailing list into the carbon copy (CC) section instead of the blind carbon copy (BCC) area, exposing the sensitive information. The council is currently investigating if the breach needs to be reported to the ICO, and if any fines will surface. |
 | Individual Risk: 2.714 = Moderate: The exposure of personal information for adoptive parents and support workers has serious implications, with the potential to affect birth families and vulnerable children. |
Customers Impacted: Approximately 300
How it Could Affect Your Customers’ Business: Even innocent breaches come with significant repercussions. An honest mistake can spawn expensive fines and customer churn, and businesses should pay attention. By installing thresholds that protect employees from compromising sensitive data, security teams can save a company’s reputation and customer base.
How it Could Affect Your Customers’ Business: Even innocent breaches come with significant repercussions. An honest mistake can spawn expensive fines and customer churn, and businesses should pay attention. By installing thresholds that protect employees from compromising sensitive data, security teams can save a company’s reputation and customer base.
ID Agent to the Rescue: Dark Web ID can monitor the Dark Web and find out if your customers’ data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/.
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
India - University of Madrashttps://www.deccanchronicle.com/nation/current-affairs/260219/madras-university-comes-under-ransomware-attack.html
Exploit: Ransomware attack
University of Madras: Public state university in Chennai
University of Madras: Public state university in Chennai
| Risk to Small Business: 1.777 = Severe: Last week, the university database faced a ransomware attack in which a hacker encrypted all information and demanded a ransom of 1.8M Rupees (~25K USD). However, the university was able to sidestep the attack entirely by having back-up data stored on a system that was outside of its network. Nevertheless, the institution will do a security audit and augment their existing measures. |
| Individual Risk: 2.522 = Moderate: Since the server was not hacked directly and only compromised by malware, none of the data was copied and is still completely secure. |
Customers Impacted: None
How it Could Affect Your Customers’ Business: Such an incident is a perfect example of best practice in the event of a ransomware attack. When an organization is able to store backup data on a server that is outside of its network’s scope, it can quickly avert a hacker’s malware attack. Along with leaving a hacker powerless and less likely to attack again, such an event engenders trust between a business and its customers.
How it Could Affect Your Customers’ Business: Such an incident is a perfect example of best practice in the event of a ransomware attack. When an organization is able to store backup data on a server that is outside of its network’s scope, it can quickly avert a hacker’s malware attack. Along with leaving a hacker powerless and less likely to attack again, such an event engenders trust between a business and its customers.
ID Agent to the Rescue: Find out why the largest private and public sector organizations globally rely on Dark Web ID to provide actionable stolen credential data and make informed decisions here: https://www.idagent.com/dark-web/.
1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Australia - Melbourne Heart Grouphttps://securityboulevard.com/2019/02/ransomware-attack-encrypts-medical-records-at-australian-hospital/
Exploit: Ransomware attack
Melbourne Heart Group: Cardiology unit of Cabrini Hospital in Malvern
Melbourne Heart Group: Cardiology unit of Cabrini Hospital in Malvern
| Risk to Small Business: 2.333 = Severe: After infiltrating medical records of 15,000 patients at Cabrini Hospital, hackers demanded a cryptocurrency ransom to regain access. 3 weeks later, the Melbourne Heart Group issued a notice that the breach was resolved and patient privacy was not compromised. However, some believe that the organization ended up paying the ransom, and the data may have been inappropriately accessed by hackers. |
| Individual Risk: 2.512 = Moderate: If hackers were able to gain access to the data, they would be able to sell patient health information on the Dark Web or orchestrate large-scale identity theft. What makes matters worse is that the investigation has not yet uncovered the culprits or motives behind the attack. In summary, this can pose moderately high risk to the patients affected |
Customers Impacted: 15,000 records
How it Could Affect Your Customers’ Business: Ransomware attacks can bring crucial systems down for multiple weeks at a time, interrupting business processes and eliminating control. Without a detection tool to monitor for loss in customer or employee data, companies are left speculating the severity of consequences.
ID Agent to the Rescue: Dark Web ID combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor customer data. Learn how you can partner with us here: https://www.idagent.com/dark-web/
How it Could Affect Your Customers’ Business: Ransomware attacks can bring crucial systems down for multiple weeks at a time, interrupting business processes and eliminating control. Without a detection tool to monitor for loss in customer or employee data, companies are left speculating the severity of consequences.
ID Agent to the Rescue: Dark Web ID combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor customer data. Learn how you can partner with us here: https://www.idagent.com/dark-web/
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
New Zealand - West Coast District Health Boardhttps://www.forbes.com/sites/leemathews/2019/02/28/even-the-wind-is-causing-data-breaches-now/amp
Exploit: Exposure of printed records
West Coast District Health Board: Health board based in New Zealand
West Coast District Health Board: Health board based in New Zealand
| Risk to Small Business: 2.111 = Severe: An employee is under investigation after misplacing hundreds of patient records printed on pages, which were reportedly “blown away in a gust of wind”. Only 40 pages were lost, but 300 individuals may have been affected. Although the situation has been mostly contained, journalists from around the world are citing the incident as an example of safeguarding offline data. |
| Individual Risk: 2.428 = Severe: Of the 40 pages that were lost, 6 have been recovered. However, the remaining records, which could amount to as many as 300, contained both names and health card numbers. Overall risk for patients is relatively low, but such data could become harmful if placed in the wrong hands. |
Customers Impacted: Up to 300
How it Could Affect Your Customers’ Business: Once offline data is compromised, it can be difficult to understand how or when it is being used. Without a digital trace, internal security teams are left wondering whether or not a breach will occur. However, employing a detection tool that constantly monitors leaked customer data can give peace of mind to employees and customers.
ID Agent to the Rescue: Find out why the largest private and public sector organizations globally rely on Dark Web ID to provide actionable stolen credential data and make informed decisions here: https://www.idagent.com/dark-web/
How it Could Affect Your Customers’ Business: Once offline data is compromised, it can be difficult to understand how or when it is being used. Without a digital trace, internal security teams are left wondering whether or not a breach will occur. However, employing a detection tool that constantly monitors leaked customer data can give peace of mind to employees and customers.
ID Agent to the Rescue: Find out why the largest private and public sector organizations globally rely on Dark Web ID to provide actionable stolen credential data and make informed decisions here: https://www.idagent.com/dark-web/
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
No comments:
Post a Comment