Thursday, November 28, 2019


United States - Thinkful 

Exploit: Unauthorized database accessThinkful: E-learning website for developers
twib-severeRisk to Small Business: 2.333 = Severe: By leveraging an employee’s stolen credentials, an unauthorized third party was able to access the company’s database. While sensitive data, such as social security information, was not exposed, it’s possible that other personal information was accessed. In response, Thinkful has notified its users of the data breach, and is requiring password resets on all accounts. While the company wrote to its users that it is taking additional steps to enhance security, these efforts will not help those whose credentials were already compromised in the breach. This incident follows on the heels of the company being acquired by Chegg.
correct severe gauge

Individual Risk: 2.857 = Moderate: Users’ Social Security numbers were not compromised in the breach, but other personal information could have been accessed by hackers. Users should create unique passwords, enroll in multi-factor authentication, and monitor their accounts for suspicious activity in the wake of the attack.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Thinkful’s data breach announcement is especially problematic since it immediately followed news that the company was being acquired by Chegg. It’s unclear how this cybersecurity incident will impact the deal, but cybercriminals often target small companies before an acquisition, hoping to infiltrate their IT infrastructure before coming under the protection of the larger, more robust system of their new parent company. Therefore, businesses must consider cybersecurity as both a moral imperative and a financial necessity, especially in the realm of mergers and acquisitions.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID™ is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today:

United States - Campbell County Memorial Hospital

Exploit: Ransomware
Campbell County Memorial Hospital: Healthcare provider operating as part of the Campbell County Health Department
Risk to Small Business: 2.111 = Severe: A ransomware attack on Campbell County Memorial Hospital forced the healthcare provider to divert ambulance services, cancel surgeries, and stop admitting patients. The hospital’s emergency room remains operational, but many services are curtailed. Hackers did not send a ransom demand, leaving hospital IT administrators grappling for a solution. Campbell County Memorial Hospital reports that no patients were harmed because of the outage. However, with no solution in sight, patient care remains dubious and the long-term financial ramifications of the incident could be extensive.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Unfortunately, once a ransomware attack infects your network, there are usually no get-out-of-jail-free cards. Ransom demands themselves often cost companies hundreds of thousands, whereas restorative services can be even more expensive. Moreover, the opportunity costs associated with interrupted business processes only makes matters worse. In this case, patients’ lives could have been put at risk, which is a worst-case scenario for any cybersecurity incident.

ID Agent to the Rescue: With BullPhish ID™, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here:

United States - Southeastern Pennsylvania Transport Authority

Exploit: Malware attack
Southeastern Pennsylvania Transport Authority: American transport authority
Risk to Small Business: 1.888 = Severe: The online store for the Southeastern Pennsylvania Transport Authority was victimized by Magecart malware, a data skimming attack that steals customer data at checkout. In response, the department permanently closed their online store. The malware was spotted on July 16th, but it took the agency more than two months to gather relevant data and notify customers. The lengthy delay could have compromised additional users while also exacerbating the inevitable PR nightmare that always accompanies a breach.

Individual Risk: 2.428 = Severe: Hackers gained access to the most sensitive form of e-commerce data, including names, credit card numbers, and addresses. Since this information can quickly spread on the Dark Web and then used to perpetuate additional financial or identity fraud, those impacted by the breach should notify their financial institutions and enroll in identity and credit monitoring services as soon as possible.
Customers Impacted: 761
How it Could Affect Your Customers’ Business: Providing a seamless, secure online experience is a critical component of any organization’s relationship with its constituents in the digital age. However, these efforts are undermined when data breaches occur at checkout and are not discovered for months on end. In order to increase the ROI of any e-commerce experience and avoid legal penalties, companies and institutions must be able to detect potential misuse of user data.

ID Agent to the Rescue: Dark Web ID can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here:

Canada - DoorDash

Exploit: Unauthorized database accessDoorDash: Food delivery service
twib-severeRisk to Small Business: 1.555 = Severe: Hackers infiltrated a DoorDash server, providing them with access to user and driver data. In response, the company is encouraging all users to reset their passwords. Although the breach was discovered in early September, it’s unclear why they waited nearly a month before notifying users. Now, DoorDash will likely face legal and reputational blowback that will damage its standing in an already competitive market.
extreme gauge

Individual Risk: 2.285 = Severe: Hackers accessed personal data for both DoorDash users and drivers, including names, email addresses, delivery addresses, phone numbers, hashed passwords, and the last four digits of payment cards. However, full payment card data was not accessible. In addition, the breach does not include DoorDash users who joined after April 5, 2018. The platform is encouraging all users to reset their passwords and to monitor their financial accounts for unusual activity. Moreover, those impacted by the breach should know that this data can be used to facilitate additional cyber attacks, including phishing scams, that can further compromise personal information.
Customers Impacted: 4,9000,000
How it Could Affect Your Customers’ Business: In 2019, companies can’t afford to spare any expense when it comes to protecting their data. With the initial cost of a breach soaring and the long-term damage becoming clearer, the big-picture threat is a tangible reality for every company. Rather than hoping to avoid being caught in the crosshairs by hackers, every business should take steps to identify vulnerabilities and to apply best practice solutions to mitigate the risk of a devastating data breach.

ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist™, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here:

United Kingdom - CafePress

Exploit: Unauthorized database access
CafePress: Online retailer of stock and user-customized products
twib-severeRisk to Small Business: 2 = Severe: Hackers gained access to CafePress databases that included users personally identifiable information. The data breach, which occurred on February 19, is both a technological and PR nightmare. Hackers accessed more than half of users’ passwords, and their slow notification process is frustrating users who are taking to social media and online forums to complain about the platform. At the same time, the company will face intense regulatory scrutiny both for the large scope of the breach and the company's lengthy response time.
correct severe gauge

Individual Risk: 2.571 = Moderate: Hackers had access to users’ names, email addresses, physical addresses, phone numbers, and, for many people, unencrypted passwords. In some cases, the last four numbers of payment cards and expiration dates were accessible. This information has already been spotted on hacker forums, which means that those impacted by the breach should contact their financial institutions to notify them of possible fraudulent activity and enroll in credit and identity monitoring services.
Customers Impacted: 23,000,0000
How it Could Affect Your Customers’ Business: Data breaches will inevitably have far-reaching consequences for any company, but those effects are amplified when companies fail to take obvious steps, like openly communicating with customers to initiate the recovery process. This type of reputational damage only makes matters worse, so companies should consider their defensive posture and response plan as a critical component of digital strategy.

ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win!

Denmark - Demant

Exploit: Ransomware
Demant: Hearing aid manufacturer
Risk to Small Business: 2.333 = Severe: A ransomware attack forced the company to shut down systems across its different manufacturing sites and business units. This significantly impacts Demant’s functionality as they were forced to curtail R&D, production, and distribution. As a result, the company cancelled a planned stock buyback, which plummeted their stock price by 12%. In addition, Demant reduced their earnings forecasts by $95 million, underscoring the incredible financial impact that a cybersecurity event can have on a company.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessCybersecurity incidents impact companies in many ways, but the bottom-line threat is one of the most compelling. Any company impacted by a cybersecurity incident stands to lose their market position, and, as Demant’s episode reveals, such losses can be extraordinary. The company expects the long-term financial implications to be immense, and their inability to innovate, produce, and ship products will have cascading consequences that far outlast the immediate ramifications of the breach.

ID Agent to the RescueMonitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime:

New Zealand - Vodafone

Exploit: Accidental data exposure
Vodafone: Telecommunications service provider

twib-severeRisk to Small Business: 2.111 = Severe: New Zealand users of Vodafone’s MyVodafone app temporarily had access to personal details of other customers. The mistake was blamed on a planned app upgrade, and the company was forced to disable usage after just 15 minutes. However, multiple customers encountered the change, which compromised personal details but not payment information. As tech features increasingly differentiate companies, Vodafone will have a more difficult time engaging customers following the incident. In addition, the company will face media and regulatory scrutiny that could add additional repercussions down the road.
correct severe gauge

Individual Risk: 2.857 = Moderate: Payment information was not compromised in the breach, but Vodafone hasn’t provided a specific readout of compromised personal data. Regardless, those impacted by the breach should reset their account passwords while being vigilant to monitor their accounts for unusual activity.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessTechnological innovations like mobile apps increasingly help companies differentiate their services from the competition. However, when these services are undercut by a data breach, a potential advantage quickly becomes a liability. Therefore, innovation always has to be accompanied by effective implementation and governance strategies to ensure that these platforms are safe and secure.

ID Agent to the Rescue: Dark Web ID alerts MSPs when their customers’ employee emails and passwords have been compromised and are for sale to the highest bidder, before a breach occurs. Learn how you can partner up with us here:

New Zealand - Animates

Exploit: Malware attack
Animates: Pet supply retailer

twib-severeRisk to Small Business: 1.888 = Severe: An undetected malware attack infiltrated Animates’ online store, compromising the personal data of shoppers who used the platform between June 29 and September 13. In response, Animates took its website offline and notified legal authorities and regulatory bodies of the breach. Until the issue is resolved, Animates will be unable to make online sales, which will significantly impact their bottom line, and this diminished revenue could be an ongoing issue as customers have to decide if they will return to the pet supply retailer when services are restored.
correct severe gauge

Individual Risk: 2.571 = Moderate: Personally identifiable information was compromised in the breach, including names, addresses, phone numbers, email addresses, usernames, or passwords. In addition, Animates made it clear that credit/debit card information was targeted, although the company doesn’t store this information on their servers. Animates is encouraging all users impacted by the breach to closely monitor their accounts for usual activity and to update redundant passwords on other platforms.
Customers Impacted: 2,700
How it Could Affect Your Customers’ BusinessThe consequences of a data breach for SMBs can be incredibly costly. Many customers will never return to a company that has a track record of data security lapses. Especially for companies that rely on an online store, a strong cybersecurity stance should be a top priority, as it can be the difference between a flourishing platform and a dwindling customer base.

ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at:

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Bit by bit helps client networks run smooth and secure.. visit our website at

Wednesday, November 27, 2019