Tuesday, December 3, 2019


United States - Web.com https://www.scmagazine.com/home/security-news/data-breach/web-com-discloses-breach-affecting-customer-account-info/

Exploit: Unauthorized database accessWeb.com: Domain name registration and web services provider
Risk to Small Business: 2.111 = Severe: An unauthorized third party accessed Web.com’s network, which compromised their customers’ personally identifiable information. The intrusion took place in August 2019, but IT personnel were not able to identify the breach until October 16th. Data breach notifications went out this week, but the significant detection delay will certainly compound the damage for both the company and its customers.

Individual Risk: 2.285 = Severe: The breach compromised names, addresses, phone numbers, email addresses, and service information. Security experts believe that the breach extends beyond Web.com and includes users of Network Solutions and Register.com. This information often makes its way to the Dark Web where it can be repurposed for additional cyber-attacks or identity fraud. Anyone impacted by the breach should scrutinize their online communications, as hackers will use compromised data to orchestrate spear phishing attacks.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Survey after survey reveals that customers are increasingly wary of doing business with companies that can’t protect their personal information. This reality is only exacerbated when companies are slow to detect or respond to security incidents. 
As a result, data security and response protocols are an integral part of doing business. In 2019, cybersecurity isn’t just for the IT department to consider. It needs to be a top-down priority that impacts every facet of the company.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID™ is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze, and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

United States - sPowerhttps://www.zdnet.com/article/cyber-attack-hits-utah-wind-and-solar-energy-provider/

Exploit: Cyber-attack
sPower: Renewable energy provider

Risk to Small Business: 1.444 = Extreme: sPower was the victim of a cyber-attack that brought down its services and disconnected its hardware from the electrical grid. Although the attack occurred in April, the details are emerging as part of a Freedom of Information Act filing by reporters covering the energy sector. Hackers were able to leverage a vulnerability in the company’s firewall that allows outside entities to access their network. The event could significantly harm the company’s reputation within the energy industry, impacting its ability to land future contracts and compete with other companies.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Reputation management can mean the difference between earning the next contract and losing out to a competitor. In that regard, ensuring that your organization’s most prescient threats are accounted for can help avoid the bad press and brand erosion that follow in the wake of a cyberattack. While every industry’s threats are unique, every consumer or collaborator wants the same thing: sufficient cybersecurity to meet the moment.

ID Agent to the Rescue: With BullPhish ID™, MSPs can provide understand the unique risks and available solutions, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

United States - City of San Marcos 

Exploit: Cyber-attack
City of San Marcos: Local government municipality
Risk to Small Business: 1.666 = Severe: Hackers accessed the city’s computer systems and restricted access to significant portions of their IT infrastructure. The attack, which began on October 24th, brought down email accounts and other communication services. As a result, messages sent to city employees were not delivered, though government facilities remain open. Recovering from the attack is proving especially difficult, as the services are still restricted for more than a week after the initial event. To prevent further attacks, employees are being asked to change their passwords and enable two-factor authentication on their accounts.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Many cybersecurity vulnerabilities can be mitigated by adopting adequate preventative measures. For instance, using strong, unique passwords and two-factor authentication can prevent hackers from using stolen credentials to access accounts and dig deeper into your company’s IT environment. As the costs associated with breach continue to pile up, the ROI on implementing cybersecurity defense becomes easily apparent.

ID Agent to the Rescue: With AuthAnvil, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at: https://www.idagent.com/authanvil-multi-factor-authentication.

Canada - Ontario Science Centerhttps://www.cbc.ca/news/canada/toronto/science-centre-data-breach-1.5338334

Exploit: Unauthorized database accessOntario Science Center: Science museum

Risk to Small Business: 2.222 = Severe The Ontario Science Center endured a data breach after an employee of a third-party contractor downloaded personal data from the museum’s newsletter subscribers. The breach impacts subscribers, along with participants in camp programs and birthday parties. Although the breach is relatively restricted, it will still drain resources from an educational institution with better priorities in mind.
extreme gauge

Individual Risk: 2.428 = Severe: The breach includes names and email addresses, but other personal or financial information was not included in the event. Despite the incident’s limited scope, this information can still be valuable in the hands of cybercriminals, and those impacted must enlist in identity and credit monitoring to stay protected.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Third-party collaborations are a normal part of business operations for most companies, but cybersecurity standards need to be considered when entering into a partnership. For instance, even though the Ontario Science Center wasn’t directly responsible for this data breach, the accountability will land squarely on their shoulders.

ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.

France - Sixth June 

Exploit: Malware attack
Sixth June: Fashion online store
twib-severeRisk to Small Business: 1.888 = Severe: Hackers infected Sixth June’s online store with e-skimming malware that is able to collect customer information at checkout. Despite the alarming nature of the attack, company leaders were slow to respond. Security researchers contacted Sixth June’s leadership team on October 20th, but the malware remained active five days later. This attack was especially covert as the hackers used a similarly registered domain name to disguise the malicious website. As a result, Sixth June customers were unlikely to discover malware without the company’s direct intervention.
extreme gauge

Individual Risk: 2.142 = Severe: E-skimming malware attacks collect extremely sensitive personal information, including names, addresses, and payment information. While Sixth June hasn’t reported specific data compromised in this breach, any information that users provide at checkout is likely available to hackers. Those impacted by the breach should take every measure to secure their credentials, including notifying their financial institutions and enrolling in credit and identity monitoring services.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Although being the victim to a data breach is a nightmare for any business, it’s even worse when the response is slow or inadequate. Multiple cybersecurity experts have commented online and criticized Sixth June leadership for not responding to their warnings about the malware. The blowback for Sixth June could be immense. Regulatory consequences, reputational damage, and lost revenue will likely change the company’s trajectory going forward.

ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

Italy - UniCredit https://uk.reuters.com/article/us-unicredit-cyber/unicredit-hit-by-data-breach-of-italian-client-records-idUKKBN1X70HM

Exploit: Exposed database
UniCredit: Banking and financial services company
Risk to Small Business: 1.555 = Severe: UniCredit recently discovered an exposed database containing the personal information for millions of the company’s customers. Shockingly enough, the database had been accessible since 2015. This is the company’s third data breach in recent years, and it sent their share price down by 4%. The bank is spending a significant amount of money to update its IT infrastructure to prevent such an event in the future, but that is unlikely to alleviate the reputational damage and regulatory repercussions heading their way.
extreme gauge

Individual Risk: 2.428 = Severe: The exposed database contains the email addresses and phone numbers for the banks’ clients. Hackers did not have access to login credentials, but that doesn’t mean that those impacted by the breach are out of the woods. Personal details can be used to facilitate additional cybercrimes that can compromise even more sensitive information.
Customers Impacted: 3,000,000
How it Could Affect Your Customers’ BusinessThe path to restoring customer confidence after a data breach is one that is not well-charted. However, companies are testing their customers’ limits when they endure multiple cybersecurity incidents. Each episode forces businesses to restart the restoration process. Knowing what happens to exposed or stolen customer data is the first step to a swift response that can revive customer confidence.

ID Agent to the RescueDark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more: https://www.idagent.com/dark-web.

Australia - 7-Elevenhttps://www.infosecurity-magazine.com/news/drivers-data-exposed-in-7eleven/

Exploit: Accidental data exposure
7-Eleven: Convenience store and gas station chain


Risk to Small Business: 2 = Severe: Australian customers using 7-Eleven’s app designed to help drivers reduce fuel costs were able to view the personal information of other customers after logging in to the platform. In response, the company brought the app offline to identify a suitable solution. The company later relaunched a repaired app several hours later, but the damage had already been inflicted.

Individual Risk: 2 = Severe: Personally identifiable information, including names, email addresses, cell phone numbers, and dates of birth were exposed. Only one customer reported accessing this data, but it’s possible that it was made available to many more, including bad actors who were aware of the vulnerability. It’s better to be safe than sorry, so it’s recommended that anyone impacted by the breach enroll in identity monitoring services to protect the integrity of their information.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessThis incident serves as a reminder that a simpler user experience should never come at the expense of data security. 7-Eleven app developers failed to identify a relatively simple flaw in their system, and this oversight will have untold consequences for their customer base and ability to innovate in the future. In other words, technological advancement and cybersecurity need to go hand-in-hand.

ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here: https://www.idagent.com/goal-assist.

Australia - Exchange for Change https://www.brewsnews.com.au/2019/11/01/brewers-hit-by-nsw-container-deposit-scheme-data-breach/

Exploit: Accidental data sharing
Exchange for Change: Coordinator of litter reduction program


Risk to Small Business: 1.666 = Severe: Exchange for Change inadvertently emailed invoices containing financial information to various competitors participating in the litter reduction program. The error has compounded public scrutiny of the program, which has had several problems in its rollout. While the company made clear that their network had not been compromised, the accidental sharing will have many of the same repercussions, including reputational damage and potential customer defections.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessToday’s companies face a litany of cybersecurity threats, so self-inflicted wounds are especially frustrating and problematic. Of course, human error isn’t just limited to accidental sharing. There are multiple threats that companies can diffuse simply by preparing their employees to be successful at this critical imperative.

ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

No comments:

Post a Comment