Monday, February 10, 2020

Breached Companies!

United States - Sinai Health System

Exploit: Phishing scamSinai Health System: Chicago-based healthcare network
extreme gauge

Risk to Small Business: 1.555 = Severe: Two employees fell for a phishing scam that gave hackers access to email accounts containing patients’ personal data. The attack, which occurred on October 16th, wasn’t discovered until December. In response, Sinai Health Network reset employees’ email passwords and provided employees with phishing scam awareness training to prevent a similar event in the future. Unfortunately, these actions cannot undo the damage of a data breach, and the healthcare network will now endure heavy regulatory scrutiny, as the Office for Civil Rights has launched an investigation into the incident.

Individual Risk: 2.285 = Severe: Patients’ personal information was compromised in the breach, including their names, addresses, dates of birth, Social Security numbers, health information, and health insurance information. Hospital administrators contend that there is no evidence of misuse, but patients impacted by the breach should not presume that their data is secure. Instead, they should closely monitor their accounts for unusual activity, and they should consider enrolling in identity monitoring services to ensure that their information isn’t misused down the road.
Customers Impacted: 12,578
How it Could Affect Your Customers’ Business: It’s inevitable that phishing scams will make their way into your employees’ inboxes. Fortunately, these attacks are useless if employees identify the threat and don’t engage with the email. Employee awareness training can empower email recipients to become a strong defense against phishing scams but waiting until after a breach to provide this training is fruitless. As Sinai Health System just learned, if employees aren’t ready to respond before an incident occurs, the training efforts won’t save your company’s data or its dollars.

ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started:

United States - Synoptek

Exploit: Ransomware
Synoptek: Cloud hosting and IT management company

Risk to Small Business: 2.111 = Severe: A phishing scam-enabled ransomware attack brought an early, unwanted Christmas present to Synoptek’s employees and more than 1,100 enterprise customers around the world. The attack disrupted many services, and Synoptek paid a ransom demand in an attempt to restore operations. Synoptek endured serious customer scrutiny as companies impacted by the network outages took to Twitter and Reddit to complain about the company. In addition, Synoptek is being ridiculed for a December 20th tweet encouraging companies to be vigilant about guarding against phishing scams, a message sent just days before a company employee fell for a phishing scam that instigated the ransomware attack.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks are uniquely expensive, bringing hefty recovery and opportunity costs that are compounded by the less-quantifiable reputational damage that accompanies an attack. However, they aren’t as inevitable as many people think, as these malware attacks always require a foothold. In this case, a phishing scam allowed hackers to access to company’s system and infect its network. Since the consequences of a ransomware attack are enormous, every company has millions of reasons to put their best foot forward to defend against this increasingly common cyber attack.

ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist™, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here:

United States - Special Olympics NY

Exploit: Phishing scam
Special Olympics NY: Nonprofit organization
extreme gauge

Risk to Small Business: 2.222 = Severe: Cybercriminals hacked the organization's network and used this access to send phishing emails to its previous donors. Special Olympics NY contacted those impacted by the event, asking them to disregard the phishing communication and to offer confidence that their data was secure. Criminals created a sense of urgency by alerting donors that an automatic donation for $1,942,49 was scheduled to debit in two hours, and the emails invited users to confirm their donation by inputting their personal data on a malicious website.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: While it’s unclear how cybercriminals accessed the organization’s communications platform, it’s possible that they walked right through the proverbial front door. With millions of user logins available on the Dark Web many hackers have critical login information available at their fingertips. Unfortunately, the consequences for businesses can be devastating. For Special Olympics NY, it’s possible that this event could discourage donors from contributing in the future, a damaging blow to one of their critical revenue streams.

ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at:

United States - Active Network

Exploit: Unauthorized database accessActive Network: Educational software developer

Risk to Small Business: 1.888 = Severe: Hackers infiltrated Active Network’s IT infrastructure and gained access to customers’ personally identifiable information. Bad actors had access to the network between November 1, 2019 and November 13, 2019, but the company didn’t identify the breach until December. The breach is limited to the Active Network’s Blue Bear software platform used by public K-12 schools. This incident is an irrevocable stain on a company operating in an industry that demands data privacy as a prerequisite for doing business, meaning this breach could have significant negative consequences for their business in the future.

Individual Risk: 2.287 = Severe: Hackers accessed users names, payment card expiration dates and security codes, and Blue Bear account usernames and passwords. However, Social Security numbers, driver's license numbers, and government ID numbers were not included in the breach. Every Blue Bear user should reset their account passwords, and those impacted by the breach should notify their financial institutions of the event. Active Network is offering free identity monitoring services to victims and enrolling in this service can help ensure that their personal information isn’t misused now or in the future.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Brand reputation is a cherished and hard-earned standard that can quickly erode when a data breach strikes. With more consumers demanding a track record of high data security standards before doing business with a company, organizations have every incentive to build their reputation on the bedrock of strong data security procedures. Simply put, to remain competitive in today’s digital environment, businesses can’t just talk about data security, they actually have to protect customers’ information.

ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here:

Canada - TD Canada Trust

Exploit: Phishing scam
TD Canada Trust: Personal & small business banking institution

Risk to Small Business: 2.444 = Severe: Security researchers have unearthed a two-year phishing campaign impacting Canadian banks, including TD Canada Trust. The phishing campaigns began with legitimate-looking emails containing PDFs that included official bank logos and an authorization code. Victims are instructed to renew their digital certificate to maintain their online bank accounts. When they click on a provided link, they are directed to a page that asks for their banking credentials. Hackers registered numerous domains similar to the banks’, making their efforts even more convincing.
correct severe gauge

Individual Risk: 2.571 = Moderate: Phishing scams are only effective if users provide their personal details, but anyone that offered this information should be aware that it is now in the hands of cybercriminals. Those impacted by the breach should immediately notify their financial institutions of the episode. Moreover, they should carefully monitor their accounts for suspicious or unusual activity.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This phishing scam underscores the capabilities of today’s cybercriminals who can quickly and easily create authentic-looking email campaigns, websites, and even documents. Since these scams are the leading cause of a data breach, every organization should take measures to prepare their employees and customers for the reality of today’s digital environment. In doing so, they can help ensure that phishing scams can’t compromise company or customer data.

ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime:

Netherlands - Maastricht University

Exploit: Ransomware
Maastricht University: Public post-secondary academic institution

Risk to Small Business: 1.888 = Severe: A ransomware attack on Maastricht University disabled the university’s Windows computers and email services. To prevent the malware’s spread, the university brought its entire network offline. While they noted that they are taking extra precautions to protect critical scientific data, they acknowledged that they can’t predict how long it will take them to overcome this expansive attack.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessRansomware has enjoyed a troubling resurgence as a prominent way to exact low-risk, high-yield payouts from victims. Often, these attacks are levied on soft targets like organizations or entities that can’t or won’t protect against these threats. Especially for SMBs, it can be tempting to leave this risk up to chance, but the high cost of a ransomware attack makes a strong defensive posture a veritable must-have to remain competitive in today’s digital landscape.

ID Agent to the RescueIt’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here:

United Kingdom - The Cabinet Office

Exploit: Accidental sharing
The Cabinet Office: Governmental department responsible for supporting the Prime Minister and Cabinet

extreme gauge

Risk to Small Business: 2.333 = Severe: The Cabinet Office inadvertently uploaded the home and work addresses of recipients of various New Years’ honors recipients. The honorees included several celebrities and defense personnel, many of whom took to the internet to complain about the shocking privacy blunder. The department received special ridicule because of the government’s work in holding companies accountable for data privacy with GDPR. Although the information was only available for about 90 minutes, anyone could access this sensitive data during that time, and there's no way to recover that information.

Individual Risk: 2.428 = Severe: The blunder compromised personal data, including names and addresses for many prominent public figures and security personnel. This information could invite unwanted correspondence or security concerns, and those impacted by the breach should make every effort to protect their physical and online security.
Customers Impacted: 1,000
How it Could Affect Your Customers’ BusinessAccidental data sharing is a common cause for data breaches, but it’s one that companies can account for in both their policy and employee training efforts. In addition, everyone can protect their digital accounts by adopting security best practices like two-factor authentication to ensure that, even if their credentials are accidently shared online, accounts aren’t easily accessible to hackers.

ID Agent to the Rescue: With AuthAnvil, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at:

United Kingdom - Travelex

Exploit: Malware attack
Travelex: Foreign currency exchange


Risk to Small Business: 2 = Severe: Travelex rang in the new year with an old cyberattack methodology, enduring a malware attack on December 31st. The company brought its systems offline to protect data and prevent its spread. Many UK customers experienced a “server error” when trying to access the website, and many companies that rely on Travelex services were similarly disrupted because of the outage. The incident could carry heavy opportunity costs for the company, since it’s unclear how long the malware will disable their platform.
Individual Risk: At this time, no personal information was compromised in the breach. However, Travelex customers should stay abreast of the latest developments to ensure that they are ready to respond if personal data is compromised.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessMalware attacks can significantly disrupt a business, but hackers rely on readily-available access points to plant the malicious software. Many use login credentials or other access points that are frequently bought and sold on the Dark Web or hacker forums. By remaining vigilant about securing employee credentials, companies can cut off a frequent access point for hackers.

ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at:

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5831

No comments:

Post a Comment