Friday, March 20, 2020

Breached!

United States – Visser Precision

Exploit: Ransomware. 
Visser Precision: Parts manufacturer for space and defense contractors. 
1.51 – 2.49 = Severe Risk
Risk to Small Business: 2.111 = Severe:
Visser Precision was infected with data exfiltrating ransomware that stole  proprietary information before encrypting IT systems. Based on documents published online, it appears that hackers obtained company data, including a list of clients, nondisclosure agreements, and some development plans. This incident reflects a growing trend in ransomware attacks – cybercriminals are increasingly stealing company data before encrypting critical IT systems, and organizations don’t detect it until it’s too late. 
Individual Risk: No personal information was compromised in this breach. 
Customers Impacted: Unknown. 
How it Could Affect Your Customers’ Business: Ransomware attacks not only negatively impact productivity and manufacturing, they also negatively impact growth. Companies like Visser Precision have many high-profile and mission-critical clients. Cybersecurity incidents can put those organizations at risk, making them less likely to do business with companies that have data security issues. 
ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal AssistTM, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.

United States – Riverview Health 

Exploit: Accidental data sharing. 
Riverview Health: Healthcare provider. 
1.51 – 2.49 = Severe Risk
Risk to Small Business: 2.333 = Severe:
On January 14, 2020, an employee inadvertently sent notification letters that intermixed patients’ names and addresses. The messages were delivered to the appropriate addresses, but they included the incorrect patient name. In today’s digital landscape, even small clerical errors can have significant consequences as both customers and regulators look to punish companies that fail to secure personal information. 
Individual Risk: 2.714 = Moderate:
Patients’ names and addresses were compromised in the breach. Riverview Health maintains that the risk of data misuse is very low, but victims should still be aware that this information can be used for nefarious purposes and take precautions to ensure that their information is secure. 
Customers Impacted: 2,610
How it Could Affect Your Customers’ Business: The biggest threat to your data isn’t cybercriminals, its human error. With customer blowback and regulatory penalties increasing, every organization needs to take steps to mitigate the risk posed by staff mistakes. Implementing protocols and increasing training about the pitfalls presented by phishing attacks and data sharing errors can significantly reduce your organization’s exposure to a data breach. 
ID Agent to the Rescue: With BullPhish IDTM, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id

United States – J Crew

Exploit: Unauthorized database access. 
J Crew: Clothing retailer. 
Risk to Small Business: 2.111 = Severe:
J Crew identified a data breach that took place in April 2019. In response, the company has disabled all impacted accounts, and advised all customers to reset their account credentials. The incident follows cybersecurity lapses at other prominent retailers at a time in which many consumers are shunning companies that don’t secure their information. The lengthy identification and reporting time will likely open the organization up to additional regulatory scrutiny that could further erode its brand reputation and bottom line. 
1.51 – 2.49 = Severe Risk
Individual Risk: 2.428 = Severe:
Hackers accessed customers’ account login credentials, email addresses, and passwords. Partial payment card data and order information was also compromised. The company has closed the impacted accounts, but all J Crew customers should take steps to protect their personal information. 
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: With threats coming from multiple directions, every organization must enact strong cybersecurity defenses to ensure that they are ready to address potential threats and keep their clients’ data safe – and avoid the brand-eroding fallout that comes from a cybersecurity disaster. In doing so, they can minimize the consequences of a breach, keep customer data off the Dark Web, and promote a rapid recovery. 
ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web IDTM is the leading Dark Web monitoring platform in the channel. Our award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze, and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact

Canada – Charlottetown, P.E.I.

Exploit: Ransomeware. 
Charlottetown, P.E.I: Provincial government. 
1.51 – 2.49 = Severe Risk
Risk to Small Business: 1.666 = Severe:
One week after this provincial government experienced a ransomware attack, internal government documents began appearing online. Specifically, financial reports, bank statements, and payment details related to its Agriculture Stability Program. Unfortunately, hackers noted that the released information represents just a portion of a 200 GB cache stolen from the government. This tactic is increasingly common with a ransomware attack and multiplies the damage done by the incident. 
1.51 – 2.49 = Severe Risk
Individual Risk: 2.285 = Severe:
Hackers released program documents that included sensitive data like names, SIN numbers, contact information, and business details. This information can be used to execute spear phishing scams, sold on the Dark Web or tapped to perpetuate other malicious activities. Those impacted should carefully scrutinize digital communications and monitor accounts for unusual or suspicious activity. 
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business:  Ransomware attacks were already one of the most costly and devastating cyberattacks. Hackers are upping the stakes by stealing data before encrypting critical digital infrastructure. Now the cost and impact of lost data is part of the equation when considering the recovery expenses, productivity decline, and reputational damage that already accompanies a ransomware attack.  
ID Agent to the Rescue: All of that stolen data can end up on the Dark Web, leading to even more serious consequences. Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at https://www.idagent.com/dark-web/

Canada – Simon Fraser University 

Exploit: Ransonware.
Simon Fraser University: Public academic institution. 
1.51 – 2.49 = Severe Risk
Risk to Small Business: 1.555 = Severe:
A ransomware attack provided hackers access to personal data that they then exfiltrated from the university’s network before encrypting certain IT elements. The breach effects some faculty, staff, students, alumni, and retirees who had a relationship with Simon Fraser University before June 20, 2019. Although the breach was limited in scope, the school recommends that users reset their account passwords. The incident was discovered on February 27, 2020 and contained within 24 hours, but the university will still face regulatory scrutiny and possible public backlash due to the sensitive nature of the event. 
1.51 – 2.49 = Severe Risk
Individual Risk: 2.142 = Severe:
Before encrypting the school’s network, hackers accessed student and employee names, numbers, birth dates, email addresses, mail list memberships, course enrollments, and encrypted passwords. This information can be used to craft convincing phishing scams that, if acted upon, can compromise even more personal data. Those impacted should carefully evaluate incoming messages requesting confirmation of personal data and take steps to ensure that their information isn’t being misused. 
 Customers Impacted: Unknown.
How it Could Affect Your Customers’ Business: Already a major menace, hackers have upped their game when executing ransomware attacks, making incidents even more costly, invasive, and destructive. Every company needs to review its defensive posture to ensure that it is taking the basic steps necessary to mitigate the risk of ransomware. Since this malware always requires a foothold, every company can actively take steps to prevent it from being the next victim. 
ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of dynamic cybersecurity in response to today’s evolving threats. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help you get the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here: https://www.idagent.com/goal-assist.

United Kingdom – Loqbox 

Exploit: Data compromise.
Loqbox: Credit score builder. 
1.51 – 2.49 = Severe Risk
Risk to Small Business: 1.777 = Severe:
A cyberattack on February 20, 2020 compromised customers’ personal data and payment information but didn’t impact customer funds. The company admitted that the breach occurred because of a known vulnerability, raising questions about the priority of data security at the fintech startup. Now Loqbox is poised to experience significant customer blowback and regulatory scrutiny as it falls under the purview of Europe’s GDPR. 
1.51 – 2.49 = Severe Risk
Individual Risk: 2 = Severe:
The breach included personal information that could be used to target customers with highly convincing spear phishing emails. In addition to customer names, hackers acquired their dates of birth, addresses and phone numbers, plus financial data like partial credit card numbers, expiration dates, and bank account numbers. Those impacted by the breach should immediately notify their financial institutions and strongly consider enrolling in credit and identity monitoring services. 
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Over the past several years, data breaches have compromised billions of login credentials, giving hackers front-door access to your data and systems. Every company should add improved security to its login process by enabling simple, efficacious measures like two-factor authentication to keep accounts secure. 
ID Agent to the Rescue: With AuthAnvilTM, integrated multi-factor authentication, single sign-on, and identity management solutions protect your users’ login credentials and your data. Find out more at https://www.idagent.com/authanvil-multi-factor-authentication.  

United Kingdom – Cathay Pacific

Exploit: Unauthorized database access. 
Cathay Pacific: International airline. 
1.51 – 2.49 = Severe Risk
Risk to Small Business: 2 = Severe:
Cathay Pacific was recently hammered with a fine totaling £500,000 as a result of its failure to identify and address a data breach that lasted for more than four years. While the ruling offers a 20% discount if Cathay Pacific pays the penalty by March 12, the penalty is still a significant financial hit to the international airline. The company was cited for multiple “security inadequacies” including failing to encrypt databases containing customers’ personal data, a slow response to a known security vulnerability, and lengthy communication delays that further jeopardized customer information.  
1.51 – 2.49 = Severe Risk
Risk to Small Business: 2.428 = Severe:
The data breach included a treasure trove of Cathay Pacific customers’ personal data, including names, nationalities, birthdates, phone numbers, email addresses, mailing addresses, passport information, and other company-specific information. Those impacted by the breach should be sure to reset their airline account credentials and any other accounts using similar information. In addition, they should be aware that this kind of data is often used to develop sophisticated, personalized spear phishing attacks that further compromise personal information. 
Customers Impacted: 9,400,000
How it Could Affect Your Customers’ Business: Regulatory penalties are on the rise as regulators and legislators seek to punish companies that incur a data breach without having adequate data security protocols or incident response plans in place. In this case GDPR’s governing body issued the fine, but governments around the world are imposing substantial fines on companies that fail to protect their customer data – and those fines are climbing every day. 
ID Agent to the Rescue: With Compliance ManagerTM, any company can automate data privacy standards and documentation responsibilities, making compliance a simple, intuitive process for everyone. Click the link to get started today: https://www.idagent.com/compliance-manager

Australia – Alinta Energy 

Exploit: Unauthorized data sharing. 
Alinta Energy: Private energy and gas company. 
1.51 – 2.49 = Severe Risk
Risk to Small Business: 1.777 = Severe:
Alinta Energy is under intense scrutiny after a whistleblower exposed the company’s improper storage of customers’ personal information in overseas storage. This possible violation of Australia’s privacy laws could have a significant impact on its bottom line. At the same time, the brand erosion and degradation of customer trust engendered by this situation could magnify the consequences for Alinta Energy. 
1.51 – 2.49 = Severe Risk
Individual Risk: 2.428 = Severe:
According to the whistleblower, customer information including addresses, credit card information, and phone numbers are being stored overseas. Customers should be aware of this compliance oversight, taking special care to review their accounts and to advocate for their personal information to be adequately protected and managed. 
Customers Impacted: 1,100,000 
How it Could Affect Your Customers’ Business: Today’s global data privacy landscape is expansive and convoluted, making it challenging for any company to adhere to the many new laws hitting the books. But this challenging landscape isn’t an excuse for companies to fail at compliance. Instead, they need to attain the resources and support necessary to ensure that they have the infrastructure in place to adhere to the flurry of emerging data privacy regulations. 
ID Agent to the Rescue: Compliance Manager automates data privacy standards, eliminating guesswork and ensuring efficiency at every stage. Learn more at https://www.idagent.com/compliance-manager

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

No comments:

Post a Comment

Newsletter April 2024