Monday, March 9, 2020

Breached!

United States - Altice USA https://www.newsday.com/business/altice-data-breach-employees-customers-1.41718432

Exploit: Phishing AttackAltice USA: Cable and internet provider
extreme gauge

Risk to Small Business: 2 = Severe: A phishing scam tricked an employee into providing hackers with email credentials that were used to access and download inbox content remotely. Although the breach was announced on February 5th, the phishing scam was executed in November 2019. It wasn’t discovered until December 2019, which raises questions about the company’s data security capabilities and notification strategy. As a result, Altice USA will have a difficult time restoring customer confidence, which will be critical to recovering from this preventable data breach.
extreme gauge

Individual Risk: 2.285 = Severe: Customers’ personal information was compromised in the breach. This includes Social Security numbers, birth dates, and other personal details. The company claims that financial information was untouched by the breach and is offering free identity and credit monitoring services for affected victims to protect compromised data.
Customers Impacted: 12,000
How it Could Affect Your Customers’ Business: Phishing attacks are easy to deploy, and they are devastating to companies compromised by malicious messages. Although security processes are unlikely to keep all phishing emails out of their employees’ inboxes, they can render the attacks useless by providing comprehensive awareness training that teaches and trains employees to identify phishing scams.

ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

United States - St. Louis Community Collegehttps://edscoop.com/phishing-attack-exposes-personal-information-of-5000-at-community-college/

Exploit: Phishing Attack
St. Louis Community College: Public academic institution
twib-severe

Risk to Small Business: 2.111 = Severe: Several employees fell for a phishing scam that compromised students’ personal information. The phishing scam, which took place on January 13th, happened just weeks before the school implemented two-factor authentication on January 31st. If this effective defensive measure was in place sooner, hackers would not have been able to access employee accounts, even after they provided their credentials on a phishing form. In response, the college is retraining employees who clicked on a phishing email, and they are updating their procedures to prevent a similar event in the future.
extreme gauge

Individual Risk: 2.428 = Severe: Students’ personal data was compromised in the breach, including names, ID numbers, dates of birth, addresses, phone numbers, and email addresses. In addition, 71 students had their Social Security numbers stolen. This information can be used to execute identity fraud or to target victims with spear phishing campaigns that could provide hackers with even more damaging personal data. Those impacted by the breach should enroll in credit and identity monitoring services to oversee the responsibility of identifying misuse, and they should carefully evaluate online communications for signs of a phishing scam.
Customers Impacted: 5,000
How it Could Affect Your Customers’ Business: This incident is a tragic reminder that, when it comes to data security, timing is everything. Phishing scam awareness training and two-factor authentication can go a long way toward protecting company and customer data, but they need to be in place before an attack occurs. Therefore, installing proactive measures should be a top priority in the days and weeks ahead.

ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id.

Canada - eHealth 
https://www.cbc.ca/news/canada/saskatchewan/ransomware-ehealth-update-suspicious-ip-1.5455764

Exploit: Ransomware
eHealth: Private online health insurance marketplace
extreme gauge

Risk to Small Business: 2 = Severe: An IT forensic investigation of a ransomware attack targeting eHealth found that patients’ personal health data could have been compromised in the event. The ransomware attack, which we reported in early January, was originally thought to be limited to traditional data encryption. However, investigators discovered that some files were sent to an IP address unaffiliated with the company. Initially, the company announced that patient data was secure, making their latest announcement a troubling addendum to an already disastrous situation.
twib-severe

Individual Risk: 2 = Severe: eHealth declined to specify the types of personal data that could have been compromised in the breach, but PHI typically contains the most sensitive information. Therefore, those impacted by the breach should update their account credentials, monitor their accounts for unusual activity, and evaluate digital communications for signs of a phishing attack, which often follow a data breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Increasingly, cybercriminals are elevating the already-steep consequences of a ransomware attack by stealing company data before encrypting it. Not only does this provide bad actors with an insurance policy in case companies don’t pay the ransom, but it leaves businesses with even less options in the wake of an attack. When it comes to ransomware, the only real solution is to prevent these attacks before they occur.

ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal AssistTM, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.

Netherlands - University of Maastrichthttps://news.yahoo.com/university-maastricht-says-paid-hackers-163608508.html

Exploit: RansomwareUniversity of Maastricht: Public academic institution
twib-severe

Risk to Small Business: 2.333 = Severe: The University of Maastricht paid a $220,000 ransom to unlock their email and network servers that had been encrypted since December 24th. Ultimately, university officials decided that paying the ransom would be more affordable than other alternatives, which included replacing the school’s entire IT system from scratch. Noting the deep damages to the school’s academic records, scientific work, and other data, authorities concluded that paying the significant sum was the only viable recovery option.
Individual Risk: At this time, no personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Cybercriminals are searching for soft targets, organizations with weak or outdated cybersecurity standards, to target with ransomware. As this incident reveals, when successful, ransomware attacks have costly implications. Simply put, every company has hundreds of thousands of reasons to prepare their defensive posture and address this increasingly potent threat.


ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here: https://www.idagent.com/goal-assist.

Ireland - Translink 
https://www.irishnews.com/news/northernirelandnews/2020/02/07/news/translink-it-systems-targeted-in-suspected-ransomware-cyber-attack-1836604/

Exploit: Ransomware
Translink: Transportation network
twib-severe

Risk to Small Business: 2 = Severe: A ransomware attack has disabled the company’s internal computer systems, causing communication and productivity loss throughout the organization. The network has been offline for more than a week as cybersecurity experts look for solutions that could enable the company to sidestep paying the ransom. However, even if the company can avoid paying cybercriminals to decrypt their network, productivity loss, reputational damage, and other IT expenses will ensure that this is a costly incident for the company.
Individual Risk: No personal information was compromised in the breach,
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks are a common occurrence in today’s digital environment. Cybercriminals can easily purchase malware strains on the Dark Web and deploy their attacks with little impunity at a low cost. However, companies are not powerless in this regard. Closing off accessing points like outdated software and securing company accounts with two-factor authentication are both meaningful steps that any organization can take to avoid a costly ransomware attack.


ID Agent to the Rescue: With AuthAnvilTM, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at: https://www.idagent.com/authanvil-multi-factor-authentication.

United Kingdom - London & Surrey Cycling Partnership https://www.bbc.com/news/uk-england-london-51456778

Exploit: Accidental data exposure
London & Surrey Cycling Partnership: Joint venture partnership
twib-severe

Risk to Small Business: 2 = Severe: Some participants in the Ride London cycling event had their personal data compromised when their ballot results were sent to other participants. The popular event is typically oversubscribed, and the organization uses the ballots to select the participants. Unfortunately, this data breach brought considerable confusion to the event, leaving riders unsure if they were able to participate. In response, victims are speaking out in interviews with media outlets and across social media channels. While the company worked to minimize the fallout, this incident is an irrefutable black eye on an otherwise well-regarded event.
extreme gauge

Individual Risk: 2.285 = Severe: The ballot information contained riders personally identifiable information, including their names, addresses, and dates of birth. This information can be used for a variety of nefarious purposes, and those impacted by the breach should consider enrolling in identity monitoring services while also carefully evaluating their online accounts and communications for evidence of fraud.
Customers Impacted: 2,100
How it Could Affect Your Customers’ BusinessIn today’s regulatory environment, even accidental data breaches can have serious consequences for any organization. With the possibility of financial penalties and other repercussions looming, every company needs to prioritize compliance by ensuring that they are taking every step to secure their users’ personal data.


ID Agent to the RescueCompliance ManagerTM automates data privacy standards, eliminating guesswork and ensuring efficiency at every stage. Learn more at: https://www.idagent.com/compliance-manager.

New Zealand - Generatehttps://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=12308117

Exploit: Unauthorized database access
Generate: Voluntary, work-based savings initiative

extreme gauge

Risk to Small Business: 1.888 = Severe: Hackers accessed and downloaded customers’ personal data in a holiday heist that wasn’t identified until January 27th. The data breach, which did not include investor funds, is a serious privacy violation for its users, and the company’s slow identification and delayed response will only make matters worse. Now, the company faces an uphill battle to restore customer trust, which will be crucial to maintaining a competitive edge in an already crowded marketplace.
extreme gauge

Individual Risk: 2 = Severe: Customers’ personal data was compromised in the breach. This includes photographic ID images, tax document numbers, names, and addresses. This information puts victims at risk of identity theft or financial fraud, and victims should enroll in credit and identity monitoring services to protect their credentials’ long-term integrity. Moreover, Generate is asking all users to reset their account passwords.
Customers Impacted: 26,000
How it Could Affect Your Customers’ BusinessCustomers are growing weary of working with companies that can’t protect their personal data. Since they often have many options to choose from, a data security incident could be the differentiator that encourages customers to take their business elsewhere. In today’s digital landscape, data security is a bottom line issue that companies can’t take seriously enough.

ID Agent to the Rescue: Dark Web IDTM monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more: https://www.idagent.com/dark-web.

Australia - Ashley Madison https://www.dailymaverick.co.za/article/2020-02-13-nedbank-client-records-stolen-in-online-heist/

Exploit: Unauthorized database access
Ashley Madison: Adult romance website

extreme gauge

Risk to Small Business: 2 = Severe: Cybercriminals are redeploying data from Ashley Madison’s 2016 data breach to target Australian users with sextortion emails. These messages contain intimate and highly personal information gleaned from the breach, and cybercriminals are threatening to publicly release the information if victims don’t pay a Bitcoin ransom. The emails are highly personalized, and include sensitive personal details derived from the initial data breach. While it’s easy to write-off a data breach at an adult website, it reflects the IT environment experienced by any company that collects personal data, and the many ways that hackers exploit that information to make money.
extreme gauge

Individual Risk: 2.142= Severe: The personalized emails include users’ names, bank account numbers, phone numbers, addresses, and dates of birth. It also contains private content and communications conducted on the website.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessData breaches impact more than just a company’s bottom-line. They often have tangible consequences for each individual compromised in a breach, and even years after a breach, they can continually reappear, causing personal, psychological, and financial trouble for victims. It should encourage every company to take every step possible to protect personal data.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

No comments:

Post a Comment

Newsletter April 2024