Thursday, April 23, 2020

Breached companies!

United States – Social Bluebook

Exploit: Unauthorized database access  
Social Bluebook: Social media platform   
Risk to Small Business:  2.117 = Severe
Cybercriminals exfiltrated a company database containing personal information from thousands of internet influencers. Embarrassingly, the breach, which occurred in October 2019, was identified by TechCrunch reporters who were sent a copy of the stolen database. In a statement, the company claimed to be ignorant of the breach, raising serious questions about the efficacy of its cybersecurity strategy. This incident is likely to have significant blowback from well-connected influencers on social media and invite regulatory scrutiny on many fronts. 
Individual Risk: 2.122 = Severe 
The stolen database contains account information for 217,000 users. This includes names, email addresses, and hashed and scrambled passwords. Those impacted by the breach should immediately update their login credentials for this website and any other service using the same information, plus closely monitor their accounts for unusual or suspicious activity.   
Customers Impacted: 217,000 
How it Could Affect Your Customers’ Business: Hackers frequently target social media influencers because of their large public following. Therefore, companies catering to this clientele need to be prepared to protect their users’ valuable personal data. If they can’t, these influencers will almost certainly tell their followers all about it, a principle that applies to a growing number of consumers in every sector. 
ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal AssistTM, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here:   

United States –  Ozark Orthopaedics 

Exploit: Phishing scam
Ozark Orthopaedics: Orthopedic healthcare practice 
Risk to Small Business: 2.113 = Severe
Four employees fell for a phishing scam and gave hackers access to email accounts containing patient data. The scope of the data breach that occurred in late 2019 was just released by the healthcare provider, creating questions about the practice’s cybersecurity practices. As a result, patients were unable to quickly take steps to protect their identities and Ozark Orthopaedics has opened itself up to regulatory scrutiny that could result in substantial financial penalties. 
Individual Risk: 1.775 = Severe
Patients’ personally identifiable information was exposed in the breach, including their names, treatment information, Medicare or Medicaid identification numbers, Social Security numbers, and financial account information. In the wrong hands, this information can be used in a litany of financial or identity-related crimes. Those impacted by the breach should immediately enroll in credit and identity monitoring services to secure their personal information.     
Customers Impacted: 15,240 
How it Could Affect Your Customers’ Business: More than a trillion phishing emails are sent each year, some of which will inevitably make their way into your employees’ inboxes. Training employees to spot these scams is especially important to protect your company from a devastating data breach. 
ID Agent to the Rescue: BullPhish IDTM simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started:

United States – 10x Genomics Inc.

Exploit: Ransomware
10x Genomics Inc.: Biotechnology company 
Risk to Small Business: 2.206 = Severe
A ransomware attack disrupted operations at the biotechnology company, which is currently acting as part of a consortium working to quickly develop a treatment for COVID-19. Before encrypting IT, hackers exfiltrated company data. Although the company reports “no material day-to-day impact,” it’s unclear what the implications are for the stolen data or how this could impact its development of a COVID-19 treatment.  
Individual Risk: At this time, no personal information was compromised in the breach.   
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Companies in every sector have seen an uptick in cybersecurity threats as COVID-19 disrupts business-as-usual and puts many people on edge. This is especially true for the healthcare industry, which is experiencing a deluge of ransomware attacks, phishing scams, and other threats at a critical time. 
ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here:

United States – GoDaddy      

Exploit: Phishing scam   
GoDaddy: Internet domain registrar
Risk to Small Business: 2.313 = Severe
A spear phishing attack tricked a customer service employee into providing information that ultimately allowed hackers to view and modify customer records. As a result, several GoDaddy clients, including, which provides escrow services for several prominent websites, were impacted. The breach will have costly implications for both GoDaddy and its customers, who will have to decide if they want to continue partnering with a company that puts their sensitive data at risk.   
Individual Risk: At this time, no personal information was compromised in the breach.  
Customers Impacted: Unknown 
How it Could Affect Your Customers’ Business:  Today’s online ecosystem is vast and interconnected. This incident is a reminder that failures at other companies can have significant implications for your own, which increases the importance of securing accounts to buttress your IT infrastructure against potential failure at third-party contractors. With simple cybersecurity features, like two-factor authentication, company accounts remain secure even when credentials or login information is exposed. 
ID Agent to the Rescue: With Passly, get the secure identity and access management solutions that you need to protect your systems and data in today’s remote work landscape at a price that you can afford, including multi-factor authentication, single sign-on, and secure password storage. Find out more at          

Canada – The Beer Store

Exploit: Malware attack 
Data Deposit Box: Retail outlet 
Risk to Small Business: 2.187 = Severe
Cybercriminals infiltrated The Beer Store’s website and injected payment skimming malware into its online store. The online store allowed customers to place orders for pickup or delivery, two critical features as social distancing measures keep shoppers at home. This breach removed The Beer Store’s ability to accept payments via credit card, which could significantly impact its bottom line during this already challenging time. 
Individual Risk: 2.311 = Severe
Although the company quickly detected the intrusion and closed its online store, anyone who made an online purchase before the threat was identified likely had their payment credential compromised – including all sensitive identification and financial information entered during the checkout process. Those impacted should notify their financial institutions of the breach while also taking steps to secure their accounts and personal details from misuse. 
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Customers are increasingly unwilling to do business with companies that can’t protect their personal information. At the same time, privacy regulators are backing them up, collectively ensuring that companies have millions of reasons to execute on this mission critical priority. 
ID Agent to the Rescue: Compliance Manager automates data privacy standards, eliminating guesswork and ensuring efficiency at every stage. Learn more at

United Kingdom – SOS Online Backup

Exploit: Unprotected database 
SOS Online Backup: Cloud storage provider    
Risk to Small Business: 2.472 = Severe
Cybersecurity researchers identified an exposed database containing nearly 70 GB of sensitive data. The database was discovered in November 2019, but it wasn’t examined until December 9, 2019. Although SOS Online Backup was notified of the breach the next day, it took ten days to have the vulnerability secured – and the company waited several months before informing customers of the event. The company has databases around the world, including in the United States and the United Kingdom, and will undoubtedly face intense regulatory scrutiny for the incident. 
Individual Risk: 2.630 = Moderate
The exposed database includes users’ personally identifiable information, including names, email addresses, phone numbers, internal company details, and account usernames. This information is often redeployed in spear phishing campaigns that trick unsuspecting recipients into disclosing even more sensitive data. Therefore, victims should carefully monitor their accounts and digital communications for suspicious or unusual messages. 
Customers Impacted: 135,000,000 
How it Could Affect Your Customers’ Business: Data privacy regulation is the new norm, as countries around the world enact regulations to support the public’s growing desire for online privacy. Consequently, companies that endure a data breach can expect that increased regulatory scrutiny of the way that information is stored will incur substantial financial penalties as well as other negative legal consequences. 
ID Agent to the Rescue: With Compliance ManagerTM, any company can automate data privacy standards and documentation responsibilities, making compliance a simple, intuitive process for everyone. Click the link to get started today:  

Australia – iStaySafe Pty        

Exploit: Unauthorized database access 
iStaySafe Pty: GPS smartwatch for children 
Risk to Small Business: 2.434 = Severe
This product lets parents track their child’s location and alerts them if the child leaves their designated safe location – but a coding error allowed hackers to download users’ personal data and mimic their location on the service. This dangerous vulnerability not only disrupted that functionality, it also gave hackers access to minors’ location and personally identifiable information. To make matters worse, this is the second time that the watchmaker has experienced this flaw. The same problem was discovered and repaired in 2019, raising serious questions about the platform’s commitment to cybersecurity.     
Individual Risk: 1.899 = Severe
The breach allowed hackers to access users’ names, email addresses, phone numbers, and profile photos. In addition, bad actors could modify minor children’s location data. This information could be used to craft spear phishing campaigns or for exploitative criminal purposes, so users should be especially vigilant to assess their use of the product.     
Customers Impacted: Unknown 
How it Could Affect Your Customers’ Business: Customers are increasingly unwilling to do business with companies that can’t protect their personal information. At the same time, privacy regulators are backing them up, collectively ensuring that companies have millions of reasons to execute on this mission critical priority.  
ID Agent to the Rescue: Compliance Manager automates data privacy standards, eliminating guesswork and ensuring efficiency at every stage. Learn more at:    

Australia – Commonwealth Federal Courts   

Exploit: Accidental data exposure  
Commonwealth Federal Courts: Federal Circuit Court of Australia    
Risk to Small Business: 2.805 = Moderate
The Commonwealth Federal Courts have acknowledged a “systemic failure” that resulted in the publication of the personal details of hundreds of asylum seekers. The court system removed the discovery feature that compromised peoples’ information. Still, the court has known about the vulnerability for years, leaving many to question its commitment to privacy, especially as it relates to a uniquely vulnerable group of people. In addition to public blowback for the incident, the court system could face additional scrutiny from lawmakers. 
Individual Risk: 2.667 = Moderate
The exposed information included the names, nicknames, and birthdates of hundreds of asylum seekers. This information could put them or their families in danger, which is especially egregious given their already vulnerable position. 
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Public sentiment and new regulatory standards are working to hold organizations accountable when they fail to protect private data. Consequently, any organization that handles this kind of information needs to account for potential vulnerabilities and take every step possible to ensure that their defensive posture can meet the moment, keeping sensitive information off the Dark Web. 
ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the Channel. This award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze, and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today:

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

No comments:

Post a Comment