The Week in Breach News: Cybersecurity educators get taken to school by bad actors, the ancestral home of cybersecurity gets hit with a third party data breach, credential stuffing rocks Canada’s Revenue Authority, and unexpected risks to businesses as kids head back to school and parents continue working remotely.
Dark Web ID’s Top Threats
- Top Source Hits: ID Theft Forum
- Top Compromise Type: Domain
- Top Industry: Aerospace & Defense
- Top Employee Count: 11-50
The Week in Breach News – United States
United States – Michigan State University
https://apnews.com/876fddc3c0b7dc1cc4ad0a7d6a19fb23
Exploit: Malware
Michigan State University: Institution of Higher Learning
Risk to Small Business: 2.171 = Severe
Just in time for back to school, attackers were able to steal credit card and personal information from roughly 2,600 users of Michigan State University’s online store. Cybercriminals used malicious scripts designed to harvest and exfiltrate customers’ payment cards between Oct. 19, 2019, and June 26, 2020.
Individual Risk: 2.311 = Severe
MSU is notifying all potentially affected customers of the data breach and is offering free identity protection and credit monitoring.
Customers Impacted: 2,600
How it Could Affect Your Customers’ Business: Magecart or skimming attacks are a regular tool of the trade for cybercriminals and the data that they collect often ends up for sale on the Dark Web.
ID Agent to the Rescue: More than 65% of the data on the Dark Web can damage businesses. Put the power of Dark Web ID to work for your clients to guard against credential compromise danger. LEARN MORE>>
United States – Brown-Forman
https://www.infosecurity-magazine.com/news/jack-danielsmaker-suffers-revil/?&web_view=true
Exploit: Ransomware
Brown-Forman: Wine and Spirits Conglomerate
Risk to Small Business: 1.979 = Severe
REvil ransomware strikes again, this time at beverage giant Brown-Forman, the maker of Jack Daniel’s and other spirits. Although the company has been mum on the details of the attack aside from claiming it successfully prevented attackers from encrypting its files, the cybercriminal gang says that 1TB of corporate data is now in their hands and it will most likely be leaked online in batches.
Individual Risk: No individual data has been reported as compromised in this breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Ransomware often makes its way into company inboxes in the form of a phishing email. Phishing resistance training must be a crucial component of any company’s cybersecurity strategy.
ID Agent to the Rescue: Security awareness and phishing resistance training is not something companies can afford to cut back on. The cost-effective solutions in our digital risk protection platform fulfill the need for updated training without breaking the bank. LEARN MORE>>
United States – FHN
https://portswigger.net/daily-swig/medical-records-exposed-in-data-breach-at-illinois-healthcare-system
Exploit: Email Account Compromise
FHN: Healthcare System
Risk to Small Business: 1.870 = Severe
In a just disclosed incident, an unspecified “email account compromise” of “several” employee accounts resulted in a data breach that impacted patient PII at FHN healthcare facilities in Illinois. An unauthorized party was detected accessing employee email accounts on February 12 and 13. Information that may have been exposed in the breach included some patients’ names, dates of birth, medical record or patient account numbers, health insurance information, and limited treatment and/or clinical information, such as provider names, diagnoses, and medication information. In some instances, patients’ health insurance information and/or Social Security numbers were also identified as exposed in the compromised email accounts.
Individual Risk: 1.821 = Severe
Not all patients of FHN were impacted, and FHN has contacted those patients were as well as offering complimentary credit monitoring and identity protection services to those patients whose Social Security numbers and/or drivers’ license numbers were exposed in the incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Not only will this cause customer anger, this breach will also incur a potentially substantial HIPPA violation penalty. Placing better protections, including multifactor authentication, on systems that handle sensitive data can prevent incidents like this from happening.
ID Agent to the Rescue: Secure sensitive information fast by adding multifactor authentication with Passly. Even if a bad actor manages to get a login for an employee account, MFA makes sure that it’s not going to allow them access to anything. SEE A DEMO>>
United States – SANS Institute
https://www.infosecurity-magazine.com/news/sans-phishing-attack/?&web_view=true
Exploit: Phishing/Accidental Data Sharing
SANS Institute: Cybersecurity Education and Certification
Risk to Small Business: 1.875 = Severe
Somebody needs to stay after class for extra tutoring at SANS Institute after an accidental data sharing incident led to a data breach that exposed over 28,000 PII records. The information was apparently mistakenly forwarded to an outside party. The forwarded emails included files that contained some subset of email, first name, last name, work title, company name, industry, address, and country of residence. One phishing email resulted in 513 emails full of PII being forwarded to the external address and malicious Office 365 add-on was also installed on the infected machine as part of the attack.
Individual Risk: No sensitive data or financial information was reported as stolen.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The most common delivery system for ransomware is a phishing email – and 90% of incidents that end in a data breach start with a phishing email. Boosting phishing resistance is essential to lower the chance of a successful ransomware attack.
ID Agent to the Rescue: Just because they’re “experts”, they’re not immune to the dangers of phishing, but they might not believe that they need training. With Goal Assist, our Partners know that they can count on backup when they need it to score the win. Learn More >>
The Week in Breach News – Canada
Canada – Canadian Revenue Authority
https://globalnews.ca/news/7281074/cra-hack-online-services/
Exploit: Credential Stuffing
Canadian Revenue Authority: Government Agency
Risk to Business: 1.412 = Extreme
A series of cybersecurity incidents have rocked then Canadian Revenue Authority, leading to a complete shutdown of services that may take some time to restore. In three credential stuffing attacks, hackers compromised the usernames and passwords of thousands of accounts. Over the course of several days, the first and largest attack targeted GCKey accounts, the second attack took advantage of a “vulnerability in security software”, and the third resulted in the CRA suspending online services while it assessed the breach and attempted mitigation.
Individual Risk: 2.511 = Moderate
About 15,000 accounts are known to have been compromised, but the investigation is complex and ongoing. Service is expected to be restored for online users this week.
Customers Impacted: 15 million
How it Could Affect Your Customers’ Business: Credential stuffing attacks are so successful because password reuse and recycling are endemic. Even though most people know that it’s dangerous, it’s still incredibly common – and incredibly risky for businesses who fail to secure their access points.
ID Agent to the Rescue: Add a secure identity and access management solution like Passly to blunt the impact of credential stuffing attacks, keeping systems and data secure even when someone reuses an already compromised password. LEARN MORE>>
The Week in Breach News – United Kingdom & European Union
United Kingdom – Bletchley Park Trust
https://www.bbc.com/news/technology-53771942
Exploit: Third Party Breach Exposure
Bletchley Park Trust – Non-Profit Organization
Risk to Small Business: 2.707 = Moderate
Another victim of the Blackbaud breach, the Bletchley Park Trust announced that its donor information has been compromised. It’s just the latest addition to a huge list of universities, trusts, charities, and non-profit organizations that have been impacted by the massive breach at fundraising giant Blackbaud in July.
Individual Risk: No sensitive data or financial information was reported as stolen.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Third party risks are a constant in today’s business world, as more companies rely on online transactions to do business, and organizations contract outside providers to deliver specialty services like accounting or fundraising.
ID Agent to the Rescue: A third party data breach can put your company at risk without your knowledge. With Dark Web ID, companies can the Dark Web for compromised credentials to keep an eye on potential sources of trouble. LEARN MORE>>
France – SPIE Group
https://securityaffairs.co/wordpress/106969/malware/nefilim-ransomware-spie-group.html?web_view=true
Exploit: Ransomware
SPIE Group: Energy and Communications Services
Risk to Small Business: 2.137 = Severe
Nefilim ransomware operators claim to have infiltrated SPIE Group, a major European technical services provider and exfiltrated a large amount of proprietary data. In an initial ransom post on their website, the cybercriminals released 65,042 files contained in 18,551 data folders as a “first installment” and have promised more if their demands aren’t met.
Individual Risk: No personal information was reported as stolen in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Although we can’t be sure how it happened, ransomware is almost inevitably the result of a phishing attack that successfully lured in a staffer. Phishing attacks aren’t just email attachments anymore – they can be delivered through SMS, text, and messaging too.
ID Agent to the Rescue: Keep every staffer’s training up to date to increase phishing resistance and raise cybersecurity awareness with BullPhish ID. It’s regularly updated to include the latest threats, including COVID-19 threats. See BullPhish ID at work in a demo video>>
The Week in Breach News – Asia
Japan – Konica-Minolta
https://securityaffairs.co/wordpress/107226/cyber-crime/konica-minolta-ransomware.html?&web_view=true
Exploit: Ransomware
Konica Minolta: Optical Products Company
Risk to Business: 2.335 = Severe
The Japanese technology giant fell victim to a ransomware attack in late July that impacted business services and operations. Cybercriminals were able to deploy RansomEXX malware, a new variety of human-operated ransomware that encrypts systems but does not exfiltrate data. No other information has been made available about the attack.
Individual Risk: No data was reported stolen in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Most ransomware attacks are the result of a phishing, and no company is immune to the impact of today’s biggest cybersecurity menace.
ID Agent to the Rescue: BullPhish ID offers training in 8 languages to get staffers up to speed on today’s phishing threats fast, including video lessons and online testing. LEARN MORE>>
The Week in Breach News – Australia & New Zealand
Australia – ACT Education Directorate
https://www.itnews.com.au/news/act-education-blocks-student-gmail-access-after-spam-email-storm-551773
Exploit: Credential Stuffing
ACT Education Directorate – Government Agency
Risk to Small Business: 2.301 = Severe
ACT Education was forced to block all public school students from accessing their Google email accounts after a spamming and credential stuffing incident led to students being exposed to lewd material – and the exposure of some students’ personal data. The educational authority is investigating the incident, and conflicting reports attribute the incident to either credential stuffing or internal hacking, possibly by a student.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Cybersecurity awareness is more important than ever for people of every age. Without updated, consistent security awareness and phishing resistance training, standards can slip and incidents like this can become major headaches.
ID Agent to the Rescue: Make sure your clients are aware of the risk of danger from improper training and encourage them to employ a consistently updated phishing resistance training solution BullPhish ID that adds 4 new training kits and 4 new video lessons each month to keep staffers on guard against potential attacks. LEARN MORE>>
The Week in Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Bit by bit helps client networks run smooth and secure.. visit our website at
