This Week in Breach News: Colleges wrestle with third party security risks, healthcare breaches pile up, billions of leaked credentials put business data at risk, and we take another trip behind the veil of the Dark Web.
Breach News: Dark Web ID’s Top Threats
- Top Source Hits: ID Theft Forum
- Top Compromise Type: Domain
- Top Industry: Education & Research
- Top Employee Count: 501+
Breach News: United States
United States – CaptainU
Exploit: Unsecured Database
CaptainU: College Recruiter
Risk to Small Business: 1.117 = Extreme
Cybersecurity researchers recently uncovered an unsecured Amazon S3 (Simple Storage Service) bucket containing nearly 1 million records of sensitive high school student academic information. The exposed data included GPA, ACT, SAT, and PSAT scores, unofficial transcripts, student IDs, students’ and parents’ names, email addresses, home addresses, and phone numbers – plus pictures and videos of students’ athletic achievements, messages from students to coaches, and other recruitment materials. The files are still available.
Individual Risk: 1.190 = Extreme
CaptainU is claiming that this information was always intended to be publically available, although that message differs from what parents and students were told about how information was shared by the company. Any student with a profile at this company should consider their information exposed and take appropriate measures against identity theft, spear phishing, fraud, and other criminal uses.
Customers Impacted: 1 million
How it Could Affect Your Customers’ Business: Handling sensitive data, especially for children, creates an extra level of responsibility. Companies that fail at taking that seriously will inevitably lose business. This incident also opens CaptainU up to regulatory scrutiny and lawsuits.
ID Agent to the Rescue: Control who has access to sensitive information efficiently and effectively with Passly to be sure that the right people have access to the right things at the right levels – and only the right people. LEARN MORE>>
United States – CouchSurfing
Exploit: Unsecured Database
CouchSurfing: Crowdsourced Hospitality
Risk to Small Business: 2.177 = Severe
The San Francisco based housing and hospitality service is investigating a security breach that was recently discovered when hackers began selling the details of 17 million users on Telegram channels and hacking forums, with some priced at $700 USD. User details such as user IDs, real names, email addresses, and CouchSurfing account settings, were for sale, although no passwords or financial data were reported as available. The pilfered information is now available on RAID Forum, the go-to place for buying and selling stolen databases on the public internet.
Individual Risk: 2.509 = Moderate
According to CouchSurfing’s release, no financial data was compromised in the incident. Users who think their accounts may have been compromised should consider this ammunition for possible spear phishing attacks.
Customers Impacted: 17 million
How it Could Affect Your Customers’ Business Unprotected databases are always trouble. Although no passwords were listed as compromised in this attack, these incidents often raise a company’s risk of credential compromise if a staffer has recycled their password or signed up for a service using their business email.
ID Agent to the Rescue: ID Agent’s digital risk protection platform raises a strong defense against cybercrime. Our award-winning solutions come backed with full-0service marketing support – and many of our Partners realize ROI in 30days or less. LEARN MORE>>
United States – Garmin
Exploit: Ransomware
Garmin: Navigation Hardware and Software Provider
Risk to Small Business: 1.397 = Extreme
Garmin has had a difficult and damaging week. A ransomware attack wreaked havoc on its operations and manufacturing capability, encrypting its internal network and some production systems. The company plans to deal with the mess a multi-day maintenance operation including shutting down many essential business components for restoration and security updates. Those components include its official website, the Garmin Connect user data-syncing service, Garmin’s aviation database services, and some production lines in Asia. Garmin’s call centers were also impacted, rendering it unable to answer calls, emails, and online chats sent by users.
Individual Risk: No personal or financial data was reported as compromised at this time
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is typically the nasty payload of a phishing email. Even huge, multinational corporations can be humbled by something as small as one email, just like Twitter was last week.
ID Agent to the Rescue: Updated phishing resistance training with BullPhish ID can stop ransomware attacks from landing by training staffers to be wary of suspicious emails and report them instead of interacting with them. SEE A DEMO>>
United States – GEDmatch
https://apnews.com/0def85a68f2d1d5a03d5b27dbcdd45e6
Exploit: Unauthorized Database Access
GEDmatch: Genealogy and Genetic Testing Service
Risk to Small Business: 1.331 = Extreme
GEDmatch is famous for being the site used to catch and effectively prosecute the notorious Golden State Killer. But they weren’t able to secure their data effectively, because hackers were able to gain access to the company’s internal storage, obtain some user information, and change account permissions last week. About 280,000 of the 1.45 million profiles on the site had agreed to share their information with law enforcement agencies. In the recent breach, attackers scooped up information and also changed users’ settings so that all 1.45 million DNA profiles were available to law enforcement searches – twice. The hack was then compounded as information purportedly gained in the incident was used to mount a phishing attack on the clients of an Israeli partner of GEDmatch, MyHeritage. The GEDmatch site has been taken down for maintenance and recovery with no ETA on restoration.
Individual Risk: 2.172 = Severe
While no genetic data or financial information has been reported as compromised, the investigation is still ongoing. Users of GEDmatch should be cautious that personal information may have been compromised and made available to law enforcement officials.
Customers Impacted: 1 million
How it Could Affect Your Customers’ Business: Not only can a cybersecurity incident lead to an embarrassing and expensive breach for one company, it can also open that company’s partners up to cybercrime risks, like the phishing campaign mounted against MyHeritage users.
ID Agent to the Rescue: Convincing your clients that they really do need to upgrade their cybersecurity to avoid a problem like this can be arduous in today’s economy. That’s another reason to Partner with us – through Goal Assist, you can tag in one of our experts if you need a little back up on a call to seal the deal. LEARN MORE>>
United States – Family Tree Maker
https://www.infosecurity-magazine.com/news/genealogy-software-maker-exposes/?&web_view=true
Exploit: Unauthorized Database Access
Family Tree Maker: Genealogy Software
Risk to Small Business: 2.137 = Severe
An unsecured Elasticsearch server is to blame for Family Tree Maker’s leak of more than 25GB of user data. User information that was leaked includes email addresses, geolocation data, IP addresses, system user IDs, support messages, and technical details. The leak apparently also included technical details about the system’s backend.
Individual Risk: 2.503 = Moderate
No personally identifiable or financial data was reported as compromised in this breach, but users should be aware of spear phishing attempts using this compromised data.
Customers Impacted: 60,000
How it Could Affect Your Customers’ Business: An unsecured database is an unnecessary foul. Overlooking basic security measures like this is an indicator that cybersecurity best practice isn’t being enforced actively and corners are being cut by careless staffers without repercussions.
ID Agent to the Rescue: Security awareness training is essential for every employee and executive, and it pays to keep that training up to date to avoid embarrassing and expensive cybersecurity blunders like this. Our training and testing tools can help make sure everyone is taking information and system security seriously. LEARN MORE>>
United States – Instacart
https://www.buzzfeednews.com/article/janelytvynenko/instacart-customers-info-sold-online
Exploit: Unauthorized Database Access
Instacart: Grocery Delivery Service
Risk to Small Business: 2.571 = Moderate
Instacart suffered a data breach last week. Maybe. Multiple reliable news outlets are reporting that Instacart had a breach, with records for hundreds of thousands of users in the US and Canada discovered as exposed on the Dark Web. Instacart denies that it had a security breach. Instead, Instacart said in a corporate statement that third-party bad actors were able to use “a few” usernames and passwords that were compromised in previous data breaches of other websites and apps to log in to some Instacart accounts and access basic customer account information such as first name, address, last order, total order number, and in some cases, the last four digits of a customer’s credit card.
Individual Risk: 2.823 = Moderate
No financial information was reported stolen, but sensitive health data may have been compromised. Affected users should be alert for potential spear phishing attempts or blackmail using this data.
Customers Impacted: 278,531
How it Could Affect Your Customers’ Business: Credential compromise from other sources is a problem for every business. With so many login and password combinations to keep track of these days, password recycling is common – and dangerous.
ID Agent to the Rescue: Dark Web ID keeps data and systems safer by alerting companies if their protected user passwords appear in Dark Web markets quickly to head potential cyberattacks from those compromised credentials off at the pass. SEE IT IN ACTION>>
United States – Lorien Health
Exploit: Ransomware
Lorien Health: Nursing and Rehabilitation Center Operator
Risk to Small Business: 1.883 = Severe
Maryland-based Lorien Healthcare admitted that it was the victim of a Netwalker Ransomware attack after cybercriminals released their data online when the ransom as not paid. Upon investigation, Lorien Healthcare determined that patient information had been accessed by the hackers including names, Social Security numbers, dates of birth, addresses, and health diagnosis and treatment information. Employee data was also accessed.
Individual Risk: 2.074 = Severe
The company has informed affected clients of the details about the attack and their options for protecting their personal information, along with complimentary credit monitoring and identity protection services.
Customers Impacted: 47,754
How it Could Affect Your Customers’ Business: Ransomware is the bane of every IT professional, and it’s only getting worse. By increasing phishing resistance training, businesses can keep ransomware at bay, since the majority of ransomware arrives as part of a phishing attack.
ID Agent to the Rescue: BullPhish ID’s constantly updated phishing resistance training features complete, plug-and-play training campaigns including engaging videos in 8 languages for users at every level of tech knowledge, with online quizzes to test retention. LEARN MORE>>
Breach News: Canada
Canada – Wattpad
https://betakit.com/wattpad-investigating-reported-massive-data-breach-of-user-records/
Exploit: Unauthorized Database Access
Wattpad: Entertainment Platform
Risk to Small Business: 1.883 = Severe
Wattpad has announced that it is investigating claims of a breach that occurred during the first week of July of approximately 270 million user records after they were discovered being sold on the Dark Web. The cybersecurity researchers who discovered the information say that the stolen users’ records included login credentials, full names, contact numbers, dates of birth, password hashes, Facebook identifications, Tumblr passwords, and email addresses.
Individual Risk: 2.224 = Severe
Wattpad users should immediately reset their account credentials and be aware of the potential for spear phishing and identity theft using this information.
Customers Impacted: 271 million
How it Could Affect Your Customers’ Business: This kind of incident is messy and expensive to recover from in every way, from forensics to public relations. Adding strong protections like Multifactor Authentication to database access points helps keep data safe by putting an extra roadblock between your data and the bad guys.
ID Agent to the Rescue: Passly adds powerful protection for your data and systems through the combined power of multifactor authentication, single sign-on user access points, and easy remote access management that works anytime, anywhere. SEE PASSLY’S FEATURES >>
Breach News – United Kingdom & European Union
United Kingdom – University of York
https://www.york.ac.uk/news-and-events/news/2020/blackbaud-response/
Exploit: Third Party Data Breach
University of York: Institution of Higher Learning
Risk to Small Business: 2.227 = Severe
Last week we reported on a data breach at fundraising services provider BlackBaud, and this week we’re starting to see the fallout from that ransomware incident. Information that was breached for University of York students and alumni who have participated in fundraising events includes name, title, gender, date of birth, student number, home address, phone numbers, email addresses, LinkedIn profile details, course and educational attainment details, fundraising activities, fundraising event participation, fundraising volunteering, donations made, and professional details.
Individual Risk: 2.804 = Moderate
No financial information was reported as breached, and the personal information taken was generally publically available. Alumni will need to be especially cautious of possible spear phishing attempts made using this information.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: A vendor or service provider’s cybersecurity failures could cause a data breach that not only affects another company, it also affects its customers. This is especially dangerous when that third party handles sensitive personal or financial data.
ID Agent to the Rescue: Offer your customers the peace of mind that comes with ID Agent’s dynamic digital risk protection platform. Our solutions help protect data and systems with improved security intelligence and security awareness training that really works. LEARN MORE>>
Spain – ADIF
https://portswigger.net/daily-swig/spanish-state-railway-company-adif-hit-by-revil-ransomware-attack
Exploit: Ransomware
ADIF: Railway Operator and Authority
Risk to Small Business: 2.092 = Severe
REvil ransomware is at work again in an incident at Spanish national railway controller ADIF. As the Administrator of Railway Infrastructure, ADIF is a state-owned operation that manages rail traffic and infrastructure and collects fees from railway operators that has been in hot water before – this is the third recent incident. Two previously successful REvil ransomware campaigns enabled attackers to grab an estimated 800 GB of data including internal correspondence and accounting figures.
Individual Risk – No personal information or financial data was reported as compromised in this breach, although the attackers do claim to have sensitive corporate data that they will release if their demands are not satisfied.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: REvil ransomware has been involved in many recent incidents, and as ransomware continues to present a growing problem for cybersecurity professionals, companies have to take security awareness training seriously. This information was the 3rd incident for ADIF, and one is too many for many companies to survive. Most ransomware is delivered through email, and improved phishing resistance training helps users spot it.
ID Agent to the Rescue: BullPhish ID creates security awareness and increases phishing resistance with comprehensive training and testing campaigns that include engaging video lessons and COVID-19 threat content in 8 languages. LEARN MORE>>
Breach News – Australia & New Zealand
Australia – Western Australia Department of Health (WA Health)
Exploit: Third Party Data Breach
Western Australia Department of Health: Government Agency
Risk to Small Business: 1.327 = Extreme
The saga continues for WA Health. Cascading complications have increased the severity and the damage from the data breach that we reported on last week. New information has come to light, making this incident involving the agency and its paging service one of the state’s biggest privacy breaches. Thousands of state government communications were published on a public website, including confidential health data like COVID-19 test results for scores of people. More than 400 records including confidential doctor/patient communications, official doctor/health department messages, personal details of patients in quarantine, and extensive case management information were publically exposed. The rapidly expanding incident has grown to impact other health-related state services including St. John Ambulance, the Department of Fire and Emergency Services, and the Department of Justice.
Individual Risk: 1.889 = Severe
While no financial information was reported stolen, a great deal of very specific and highly sensitive personal health data has been compromised. This is especially troubling as COVID-19 anxiety runs high, and may lead to public personal ramifications for patients that were affected as well as lending itself to spear phishing and blackmail attempts.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The ripple effect of one breach can sometimes be felt throughout an industry, as many services and companies are intertwined. By adding a solid digital risk protection platform to their security plan, businesses can gain a more holistic view of their risks to start patching up holes in security before a problem becomes a disaster.
ID Agent to the Rescue: Get expert advice on how to position your clients for maximum protection against digital risk – and how to position yourself for greater success and increased MRR all in one powerful webinar. DOWNLOAD IT>>
The Week in Breach News Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
No comments:
Post a Comment