The Week in Breach News – Canada
Canada – Government of Saskatchewan Hunting, Angling & Fishing Licensing (HAL)
Exploit: Human Error
Government of Saskatchewan HAL: Regional Regulatory System
Risk to Business: 2.775 = Moderate
The Government of Saskatchewan is informing citizens that an information security incident occurred on 01/07/20 when an email regarding Hunter Harvest surveys was sent to HAL customers from a third-party agency called Aspira. That contractor sent an email that contained the wrong customer name and HAL account identification number to about 33,000 email addresses, scrambling information to the wrong people.
Individual Risk: 2.833 = Moderate
The only information that has been reported as compromised at this time was the name and HAL identification number of affected parties. No payment or other personal information was declared impacted in this breach.
Customers Impacted: 33,000
How it Could Affect Your Customers’ Business: The number one cause of a data breach is always the same: human error. By building cyber resilience, organizations can make sure that they’re ready for challenges brought on by employee mistakes.
The Week in Breach News – United Kingdom & European Union
United Kingdom – Nohow International
Exploit: Unsecured Database
Nohow International: Staffing Firm
Risk to Business: 1.411 = Extreme
In a devastating blunder, unsecured Microsoft Azure Blob exposed deeply sensitive documents of more than 12,000 construction workers. The treasure trove contained 12,464 images, PDF documents, and email messages presumably sent by the exposed workers to Nohow International in the course of gaining and changing employment with the staffing firm.
Individual Risk: 1.221 = Severe
Employee data impacted in this breach includes scans of passports, national IDs, birth certificates, and tax returns. This data also contained MSG files of email messages sent by construction workers to Nohow’s email address used specifically for receiving documents. The email messages include the workers’ personal and payment information, such as taxpayer reference and national insurance numbers, as well as banking details. This extremely sensitive information can be used to facilitate spear phishing attacks and identity theft.
Customers Impacted: 12,000
How it Could Affect Your Customers’ Business: Failure to secure an average database is a ding to a company’s reputation for trustworthiness, but failing to secure a database full of extremely sensitive information like this could be devastating.
ID Agent to the Rescue: Are your customers covering all of their security bases? Get the Cybersecurity New Year’s Resolutions Checklist and go over it with them to make sure! DOWNLOAD THE CHECKLIST INFOGRAPHIC>>
The Netherlands – Eneco
Exploit: Credential Stuffing
Eneco: Energy Company
Risk to Business: 1.827 = Severe
Dutch energy supplier Eneco has warned tens of thousands of clients, including business partners, to change their passwords after a recent data breach following a suspected credential stuffing attack. The company reported that hackers accessed approximately 1,700 private and small business accounts. A separate group of approximately 47,000 customers is also being informed by email about the incident “as a precaution”. The investigation is still ongoing.
Individual Risk: 1.717 = Severe
The company stated that affected customers may have had their data “viewed and possibly changed by third parties,” but was unspecific about the exact impact.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Credential stuffing is a popular attack because it’s cheap, effective, and it’s been made so easy due to an abundance of Dark Web data to fuel it.
The Week in Breach News – Asia Pacific
Japan – Capcom
Capcom Co. Ltd.: Videogame Developer
Risk to Business: 1.332 = Extreme
Recent data breach damage at Capcom was significantly worse than they thought. Capcom has announced that their investigation has uncovered that the personal data of up to 400,000 customers was compromised in the attack — 40,000 more than the company originally estimated. The announcement added that its investigation is ongoing and that new evidence of additional compromise could still come. The Ragnar locker ransomware group also captured 1TB of corporate data, including banking details, contracts, proprietary data, emails and more.
Individual Risk: 2.623 = Moderate
It’s uncertain if any further client data was impacted. Capcom was quick to note that no customer credit-card data was exfiltrated during the breach, saying that it’s currently safe to play and purchase the company’s games online since those transactions are handled by a third-party service provider.
Customers Impacted: 400,000 and growing
How it Could Affect Your Customers’ Business: No business is too big or too small to fall prey to cybercrime. Ransomware can strike companies of any size and deliver an impact that resounds for months.
The Week in Breach News Guide to Our Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.