Dark Web ID Trends:

Dark Web ID Trends:Top Source Hits: ID Theft Forums (98%) 
Top Compromise Type: Domain (99%)
Top Industry: Service Provider
Top Employee Count: 1 - 10 Employees (96%)

United States - Graeter's Ice Cream

United States - Graeter's Ice Cream 

Exploit: Malware on website checkout page. Graeter’s Ice Cream: Regional ice cream brand based in Cincinnati. Risk to Small Business: 1.888 = SevereCustomers Impacted: Approximately 12,000. >> Read full details on our blog.

Small Business, BIG RISK!

Does anyone actually know how consumers are affected by a data breach?

Does anyone actually know how consumers are affected by a data breach?If you take a peek into a recent newspaper, you’re likely to see the words ‘data breach’ flash across headlines. The conversation surrounding data privacy is becoming increasingly commonplace, yet surprisingly scarce in acknowledging the actual consequences or outcomes for affected consumers. Although we are able to speculate as to what might happen to consumers, we are usually left wondering what actually does.

This void in information results in our entire industry viewing only part of the problem, as we cannot understand the link between the efficacy of security measures and the level of harm caused to end-users. As a sector, we know very little regarding how hackers transform data breaches into financial gain for themselves. What can we do to solve this?

Tapping into the vast resources of law enforcement agencies, large banks, and major card providers. Through collaboration, they can offer financial forensics, fraud detection, and task forces that can help attribute breaches to thefts and fraud. Some would argue that investments and partnerships must be made to acquire such information, but enhancing awareness could be the match that lights the fire, illuminating the path towards global data accountability by consumers and businesses alike.
https://www.americanbanker.com/opinion/consumer-harm-from-data-breaches-is-a-black-box

In Other News:

In Other News:

The U.K. has seen its first group litigation case concerning data breach, and the organization in question, the supermarket chain Morrisons, was found vicariously liable for the actions of one of its employees.

A disgruntled employee posted a file on a file-sharing website that included data on nearly 100,000 of his colleagues. That employee was found guilty of several charges related to the incident, including fraud and gaining unauthorized access to computer materials, and sentenced to eight years in prison.

Then 5,518 of the individuals whose personal data was published sued Morrisons. In this class-action-type suit, Morrisons — which was determined to have been compliant with data security laws at the time — was found vicariously liable for its rogue employee’s actions. It now faces large compensation costs.

Notable not only for being the first of its kind around data breach in the U.K., this case is also interesting for setting a high standard of responsibility among companies for their employees’ actions. As data breaches increase in both frequency and scope in Europe, those affected by them are likely to look to class-action claims under the provisions of the GDPR, which gives data subjects’ more rights and increases defendants’ penalties.

A side note: Similar claims but concerning nonmaterial damage like emotional distress may be enabled by the GDPR and the Irish Data Protection Act 2018 to be brought to Irish courts.

https://www.siliconrepublic.com/enterprise/morrisons-data-breach-employees

In Other News:

In Other News:

An Emerging Target for Data Breaches: HR and Finance EmployeesAs phishing attacks evolve in sophistication, human resource and finance teams are becoming caught in the crosshairs. Historically, such departments have been able to fend off poorly executed phishing campaigns. However, as hackers get smarter, so do their tactics. By adopting the writing styles of executives on social media, they can produce “look-alike” language that is capable of fooling even the most careful employees.

Many times, employee data can command a higher price tag on the Dark Web than customer data, since it is more likely to include social security numbers, dates of birth, names of dependents, and other lucrative data that can be used in perpetuity, instead of a one-time payment card fraud. When it comes to phishing attacks, it’s important to remember that human users are the weakest link the security chain.
https://searchhrsoftware.techtarget.com/feature/Phishing-attacks-are-top-employee-data-breach-threat-for-HR

Dark Web ID Trends:

Dark Web ID Trends:Top Source Hits: Domains (99%) 
Top Compromise Type: ID Theft Forums (99%)
Top Industry: High-Tech / IT 
Top Employee Count: 11 - 50 Employees