Cyber Alert Monday,Data Breach- The Cyber-criminal Spring Break party jumps off early this year, targeting favorite food spots, kids camps and more.

Dunkin’ Donuts: One of the world’s leading baked goods and coffee chains.

Exploit: Credential stuffing attack.  ( A type of cyberattack where stolen account credentials typically consisting of lists of usernames and/or email addresses and the corresponding passwords (often from a Data Breach). This information is used to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application).

Risk to Small Business: Severe: On February 12th, Dunkin’ Donuts announced that it suffered a credential stuffing attack back in January. This news comes just a few months after the company fell victim to a similar attack on October 31, 2018. As we’ve covered before, hackers employ credential stuffing attacks by leveraging previously leaked usernames and passwords to access user accounts. In this case, they were able to breach DD Perks rewards accounts and are putting them up for sale on Dark Web forums. Aside for the “double whammy” of two attacks within a short time-frame, loyal customers who have lost their rewards will likely bring their business elsewhere.
Individual Risk: Moderate:  This Data Breach consisted of exposed accounts containing personal information such as first and last names, email addresses, 16-digit account numbers, and QR codes. Although the accounts have been put up for sale so that buyers on the Dark Web can cash out on reward points, they can also use credentials to orchestrate further cyberattacks.
Customers Impacted: 12,000.
How it Could Affect Your Business:  The trend of credential stuffing is only the first wave resulting from billions of recently leaked usernames and passwords. Companies that experience similar attacks on user accounts will be held liable, regardless of whether they are the source of the breach. To protect from future attacks, businesses must team up with security providers to ensure state-of-the-art password protection and Dark Web monitoring. Source
 

DataCamp: Online learning platform for data science

Exploit: Unauthorized system access.
Risk to Small Business: Severe: Last Monday, the site announced that it had suffered a breach affecting users of the platform. A third-party was able to gain access to one of its systems, and the company has notified users, logged out all accounts, and reset passwords since then. Additionally, an investigation has been initiated to discover the exact cause of the breach and how many users are affected.
Individual Risk: Moderate: Personal information including names, email addresses, and optional information such as location, company, biography, education, and profile picture were exposed. This was coupled by account details containing hashed passwords, account creation dates, last sign-in dates, and IP addresses. Users should immediately reset their passwords across all associated accounts, especially if they created a complete profile on DataCamp.
Customers Impacted: To be determined.
How it Could Affect Your Business: Striking the balance between convenience and security becomes increasingly difficult during a breach incident. In this scenario, DataCamp took an added precaution by logging all users out of their accounts and requesting password resets. However, it is entirely possible that users will switch over to other platforms after being inconvenienced. To maintain a loyal customer base, companies should focus on security solutions that are not intrusive to the customer’s path to purchase. Source
 

Truluck’s Seafood, Steak, & Crab House: Houston-based chain restaurant

Exploit: Malware injection into point-of-sale (POS) systems.
Risk to Small Business: Severe: Truluck’s recently disclosed a Data Breach notification to one of its servers, which occurred between November 21 to December 8 of 2018. The investigation has revealed that malware was injected into POS systems of 8 restaurant locations across Austin, Houston, Naples, Southlake, and Chicago. Although payment information was compromised, personal information was not stored, which means that the company will likely deal with breach-related expenses but be able to retain customers.
Individual Risk: Severe: Compromised information included debit or credit card numbers and expiration dates. Hackers can use such details to execute payment fraud, so previous restaurant patrons should continuously review account statements and monitor credit reports.
Customers Impacted: To be determined.
How it Could Affect Your Business: The payment breach was discovered two months after it was initially conducted, signaling an opportunity for Truluck’s to implement advanced security monitoring technologies. All businesses should consider the promise of machine learning solutions, which can detect and predict suspicious activities before they inflict damage. Source.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today! 
 

PHP Exploit, Cyber Alert Monday  02-18- 2019

2017: The Year of Cryptojacking. 2018: The Year of Ransomware. 2019 PHP Exploit? Is this year is shaping up to be the year of Phishing? See who got hacked…

Trakt:  A US media service for tracking movies and shows watched online. 

Exploit: PHP Exploit. (An application level vulnerability that could allow an attacker to perform different kinds of malicious attacks, such as Code Injection, SQL Injection, Path Traversal and Application Denial of Service, depending on the context.
Risk to Small Business: Severe: The California-based media platform emailed its customers notifying them of a breach (PHP exploit) that took place over 4 years ago, in December of 2014. In their statement, they claimed that they only recently discovered the breach, and took steps to mitigate it since. Payment information was not disclosed, but usernames, emails, passwords, names, and locations were. The investigation is ongoing, but the only risk at this point seems to be that of customer attrition.
Individual Risk: Moderate: The company seems to have inadvertently mitigated the breach, migrating to a more secure version of its website in January 2015. However, users that have recycled passwords between accounts should be wary.
Customers Impacted: To be determined
How it Could Affect Your Business: Even without involving payment data, breaches that trace back multiple years can unnerve end-users into deleting their accounts forever. When they receive an email notifying them that a breach from 2014 was just now discovered, they are likely to weigh other options or stop using the service entirely. In a world where competition is cutthroat and the customer has more information and choices at their fingertips than ever before, businesses must do everything in their power to retain and build trust. Source
 

Olympia Financial Group: Full-service Canadian mortgage firm and trust

Exploit: Ransomware attack on IT infrastructure.
Risk to Small Business: Severe: Last week, the company reported a ransomware attack on its information technology systems, resulting in an adverse interruption to business operations. The company will continue to investigate the attack but currently believes that personal information was left intact.
Individual Risk: Moderate: The company has claimed that there is currently no evidence that suggests that customers were impacted, but clients should check for updates since the investigation is still underway.
Customers Impacted: To be determined
How it Could Affect Your Business: Ransomware attacks are trending in volume and intricacy, forcing businesses to finally realize the potential threat of losing control of their business systems. Small businesses are not exempt, and they must partner with security providers that can help prevent and mitigate such attacks.Source
 

Canada CarePartners: Ontario-based healthcare service provider

Exploit: PData dumping extortion
Risk to Small Business: Severe: After suffering a data breach back in June 2018 affecting patients, the Canadian firm is now facing an exposure of employee information. The recent “data dump” contains employee earnings, contractor details, and forms that include names, addresses, social security numbers, and wages. Currently, the hackers are requesting 5 bitcoins for the encryption key that unlocks most of the files, but CarePartners has not yet responded.
Individual Risk: Moderate: Personal and financial information is at stake, and CarePartners employees have reasons to be worried. If the hackers are unable to find profits from the data dumping extortion, they will likely sell the information on the Dark Web and allow fraudsters to use the data to conduct damaging cyber-attacks.
Customers Impacted: Over 12,000 files including employer information
How it Could Affect Your Business: The prospect of a double attack is becoming more probable, and businesses should take notice. Experiencing two consecutive data breaches can be a crippling blow to any business, especially when they impact both customers and employees. Retention becomes an uphill battle, as customers and employees begin to quit in droves. In order to prevent this, businesses must work with experts who use industry-leading cybersecurity solutions. Source.
Protect your business from a Ransomware Attack. Contact Kobargo Technology Partners today for a free consultation!

User Data Exposure: Although financial information was not exposed, Houzz became aware of the breach in late December of 2018…

Houzz: US-based Home improvement and interior decorating startup

Exploit: User data exposure
Risk to Small Business: Severe: On Friday, the company issued a notice to customers stating that an “unauthorized third party” had accessed user data including usernames, passwords, and IP addresses. Although financial information was not exposed, Houzz became aware of the breach in late December of 2018, yet the investigation is still ongoing, and it is still not clear how many users were impacted.
Individual Risk: Severe: When combined with the internal user data that was compromised, public information such as first and last name, city, state, country, profile description, can be packaged together to sell on the Dark Web and commit cyber fraud. Additionally, users who logged into the app via Facebook would have their IDs exposed as well.
Customers Impacted: To be determined
How it Could Affect Your Business:  In the event that an organization has to disclose a breach to its users, it is essential to be clear on “who, what, when, and where”. Even though Houzz discovered the leak in late December of 2018 and was compelled to disclose in a timely manner in accordance with new GDPR laws, they are still unsure on the number of users impacted or the origin of the cyber attack. Aside from dispelling vigilant customers who want to protect their data going forward, the incident may trigger fines to be levied. Source
 

Colorado CCPSA: Private physician practice in Lakewood, Colorado

Exploit: Employee phishing attack.
Risk to Small Business: Severe: The Colorado-based clinic recently discovered a phishing attack affecting 23,377 patients between August 14th and November 23rd of 2018. A hacker gained access to an employee email account and sent phishing emails via contact list to steal payment data. Officials could not determine exactly what was viewed or copied, but it’s quite possible that personal and protected health information was compromised. Along with being forced to offer one year of free credit monitoring services and install mandatory cybersecurity awareness training for employees, further investigations will ensue.
Individual Risk: Severe: A wide spectrum of data could have been compromised, ranging from names, addresses, dates of birth, social security numbers, and license numbers to diagnoses, conditions, medications, and more. Payment information was not involved, but the compromised details can be leveraged for far more nefarious schemes such as insurance fraud.
Customers Impacted: 23,377 patients.
How it Could Affect Your Business: It’s not a secret that phishing attacks originating from employee email accounts are becoming more and more prevalent. Companies must prioritize security by partnering up with service providers that can prevent, detect, and mitigate data breaches. Without proper detection solutions in place, the resources and time allocated to containing a breach grow exponentially and detract from the bottom line. Source
 

Canada Revenue Agency (CRA): Tax law administrator for the government of Canada

Exploit: Privacy breach by rogue tax workers
Risk to Small Business: Severe: Thousands of Canadians had their personal incomes and other tax information compromised by employees working at the CRA. Of the 264 workers who inappropriately accessed information, 182 were disciplined, 36 face a pending decision, and 46 have left the organization. Along with having to augment on their preexisting investment of $10M on prevention from 2017, CRA will remain under fire and must answer to disgruntled citizens.
Individual Risk: Severe: As conservative national revenue critic Pat Kelly commented, “it’s unacceptable that information like a person’s information was accessed inappropriately”. Given that 264 of these privacy breaches occurred between a span of 4 years (November 4th, 2015 to November 27th, 2018), it is safe to say that no one’s tax data is safe.
Customers Impacted: 41,631 Canadian taxpayers
How it Could Affect Your Business: With tax information in hand, hackers can sell information on the Dark Web for lucrative profits or conduct fraud that is difficult to trace. Additionally, this breach can be leveraged to orchestrate further cyber-attacks on different companies, which means that companies doing business in Canada should be on high alert. Source.
 
To help prevent User Data Exposure, contact Kobargo today for a free consultation!