Threat Alerts - Kobargo

Data Breach, Cyber Alert Monday 1-13-2020

Last week, a phishing scam penetrates a popular health care network, a nonprofit organization has its donor list compromised, and “password” remains a stubbornly popular password.

United States – Sinai Health System

Exploit: Phishing scam
Sinai Health System: Chicago-based healthcare network

Risk to Small Business: 1.555 = Severe: Two employees fell for a phishing scam that gave hackers access to email accounts containing patients’ personal data. The attack, which occurred on October 16th, wasn’t discovered until December. In response, Sinai Health Network reset employees’ email passwords and provided employees with phishing scam awareness training to prevent a similar event in the future. Unfortunately, these actions cannot undo the damage of a data breach, and the healthcare network will now endure heavy regulatory scrutiny, as the Office for Civil Rights has launched an investigation into the incident.

Individual Risk: 2.285 = Severe: Patients’ personal information was compromised in the breach, including their names, addresses, dates of birth, Social Security numbers, health information, and health insurance information. Hospital administrators contend that there is no evidence of misuse, but patients impacted by the breach should not presume that their data is secure. Instead, they should closely monitor their accounts for unusual activity, and they should consider enrolling in identity monitoring services to ensure that their information isn’t misused down the road.

Customers Impacted: 12,578

How it Could Affect Your Customers’ Business: It’s inevitable that phishing scams will make their way into your employees’ inboxes. Fortunately, these attacks are useless if employees identify the threat and don’t engage with the email. Employee awareness training can empower email recipients to become a strong defense against phishing scams but waiting until after a breach to provide this training is fruitless. As Sinai Health System just learned, if employees aren’t ready to respond before an incident occurs, the training efforts won’t save your company’s data or its dollars.

United States – Special Olympics NY

Exploit: Phishing scam
Special Olympics NY: Nonprofit organization

Risk to Small Business: 2.222 = Severe: Cybercriminals hacked the organization’s network and used this access to send phishing emails to its previous donors. Special Olympics NY contacted those impacted by the event, asking them to disregard the phishing communication and to offer confidence that their data was secure. Criminals created a sense of urgency by alerting donors that an automatic donation for $1,942,49 was scheduled to debit in two hours, and the emails invited users to confirm their donation by inputting their personal data on a malicious website.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: While it’s unclear how cybercriminals accessed the organization’s communications platform, it’s possible that they walked right through the proverbial front door. With millions of user logins available on the Dark Web, many hackers have critical login information available at their fingertips. Unfortunately, the consequences for businesses can be devastating. For Special Olympics NY, it’s possible that this event could discourage donors from contributing in the future, a damaging blow to one of their critical revenue streams.

United States – Active Network

Exploit: Unauthorized database access
Active Network: Educational software developer

Risk to Small Business: 1.888 = Severe: Hackers infiltrated Active Network’s IT infrastructure and gained access to customers’ personally identifiable information. Bad actors had access to the network between November 1, 2019, and November 13, 2019, but the company didn’t identify the breach until December. The breach is limited to the Active Network’s Blue Bear software platform used by public K-12 schools. This incident is an irrevocable stain on a company operating in an industry that demands data privacy as a prerequisite for doing business, meaning this breach could have significant negative consequences for their business in the future.

Individual Risk: 2.287 = Severe: Hackers accessed user names, payment card expiration dates and security codes, and Blue Bear account usernames and passwords. However, Social Security numbers, driver’s license numbers, and government ID numbers were not included in the breach. Every Blue Bear user should reset their account passwords, and those impacted by the breach should notify their financial institutions of the event. Active Network is offering free identity monitoring services to victims and enrolling in this service can help ensure that their personal information isn’t misused now or in the future.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Brand reputation is a cherished and hard-earned standard that can quickly erode when a data breach strikes. With more consumers demanding a track record of high data security standards before doing business with a company, organizations have every incentive to build their reputation on the bedrock of strong data security procedures. Simply put, to remain competitive in today’s digital environment, businesses can’t just talk about data security, they actually have to protect customers’ information.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

In Other News:

Financial Services Organizations Increasingly Targeted By Cybercriminals

According to the 2019 Financial Breach Report, financial services organizations are increasingly targeted by cybercriminals, and these breaches are putting peoples’ personally identifiable information at risk. In 2019, 6% of all data breaches impacted financial services organizations, including the Capital One breach that impacted 6 million Canadian and US customers.

However, despite the relatively small fraction of organizations breached, the industry accounted for 60% of all leaked records, with hacking and malware serving as the top cause for these breaches. Financial services organizations collect and store peoples’ most sensitive information, so any failure in this sector can have devastating consequences.

For companies, this new reality is manifesting in their bottom lines. The average cost of a stolen financial services record reached $210 in 2019, second only to the cost of a compromised healthcare record. Fortunately, preemptive measures like phishing scam avoidance training and network analysis can help ensure that cybercriminals can’t capitalize on stolen data.

A Note From Kobargo

The Worst Passwords of 2019

Using strong, unique passwords is a simple and effective way for everyone to keep their online accounts secure. Unfortunately, despite numerous warnings and seemingly unending headlines about new, devastating data breaches, people are often unwilling to adopt this practice in their daily lives.

In a year-end rundown, security researchers compiled a list of the worst commonly used passwords in 2019. Predictably, “12345,” “test1,” and “password” all made the top five most popular passwords. Other passwords included simple number combinations, popular female names, and horizontal or vertical letters or numbers on a QWERTY keyboard. It’s clear that millions of people can take a simple step to improve their defensive posture, and, when coupled with other easy-to-use features like two-factor authentication, they can promote a robust defense of their digital environment.

Contact Kobargo Technology Partners to schedule a free consultation today !

Last week, ransomware brings bad news for employees, security doorbell users endure a serious privacy breach, and too many companies are giving in to criminals’ demands.

United States – The Heritage Company

Exploit: Ransomware
The Heritage Company: Telemarketing firm

Risk to Small Business: 2.333 = Severe: A ransomware attack forced The Heritage Company to temporarily shutter its operations, even after making a ransom payment to release its critical IT infrastructure. IT admins were unable to use the decryption key to access company data, resulting in the company’s CEO notifying employees that they would not be able to return to work until at least January 2nd. The attack has already cost the company hundreds of thousands of dollars. If they can’t recoup their valuable information, it’s possible that this ransomware attack could permanently cripple their business.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware can feel like an inevitability in today’s digital landscape, but SMBs have many tools at their disposal to protect their critical information. Notably, ransomware always requires a foothold to infiltrate a company, and this avenue is often achieved through known exploits in legacy systems or phishing scams that induce employees to grant network access to cybercriminals. By addressing these known flaws, companies can improve their defenses against this costly risk.

United States – Ring

Exploit: Accidental data sharing
Ring: Video doorbell and security camera maker

Risk to Small Business: 2 = Severe: Security researchers discovered Ring users’ account credentials posted on the Dark Web. The information could provide hackers with front door access to customer accounts. Given the sensitive nature of their business, this type of access could be especially problematic for users. Moreover, the episode is the company’s second cybersecurity incident this year, which raises questions about its efficacy in an industry that demands excellence when it comes to data security and privacy.

Individual Risk: 2.285 = Severe: Usernames and passwords are often used to directly access user accounts where criminals can steal additional information or otherwise wreak havoc. While Ring told customers that they are actively monitoring for unusual account activity, users should update their passwords and enable two-factor authentication to ensure that hackers can’t deploy this readily available information to access their accounts.

Customers Impacted: 1,562

How it Could Affect Your Customers’ Business: Ring is emblematic of the consequences of failing to embrace data security as a top priority. As a result of multiple data security instances and allegations of weak data privacy standards, Ring has endured significant brand erosion, and these episodes continue to degrade their competitive advantage. In an industry where customers have many options to choose from, this could be a serious factor in the company’s future financial success.

United States – PayPal

Exploit: Phishing attack
PayPal: Online payment platform

Risk to Small Business: 2.333 = Severe: Some PayPal users are receiving phishing emails purportedly notifying of unusual account activity and requiring users to verify their personal information to restore full account access. The hackers fabricate a sense of urgency by noting that user accounts will be disabled until they confirm their identity. Although the messages contain many tell-tale signs of a phishing scam, they pose a serious risk to PayPal customers and the company’s reputation.

Individual Risk: 2.428 = Severe: Although recipients have to provide their personal information to be at risk, anyone who responds to this email has compromised nearly all of their personally identifiable information. If that’s the case, they should immediately report the activity to PayPal, as well as to their other financial institutions. Unfortunately, this information can be used to perpetuate more than just financial crimes, and those who were compromised should also enroll in an identity monitoring services to ensure that their information isn’t being misused in other ways.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: As we’ve reported on our blog, the latest phishing attack trends have adopted many of the hallmarks of internet security, including HTTPs encryption, to dupe unsuspecting recipients into compromising critical data. Although such attacks are difficult to spot, SMBs can ensure that their employees serve as the first line of defense by implementing consistent awareness training that keeps employees abreast of the latest trends.

In Other News:

Too Many Businesses Are Paying Ransom Demands

Ransomware attacks have been one of the definitive cyber threats of 2019, and, despite their growing prominence, business leaders are still struggling to determine the most effective response.

Unfortunately, many organizations are bending to hackers’ demands by paying the ransom to retrieve their data. In fact, the number of organizations giving in to extortion demands has more than doubled this year. In total, nearly 40% of businesses breached by a ransomware attack are paying criminals to decrypt company data.

This trend goes against the recommendations of law enforcement agencies and many cybersecurity experts who fear that ransom payments will embolden criminals to continue attacking businesses, schools, and government facilities. In addition, as we’ve noted in this week’s newsletter, making a ransom payment doesn’t guarantee that data will be recovered.

Of course, even those that don’t pay the ransom will not escape unscathed, as the cost of recovery can be as steep as the ransom itself. However, SMBs do have the power to protect themselves. By ensuring that their software is up-to-date and that their accounts are secure through simple features like two-factor authentication, they can take away many of the footholds that hackers use to infect businesses with this costly malware.

A Note From Kobargo

Georgia Supreme Court Gives Data Breach Victims the Right to Sue

Data breaches carry all kinds of expenses that can do serious damage to a company’s bottom line. That reality became more prominent this week when the Georgia Supreme Court ruled that data breach victims could sue for damages.

The verdict overturned an earlier ruling pertaining to a 2016 data breach at Athens Orthopedic Clinic, which endured a breach that compromised patients’ personally identifiable information that eventually made its way to the Dark Web. While the clinic moved to dismiss the case, the court ruled that victims could sue the company for damages.

Ultimately, the ruling underscores another financial front that businesses need to account for when considering the risks of a data breach, and it should encourage companies to get the support they need they need to ensure that they are keeping sensitive data secure.

Contact Kobargo Technology Partners to schedule a free consultation today !

Last week, online stores can’t protect their customers, phishing attack impacts personal health data, and CCPA prepares to go into effect.

United States – Rooster Teeth Productions

Exploit: Malware attack
Rooster Teeth Productions: Entertainment production company

Risk to Small Business: 2 = Severe: Hackers injected malware into the company’s online store that siphoned off customers’ payment details at checkout. The breach was first detected on December 2nd, and the company claims that the malware was removed on the same day. However, it’s unclear why they waited several weeks before notifying customers of the breach. Rooster Teeth Productions has sent breach notification letters to those impacted by the incident, but the episode will certainly have a negative impact on the brand’s reputation at a critical time of year for sales.

Individual Risk: 2.285 = Severe: Those impacted by the breach had their names, email addresses, telephone numbers, physical addresses, and payment card information stolen in the breach. As a result, they should immediately contact their financial institutions to report the breach. Rooster Teeth Productions is offering a free year of identity monitoring services and enrolling in this service can offer long-term oversight of personal data.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: The timing of this data breach couldn’t be worse. Customers continually demonstrate that they aren’t willing to make purchases from platforms that can’t secure data, so Rooster Teeth Productions will almost certainly lose business during the busy holiday shopping season. Any company relying on e-commerce sales needs to understand cybersecurity risks and take necessary steps to ensure their revenue centers do not become liabilities.

United States – Conway Medical Center

Exploit: Phishing attack
Conway Medical Center: Healthcare provider

Risk to Small Business: 1.555 = Severe: Several employees fell for a phishing scam that provided hackers access to patients’ personal data. Although the healthcare provider quickly identified the intrusion and cut off access to those accounts, they can’t recover information already accessed by cybercriminals. As a result, Conway Medical Center will face regulatory scrutiny, which often results in fines and other penalties that can damage their reputation and profitability.

Individual Risk: 2 = Severe: Hackers had access to patients’ personally identifiable information, including their names, dates of birth, Social Security numbers, phone numbers, dates of admission, account numbers, and account balances. Conway Medical Center is providing free identify and credit monitoring services to those impacted by the breach, and those affected should enroll in these services. In addition, they should be vigilant about monitoring their accounts for unusual or suspicious activity.

Customers Impacted: 2,250

How it Could Affect Your Customers’ Business: This major cybersecurity incident was entirely avoidable since phishing scams are only effective if employees engage with malicious emails. Unfortunately, Conway Medical Center will now bear the cost of credit and identity monitoring services for thousands of patients, as well as the fines and penalties that often accompany a breach. In contrast, comprehensive employee awareness training is a bargain, protecting your company against the phishing attacks that will inevitably make their way to employee inboxes.

Canada – Life Labs

Exploit: Ransomware
Life Labs: Laboratory diagnostics and testing service

Risk to Small Business: 2.222 = Severe: Hackers accessed Life Labs’ IT, stealing copious amounts of customer information and demanding a ransom for the data’s return. In a notice to customers, Life Labs notes that it identified the breach in October, but waited until December to notify customers, a concerning timeframe that will make it more difficult for victims to protect their credentials against misuse. According to the company, they paid the ransom and their data was returned. Now they are declaring the incident a “low risk” to customers”, but given their poor communication so far, this is unlikely to assuage anyone’s concerns anytime soon.

Individual Risk: 2.285 = Severe: Hackers stole customers’ personally identifiable information, including their names, home addresses, email addresses, usernames, passwords, and health card numbers. Those impacted by the breach should monitor their accounts for unusual or suspicious activity, while being mindful that this information is often reused to commit other cybercrimes, including phishing attacks, that attempt to extract even more sensitive personal information.

Customers Impacted: 15,000,000

How it Could Affect Your Customers’ Business: Life Labs had a number of missteps in their handling of this data breach. However, the company did deploy Dark Web monitoring to ensure that their customers’ information wasn’t for sale to the highest bidder. These services can provide peace-of-mind to customers while also helping companies mitigate the often cascading consequences of a data breach.

In Other News:

New Ransomware Strain Targets Healthcare Sector

Each week, our newsletter has examples of companies devastated by ransomware attacks that carry an incredible cost and inflict reputational damage. Unfortunately, these attacks have become more pervasive this year, and hackers are not content to rest on their laurels.

Instead, a new variant of ransomware called Zeppelin is being deployed throughout the US, Canada, and Europe to target healthcare companies and IT organizations. In addition, the ransomware is using MSPs to further infect companies via their management software. Notably, the ransomware is being deployed through remote desktop servers that are publicly exposed to the internet.

The incident is a reminder that SMBs can’t afford to leave cybersecurity up to chance. These attacks can have devastating financial consequences for any organization, which means that a robust defensive posture is a bottom-line issue that will continue to become more critical in the year ahead.

A Note From Kobargo

CCPA Goes Into Effect on January 1st

While many people are counting down the days to their new year’s celebrations, another countdown is underway that will have significant implications for companies around the world. California’s new data privacy law, the California Consumer Privacy Act, officially goes into effect on January 1, 2020.

The law gives consumers new rights to their personal data, and, like Europe’s General Data Protection Regulation that came before it, CCPA promises financial penalties for companies that can’t comply with its standards. For companies of all sizes, it’s evident that the next year will be marked by new compliance measures both in the US and abroad. Fortunately, nobody has to tackle this issue alone. ID Agent is ready to provide a comprehensive assessment of your cybersecurity posture. Our products, like phishing scam awareness training and account security protocols, can help ensure that cybersecurity incidents don’t impede your 2020 goals and aspirations.

Contact Kobargo Technology Partners to schedule a free consultation today !

Last week, hackers gain front door access to company IT infrastructure, ransomware cripples social services, and lax employee password security continues to present a severe financial risk.

United States – Academy Sports + Outdoors

Exploit: Credential stuffing attack
Academy Sports + Outdoors: Sporting goods retailer

Risk to Small Business: : Hackers used previously stolen, legitimate login credentials to access customer accounts. The company noticed the breach after unusual activity was detected on certain user logins. In response, Academy Sports + Outdoors is encouraging customers to reset their passwords. Unfortunately, the breach occurred during the busy holiday shopping season, and customers have increasingly shown that they are less willing to engage with platforms that have a track record of cybersecurity lapses. This could harm the company’s sales at a critical time for gaining traction.

Individual Risk: 2.428 = Severe: Academy Sports + Outdoors noted that customers’ financial data wasn’t compromised in the breach, but account information, including usernames and passwords, was impacted. Every Academy Sports + Outdoors customer should reset their login credentials while carefully scrutinizing their accounts for suspicious or unusual activity.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Customers are fed up with data breaches, and they are taking out their anger on companies that can’t secure their information. Therefore, a data breach is more than just a cyber incident. It’s a collapse in customer service of the highest magnitude, and a priority that retailers looking to succeed in today’s digital environment must immediately address.

United States – Complete Technology Solutions

Exploit: Ransomware
Complete Technology Solutions: IT service provider

Risk to Small Business: 1.888 = Severe: A ransomware attack on Complete Technology Solutions, an IT service provider for dentistry practices, disrupted operations at more than 100 practices. When a company server was compromised, it allowed hackers to infect client computers with ransomware that disabled network security, data backups, and phone services. The attack began on November 25th and has continued to disrupt services more than two weeks later. Complete Technology Solutions declined to pay a $700,000 ransom to release the information, and decryption keys later provided by the hackers only unlocked some of the affected computers. As a result, the recovery process is incredibly complicated, and it will certainly have long-term repercussions for the company.

Individual Risk: No personal data was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware attacks always extract an expense from their victims, but the opportunity cost and reputational damage associated with a cybersecurity incident can be the most devastating. In this case, Complete Technology Solutions will almost certainly lose customers because of this incident, and their long-term business prospects are likely to be diminished. It underscores the importance of cybersecurity for any company that wants to remain competitive amidst an ominous threat landscape.

United States – Prison Rehabilitative Industries & Diversified Enterprises

Exploit: Ransomware
Prison Rehabilitative Industries & Diversified Enterprises (PRIDE): Private, non-profit social services organization

Risk to Small Business: 2.111 = Severe: PRIDE was struck by a ransomware attack that crippled its website and brought its services offline. The attack, which first occurred on December 7th, continues to disrupt services nearly a week later. As a non-profit organization, PRIDE will have a difficult time procuring the resources to remove the malware, and the service outages are making it difficult or impossible to fulfill their mission and provide critical services to a client base in need.

Individual Risk: No personal data was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware attacks can feel ominous and inevitable. However, organizations can protect against these common, increasingly expensive malware attacks by ensuring that their IT infrastructure doesn’t provide a foothold for infiltration. For instance, securing employee accounts, guarding against phishing scams, and updating firewall protections can all ensure that ransomware doesn’t compromise your company’s mission or bottom line.

In Other News:

Third-Party Breaches Present a Serious Risk

While everyone is well aware of the comprehensive threat landscape facing today’s companies, many forget that this threat is amplified when third-party partnerships are involved. As this week’s newsletter reminds us, these often necessary associations can place your company’s data at risk in a major way, and it’s a risk factor that every business should consider when exploring new collaborative opportunities.

For instance, many vendors are so overwhelmed by data breaches that they struggle to bring their services back online if they survive at all. In either case, your company’s data may not be their top priority, which puts your business at risk.

Naturally, third-parties have a vested interest in pursuing what’s best for themselves, an inherent liability that every business should evaluate when making decisions. In today’s regulatory environment, organizations face intense scrutiny when a data breach occurs, even if it doesn’t originate at your company. That threat should give every company working with third parties a reason to carefully consider cybersecurity implications before signing the contract.

A Note From Kobargo

Too Many Employees Don’t Change Their Passwords

Data breaches are a constant threat for any company, and a new survey by YouGov research found that many employees aren’t taking even the most basic steps to secure their accounts. According to the survey, which was specific to Ireland but likely represents a globally commonplace approach to password security, 39% of employees haven’t updated their passwords in more than a year. In part, the study found that convenience is a significant factor when determining standards, as many respondents expressed annoyances with security features like Captcha random image or one-time passcodes sent via text or email.

However, with the number of compromised email accounts growing every day, strong password standards coupled with additional security features like two-factor authentication can significantly decrease the risk of a data breach. It’s an obvious and proactive step that everyone can take to protect their personal and professional data from falling into the wrong hands.

Contact Kobargo Technology Partners to schedule a free consultation today !

Last week, phishing scams compromise patient data, a music service gets notified by the media of their hacked database, and more than half of organizations acknowledge that they are not ready for a cyberattack.

United States – McLaren Health Plan

Exploit: Phishing scam
McLaren Health Plan: Health maintenance organization

Risk to Small Business: 1.666 = Severe: A successful phishing attack on one of the company’s third-party vendors compromised patient data at McLaren Health Plan. The hackers used a compromised email account to send spam emails, putting patient data at risk. The exposure will inevitably lead to reputational damage, and the sensitive nature of the information breached will invite scrutiny from healthcare regulators along with the prospect of financial penalties.

Individual Risk: 2.571 = Moderate: The breach exposed patients’ personally identifiable information, including names, dates of birth, identification numbers, health plan information, providers, diagnosis, drug information, and authorization information. Notably, this information has been available since October, so those impacted by the breach should quickly examine their accounts for unusual activity and take precautions to ensure that their personal information remains secure.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Third-party partnerships represent an opportunity to expand your company’s capabilities but can also manifest themselves as cybersecurity risks. Given the increasingly onerous consequences of a data breach, cybersecurity standards should be a top consideration when establishing such relationships. Better product or service offerings can be a boon, but not if they come at the expense of data security.

United States – On The Border

Exploit: Malware attack
On The Border: Casual restaurant chain

Risk to Small Business: 1.888 = Severe: Hackers installed malware on the restaurant’s payment processing platform, which provided access to customers’ payment information from locations across 27 states. The attack occurred between April 10th and August 10th, and it did not include franchised restaurants or catering orders. Unfortunately, the breach wasn’t discovered until November 14th, giving hackers ample time to misuse customers’ personal information and financial data. Moreover, it’s unclear why the company waited several weeks to notify customers of the breach, a misstep that will certainly slow the recovery process.

Individual Risk: 2.571 = Moderate: Customers at certain restaurant locations had their personal and financial information stolen, including their names, credit card numbers, credit card expiration dates, and security codes printed on the back of the cards. This information not only has a ready market on the Dark Web, but it can be used directly by hackers to commit financial crimes. Therefore, those impacted by the breach should immediately notify their financial institutions and enroll in identity and credit monitoring services to ensure that their information isn’t misused now or in the future.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Recovering from a data breach is a challenging process, as companies are tasked with demonstrating their data security improvements while also wooing back customers that inevitably abandon them after a breach. While the best option is to prevent a data security incident from occurring in the first place, companies can expedite the recovery process by supporting their customers at every turn. In this case, understanding what happened to payment data after it was stolen can go a long way toward mitigating the damage and restoring customer confidence.

United Kingdom – Mixcloud

Exploit: Exposed database
Mixcloud: Audio streaming platform

Risk to Small Business: 1.777 = Severe: The music streaming platform failed to secure a database containing customer data, and that information was quickly shared on the Dark Web. Embarrassingly, the company was notified of the error by the media who were contacted by the hackers who stole the information in early November. Now, Mixcloud has to contend with a deluge of public criticism as well as a cadre of angry customers who are upset that their personal information is available for purchase on the Dark Web.

Individual Risk: 2.714 = Moderate: The stolen data includes usernames, email addresses, and encrypted passwords. In addition, the breach included sign-in data, including IP addresses and links to profile photos. This information can be used in identity crimes or to execute other cybercrimes, such as phishing scams. Those impacted by the breach should be especially critical of unusual digital correspondence while monitoring their accounts for unusual or suspicious activity.

Customers Impacted: 20,000,000

How it Could Affect Your Customers’ Business: The cost of a data breach is enormous, and it’s continually climbing. Given that reality, an unforced error, like an exposed database, is an especially egregious way to diminish your business prospects. Indeed, companies that don’t adequately account for their data security will face harsh technical, consumer, and regulatory costs now and in the years ahead.

In Other News:

More Than Half of All Organizations Admit They Aren’t Ready for Cyberattack

Data security incidents continue to make headlines every week. Even so, a recent survey found that most organizations still aren’t prepared for the veritable inevitability of a data breach.

Indeed, more than 800 CISOs from three continents expressed similar sentiments about their data security standards. Notably, 51% do not believe that they are ready to respond to a data breach, while nearly a third have untested response plans in place.

Meanwhile, the vast majority believe that the cybersecurity landscape will worsen or stay the same in the year ahead. Perhaps that’s why 76% plan to increase their cybersecurity budgets in 2020. When establishing their priorities, CISOs identified security software and employee awareness training as their top priority. As it stands, too many companies aren’t responding to the real and escalating threat of a data loss event.

A Note From Kobargo

60% of Digital Businesses Will Suffer Service Interruption by 2020

For many businesses, an online presence is a vital part of their competitive strategy. Unfortunately, it’s also creating their most prescient vulnerability. According to a recent study by Gartner, by next year, more than half of all digital businesses will incur one or more cyber threats that will significantly disrupt their business.

The report notes that cybercriminals are aware of the increasingly critical and valuable data sets that companies are bringing online, and they are targeting that information to turn a profit. It also found that products for perpetuating cybercrime such as pre-packaged ransomware and phishing capabilities have never been more prevalent, with an underground marketplace fueled by the Dark Web.

In response, companies with a digital agenda have a responsibility to audit their defensive posture, ensuring that they are prepared to meet the moment by identifying and addressing the latest cyber trends. Notably, most cyber threats can be addressed in-house by ensuring that employees are able to identify risks and implement best practices, like strong unique passwords, and two-factor authentication across all their accounts.

Contact Kobargo Technology Partners to schedule a free consultation today !

Read more