Data Breach, Cyber Alert Monday 08-19-2019

DATA BREACH, CYBER ALERT MONDAY:

LAST WEEK, A DATA BREACH CAUSED TRAVEL DELAYS, RANSOMWARE COMPROMISED THE FIRST DAY OF SCHOOL, AND SMALL BUSINESSES ENDURED AN UNPRECEDENTED NUMBER OF DATA BREACHES.

LAST WEEK’S HACKS, ATTACKS, DATA BREACHES AND MORE…

City of Naples: Local government serving residents in Naples, Florida

Exploit: Phishing attack

Risk to Small Business: 2 = Severe: Spear phishing campaigns have evolved in sophistication, often relying on previously stolen credentials and inflicting greater damage than ever before. Therefore, awareness training is a critical element of any organization’s cybersecurity defense, since it can equip employees to successfully defend against all types of phishing campaigns that threaten company data and resources.

Individual Risk:No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Business: The cost of a data breach is higher now than ever before, which makes a preventable data breach even more egregious. Consequently, awareness training should be a top priority for every company. The expense of credit and identity monitoring services, reputational damage, and IT upgrades far exceeds the awareness training that can prevent phishing scams from compromising customer data.


Broken Arrow Public Schools: Public school district in Broken Arrow, Oklahoma

Exploit: Ransomware

Risk to Small Business: 2.555 = Moderate Risk: A ransomware attack compromised the school district’s network, making it briefly inaccessible to all personnel. Fortunately, the school district maintained comprehensive backups that were not impacted by the data breach, and they were able to restore normal operations without paying a ransom. The attack came as school was preparing to begin, and it temporarily put critical services like scheduling, bus routes, and even the first day of school at risk.

Individual Risk:No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Business: A ransomware attack can come at any time, which means that a comprehensive response plan is an immediate and necessary element of every business or organization’s cybersecurity strategy. By planning for a ransomware attack, which could include everything from data backups to ransomware insurance, every business can put its best foot forward to thwart these increasingly common attacks.


Presbyterian Health Services: Private, not-for-profit healthcare system and provider

Exploit:Phishing attack

Risk to Small Business:  1.777 = Severe: Beginning on May 9th, hackers gained access to employee email accounts that contained copious amounts of patient data. The employees fell for a phishing scam that compromised their accounts, which criminals accessed for nearly a month before the healthcare provider discovered the breach. While Presbyterian Health Services secured their employee accounts after discovering the unauthorized access, cybercriminals had plenty of time to exploit this vulnerability. Healthcare data breaches are incredibly expensive, and Presbyterian Health Services will incur the immediate cost of identity and credit monitoring services as well as increased regulatory scrutiny because patient data was involved.

Individual Risk: 2.142 = Severe: Hackers accessed patients’ names, dates of birth, Social Security numbers, and other healthcare related data. This information can quickly spread on the Dark Web, and those impacted by the breach need to attain the services necessary to protect this information.

Customers Impacted: 183,000

How it Could Affect Your Business: Every organization wants to avoid the high cost of a data breach, so succumbing to defensible attacks like a phishing scam is uniquely frustrating. Phishing scams are cheap and easy to execute, and they are frequently making their way into employees’ inboxes. Therefore, comprehensive awareness training is a must-have element for every organization’s cybersecurity initiatives.


Earnin: Mobile finance app offering cash advances on paycheck deposits

Exploit: Malware attack

Risk to Small Business:Risk to Small Business: 1.555 = Severe: A group of white hat hackers accessed Earnin’s network and discovered significant security vulnerabilities, including customers’ financial information stored in plain text. Although the data breach was limited to the white hat hackers, the company’s subpar security standards are producing significant bad press that could hinder their development moving forward.

Individual Risk: 2 = Severe: There is no indication that personal information was misused in this data breach, but significant amounts of user data was accessed, including names, bank account numbers, routing numbers, and payment statements. Because of Earnin’s poor security standards, users should closely monitor their accounts for unusual activity, and they should carefully consider their participation in platforms that don’t prioritize data security.

Customers Impacted: Unknown

How it Could Affect Your Business:In the past, tech startups operated with near impunity as they developed new platforms and services to meet our modern moment. Today, shifting consumer sentiments toward data privacy and a cadre of new privacy laws make this proposition more perilous. Instead, startups need to make cybersecurity a top priority from day one because failing to protect customer information can undercut their financial, regulatory, and customer-facing viability.


Indian Prairie School District 204: Public school district providing educational services in Aurora, Illinois

Exploit: Unauthorized database access

Risk to Small Business: 2 = Severe Risk: A data breach at Pearson Clinical Assessments has trickled down to Indian Prairie School District, compromising the personal information of tens of thousands of staff and students. The district believes the information was put up for sale the Dark Web, and they are offering free credit monitoring services for everyone impacted by the breach. In this case, a security vulnerability at a third-party contractor requires the district to pick up the heavy cost of credit monitoring services for thousands of former students. In a sector already strapped for cash, this expense alone is reason enough to prioritize cybersecurity initiatives pertaining to the contract work and beyond.

Individual Risk: 2.428 = Severe Risk: The data breach includes data from staff and students from the years 2001 – 2016, and it includes first and last names, school email addresses, and birth dates. Personal data can travel quickly on the Dark Web, and those impacted by the breach should enroll in the credit monitoring services offered by the district.

Customers Impacted: 49,000

How it Could Your Customers’ Business: Data breaches that compromise people’s personally identifiable information are always concerning, especially when they involve minors. Providing the supportive services necessary to recover from a data breach is the most important, and identity and credit monitoring services is the first place to start. These programs provide people the peace-of-mind necessary to successfully navigate the recovery process.


In Other News:

UK SMBs Fend Off 10,000 Cyber Attacks Per Day 

According to a recent report by the Federation of Small Businesses (FSB), UK-based SMBs are enduring significant cyber-attacks that total nearly 10,000 per day.

Respondents indicated that one in five small businesses were the victim of a data breach in the past two years, and the survey identified other ancillary consequences accompanying this incredibly high number. For instance, the threat landscape is both expansive and diverse with businesses reporting 530,000 phishing attacks, 374,000 malware incidences, and 260,000 ransomware attacks.

Moreover, the collective cost of these data breaches exceeds £4.5 billion with the average cost of an attack costing companies £1,300.

Interestingly, the survey found that many companies aren’t equipped to defend against these threats. The research found that 64% of small businesses don’t have a security team, and only 1/3 provided cybersecurity training to their employees.


A Note From Kobargo..

GermanWiper Ransomware Targets SMBs 

German SMBs are the target of a new ransomware that’s wreaking havoc on company data.
The ransomware is delivered by a phishing campaign purporting to be from a potential job applicant, and the email contains an attachment that poses as a PDF resume from the sender.

When users click on the attachment, it unleashes a ransomware attack that demands payment in Bitcoin to decrypt the files.

Unfortunately, even if businesses pay the ransom, their files are unrecoverable. This particular ransomware, dubbed GermanWiper, erases the encrypted data, making it permanently inaccessible to users.

GermanWiper is a reminder of the precarious nature of ransomware attacks that are increasingly targeting businesses and government organizations to extract large payments. If companies are unprepared for a ransomware attack, there is no guarantee that they will ever recover their information by paying a ransom, and other restorative processes can be even more costly than the ransomware demands.

Therefore, defensive initiatives are business’s best bet for avoiding a ransomware attack, and, with security specialists (Like us!) ready to help out, now is the right time to ensure that your company is ready to defend against today’s always-shifting threat landscape.


Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
Data Breach, Cyber Alert Monday 08-19-2019

Data Breach, Cyber Alert Monday:
Last week, a data breach caused travel delays, ransomware compromised the first day of school, and small businesses endured an unprecedented number of data breaches.

LAST WEEK’S HACKS, ATTACKS, DATA BREACHES AND MORE…

City of Naples: Local government serving residents in Naples, Florida

Exploit: Phishing attack

Risk to Small Business: 2 = Severe: Spear phishing campaigns have evolved in sophistication, often relying on previously stolen credentials and inflicting greater damage than ever before. Therefore, awareness training is a critical element of any organization’s cybersecurity defense, since it can equip employees to successfully defend against all types of phishing campaigns that threaten company data and resources.

Individual Risk:No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Business: The cost of a data breach is higher now than ever before, which makes a preventable data breach even more egregious. Consequently, awareness training should be a top priority for every company. The expense of credit and identity monitoring services, reputational damage, and IT upgrades far exceeds the awareness training that can prevent phishing scams from compromising customer data.


Broken Arrow Public Schools: Public school district in Broken Arrow, Oklahoma

Exploit: Ransomware

Risk to Small Business: 2.555 = Moderate Risk:A ransomware attack compromised the school district’s network, making it briefly inaccessible to all personnel. Fortunately, the school district maintained comprehensive backups that were not impacted by the data breach, and they were able to restore normal operations without paying a ransom. The attack came as school was preparing to begin, and it temporarily put critical services like scheduling, bus routes, and even the first day of school at risk.

Individual Risk:No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Business: A ransomware attack can come at any time, which means that a comprehensive response plan is an immediate and necessary element of every business or organization’s cybersecurity strategy. By planning for a ransomware attack, which could include everything from data backups to ransomware insurance, every business can put its best foot forward to thwart these increasingly common attacks.


Presbyterian Health Services: Private, not-for-profit healthcare system and provider

Exploit:Phishing attack

Risk to Small Business:  1.777 = Severe: Beginning on May 9th, hackers gained access to employee email accounts that contained copious amounts of patient data. The employees fell for a phishing scam that compromised their accounts, which criminals accessed for nearly a month before the healthcare provider discovered the breach. While Presbyterian Health Services secured their employee accounts after discovering the unauthorized access, cybercriminals had plenty of time to exploit this vulnerability. Healthcare data breaches are incredibly expensive, and Presbyterian Health Services will incur the immediate cost of identity and credit monitoring services as well as increased regulatory scrutiny because patient data was involved.

Individual Risk: 2.142 = Severe: Hackers accessed patients’ names, dates of birth, Social Security numbers, and other healthcare related data. This information can quickly spread on the Dark Web, and those impacted by the breach need to attain the services necessary to protect this information.

Customers Impacted: 183,000

How it Could Affect Your Business: Every organization wants to avoid the high cost of a data breach, so succumbing to defensible attacks like a phishing scam is uniquely frustrating. Phishing scams are cheap and easy to execute, and they are frequently making their way into employees’ inboxes. Therefore, comprehensive awareness training is a must-have element for every organization’s cybersecurity initiatives.


Earnin: Mobile finance app offering cash advances on paycheck deposits

Exploit:Malware attack

Risk to Small Business:Risk to Small Business: 1.555 = Severe: A group of white hat hackers accessed Earnin’s network and discovered significant security vulnerabilities, including customers’ financial information stored in plain text. Although the data breach was limited to the white hat hackers, the company’s subpar security standards are producing significant bad press that could hinder their development moving forward.

Individual Risk:2 = Severe: There is no indication that personal information was misused in this data breach, but significant amounts of user data was accessed, including names, bank account numbers, routing numbers, and payment statements. Because of Earnin’s poor security standards, users should closely monitor their accounts for unusual activity, and they should carefully consider their participation in platforms that don’t prioritize data security.

Customers Impacted: Unknown

How it Could Affect Your Business:In the past, tech startups operated with near impunity as they developed new platforms and services to meet our modern moment. Today, shifting consumer sentiments toward data privacy and a cadre of new privacy laws make this proposition more perilous. Instead, startups need to make cybersecurity a top priority from day one because failing to protect customer information can undercut their financial, regulatory, and customer-facing viability.


Indian Prairie School District 204: Public school district providing educational services in Aurora, Illinois

Exploit: Unauthorized database access

Risk to Small Business: 2 = Severe Risk: A data breach at Pearson Clinical Assessments has trickled down to Indian Prairie School District, compromising the personal information of tens of thousands of staff and students. The district believes the information was put up for sale the Dark Web, and they are offering free credit monitoring services for everyone impacted by the breach. In this case, a security vulnerability at a third-party contractor requires the district to pick up the heavy cost of credit monitoring services for thousands of former students. In a sector already strapped for cash, this expense alone is reason enough to prioritize cybersecurity initiatives pertaining to the contract work and beyond.

Individual Risk: 2.428 = Severe Risk: The data breach includes data from staff and students from the years 2001 – 2016, and it includes first and last names, school email addresses, and birth dates. Personal data can travel quickly on the Dark Web, and those impacted by the breach should enroll in the credit monitoring services offered by the district.

Customers Impacted: 49,000

How it Could Your Customers’ Business: Data breaches that compromise people’s personally identifiable information are always concerning, especially when they involve minors. Providing the supportive services necessary to recover from a data breach is the most important, and identity and credit monitoring services is the first place to start. These programs provide people the peace-of-mind necessary to successfully navigate the recovery process.


In Other News:

UK SMBs Fend Off 10,000 Cyber Attacks Per Day 

According to a recent report by the Federation of Small Businesses (FSB), UK-based SMBs are enduring significant cyber-attacks that total nearly 10,000 per day. 

Respondents indicated that one in five small businesses were the victim of a data breach in the past two years, and the survey identified other ancillary consequences accompanying this incredibly high number. For instance, the threat landscape is both expansive and diverse with businesses reporting 530,000 phishing attacks, 374,000 malware incidences, and 260,000 ransomware attacks.

Moreover, the collective cost of these data breaches exceeds £4.5 billion with the average cost of an attack costing companies £1,300.

Interestingly, the survey found that many companies aren’t equipped to defend against these threats. The research found that 64% of small businesses don’t have a security team, and only 1/3 provided cybersecurity training to their employees.


A Note From Kobargo..

GermanWiper Ransomware Targets SMBs 

 

German SMBs are the target of a new ransomware that’s wreaking havoc on company data.
The ransomware is delivered by a phishing campaign purporting to be from a potential job applicant, and the email contains an attachment that poses as a PDF resume from the sender. 

When users click on the attachment, it unleashes a ransomware attack that demands payment in Bitcoin to decrypt the files.

Unfortunately, even if businesses pay the ransom, their files are unrecoverable. This particular ransomware, dubbed GermanWiper, erases the encrypted data, making it permanently inaccessible to users.

GermanWiper is a reminder of the precarious nature of ransomware attacks that are increasingly targeting businesses and government organizations to extract large payments. If companies are unprepared for a ransomware attack, there is no guarantee that they will ever recover their information by paying a ransom, and other restorative processes can be even more costly than the ransomware demands.

Therefore, defensive initiatives are business’s best bet for avoiding a ransomware attack, and, with security specialists (Like us!) ready to help out, now is the right time to ensure that your company is ready to defend against today’s always-shifting threat landscape.


Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
Data Breach, Cyber Alert Monday 08-12-2019

DATA BREACH, CYBER ALERT MONDAY:

LAST WEEK, STUDENTS LEARNED A HARSH LESSON ABOUT DATA SECURITY, LAW ENFORCEMENT AGENCIES WERE FORCED OFFLINE, AND A CREATIVE NEW MALWARE THREATENED WINDOWS USERS.

LAST WEEK’S HACKS, ATTACKS, DATA BREACHES AND MORE…

Ameritas: Insurance company operating as a subsidiary of Ameritas Mutual Holding Company

Exploit: Phishing attack

Risk to Small Business: 1.777 = Severe: Several employees fell for a phishing scam and provided their credentials to hackers who used that information to access customer data. The insurance company disabled the affected accounts and issued a company-wide, mandatory password reset. The company’s quick actions certainly prevented the data breach from becoming more expansive, but even temporary access can allow hackers to inflict significant damage on a company’s data security. Because Ameritas failed to adequately prepare their employees for a phishing scam, they will now incur the significant cost of hiring an external security firm to shore up their data integrity, even as they face the less quantifiable reputational cost that always accompanies a data breach.

Individual Risk: 2.285 = Severe: Hackers accessed customers’ personally identifiable information, including names, addresses, email addresses, social security numbers, and policy numbers. Ameritas is offering one year of free credit and identity monitoring services, and anyone impacted by this data breach should enroll in these programs. At the same time, they should diligently monitor their accounts for unusual or suspicious activity.

Customers Impacted: Unknown

How it Could Affect Your Business: The cost of a data breach is higher now than ever before, which makes a preventable data breach even more egregious. Consequently, awareness training should be a top priority for every company. The expense of credit and identity monitoring services, reputational damage, and IT upgrades far exceeds the awareness training that can prevent phishing scams from compromising customer data.


Washoe County School District: Public school district providing educational services to students in Washoe County, Nevada

Exploit: Unauthorized database access

Risk to Small Business: 2.111 = Severe: A data breach at one of the district’s contractors, Pearson, compromised students’ personally identifiable information. Even though the district isn’t directly responsible for the data breach, they will still incur the cost of providing credit and identity monitoring services to thousands of victims, and their already strapped budgets will be further strained by the recovery efforts.

Individual Risk: 2.714 = Moderate Risk: The data breach impacts students who attended the school district between 2001 and 2016, and it includes student names and dates of birth. Some staff names and email addresses were also accessed during the breach. Those impacted by the breach should enroll in the district-provided credit and identity monitoring services to ensure their information’s long-term integrity.

Customers Impacted: 144,000

How it Could Affect Your Business: Even when an organization isn’t directly responsible for a data breach, they are still charged with helping victims recover from the episode and for strengthening the cybersecurity standards going forward. Especially when minors are involved, knowing what happens to people’s information after it leaves your network is a good place to start.


Georgia Department of Public Safety: Government agency overseeing state law enforcement divisions

Exploit: Ransomware

Risk to Small Business: 2.111 = Severe: A ransomware attack on the Georgia Department of Public Safety forced the institution to take all of its computer servers offline. The department is responsible for several law enforcement agencies, which were unable to use their systems to conduct their day-to-day operations. Fortunately, the department was prepared with a ransomware response plan that will equip them to restore operations without paying the ransom. However, as other incidents in recent months revealed, that doesn’t mean that recovery is free or even cheap. The opportunity cost associated with network outages and the IT repairs costs can quickly exceed ransom demands.

Individual Risk:  No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Business:This is the third ransomware attack on a Georgia-based government agency in the past month, costing precious public funds that could be spent on more beneficial projects. The pattern is certainly not restricted to Georgia, and organizations of every size and in every location should prioritize robust security awareness to address network vulnerabilities before an attack occurs.


Los Angeles Police Department: Local police department serving Los Angeles, California

Exploit: Unauthorized database access

Risk to Small Business: 1.666 = Severe: A hacker gained access to the department’s database housing information on thousands of recruits, compromising sensitive personal information for thousands of potential officers in the process. While the department is taking steps to protect their network going forward, they neither knew they were breached nor accounted for their officers’ data security before the incident occurred. Consequently, their officers’ personal information is available to untold bad actors.

Individual Risk: 2.428 = Severe: When hackers contacted the department, they revealed that the personal information included names, partial social security numbers, dates of birth, email addresses, and application credentials. The breach extends to officers, trainees, recruits, and applicants, and those impacted by the breach should attain the credit and identity monitoring services necessary to ensure that their information isn’t being used for nefarious purposes.

Customers Impacted: 20,000

How it Could Affect Your Business: Data breaches are a veritable PR nightmare for any company, and this is especially true when prized community members, like police officers, are victimized by the incident. Since this information can quickly make its way to the Dark Web, organizations can begin repairing the damage by verifying that this information isn’t being used to perpetuate further crimes. Moreover, offering supportive services, like comprehensive identity theft restoration, provides the support that victims need to recover from a data breach.


Poshmark: Social commerce marketplace for buying and selling clothing, shoes, and accessories

Exploit: Unauthorized database access

Risk to Small Business: 2.222 = Severe Risk: Hackers gained access to the company’s database where they accessed customers’ personal information. The company hashed and salted users’ passwords, making it difficult for hackers to use this information to directly access user accounts. However, similar breaches at online retailers eventually saw their customers’ data sold on the Dark Web, giving Poshmark a heavy responsibility to identity the stolen information and to ensure its long-term integrity. In addition, the company is paying the expense of hiring a third-party cybersecurity team to update their protocols in the wake of the breach.

Individual Risk: 2.714 = Moderate Risk: Poshmark is used by customers in Canada and the United States, but only US-based accounts were impacted by the breach. For those impacted by the breach, their usernames, passwords, names, gender, and city of residence are compromised. In addition, some platform-related content, like clothing size, was also made available. Ensuring this data’s security is a long-term process that doesn’t have an easy solution. Therefore, users should attain the monitoring services necessary to secure their information.

Customers Impacted: Unknown

How it Could Your Customers’ Business: Research shows that customers are unlikely to return to a platform that compromises their personal data, making cybersecurity not just a technological issue but a bottom-line priority. Providing comprehensive care to those impacted by a breach allows companies to put their best foot forward toward restoring the customers’ confidence, and, hopefully, retaining their business.


Lodi, California: City located in San Joaquin County, California

Exploit: Ransomware

Risk to Small Business: 1.888 = Severe Risk: Ransomware was delivered to city employees as an email attachment that appeared to be an invoice. The malware ultimately disabled the city’s phone lines, financial data systems, and other computer systems. Hackers demanded a $400,000 ransom in Bitcoin, which officials have declined to pay. The ransomware was first discovered in April, and, after several attempts to remove it from their system, it’s continued to plague their systems months later. While the city has cybersecurity insurance, it includes a $50,000 deductible, which means that there are only bad options for restoring network functionality.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Your Customers’ Business: This incident illustrates the complicated debate surrounding ransomware attacks. $400,000 is an expensive ransom, but local municipalities can quickly spend more as they endure the arduous process of recovering their systems. As Lodi demonstrates, this process can take months, and success isn’t a guarantee. Consequently, government agencies and organizations need to prioritize cybersecurity initiatives to strengthen their defensive posture before an attack occurs. In this case, a single malicious email will have significant financial consequences for the local government.


In Other News:

Capital One Data Breach Impacts US and Canadian Customers 

An expansive data breach at the credit card juggernaut, Capital One Financial, has compromised the personal information for more than 100 million US and Canadian customers.

The breach exposed the personal data for more than six-million Canadians, making it one of the most significant data breaches in the country’s history. Capital One, which provides Mastercard credit cards for retailers like Costco Wholesale and Hudson Bay Company, noted that the data is primarily restricted to consumers and small businesses who applied for a credit card between 2005 and 2019.

The data includes names, addresses, postal codes, phone numbers, dates of birth, and incomes. For US customers, the stolen data also includes 80,000 linked bank account numbers and 140,000 social security numbers.

The incident is just the latest wide-spread data breach impacting small businesses and consumers, making their preemptive data protection a must-have element of personal or organization data security. For example, Kobargo’s Dark Web monitoring services can identify if an organization’s data is made available on the Dark Web, providing you with an opportunity to enhance your security posture before an attack takes place.


A Note From Kobargo..New Malware Strain Targets Windows Users 

A new malware strain, SystemBC, targets Windows computers with a multifaceted attack that can wreak havoc on their users.

In addition to infecting computers with the primary strain of malware, SystemBC contains an on-demand proxy component that allows other malware stains to integrate with infected computers. Bad actors can use this arrangement to install trojans, ransomware, and other malware on users’ computers.

This iterative approach to malware illustrates the ever-changing cybersecurity landscape that threatens every organization. With the cost of a data breach growing each year, companies have every incentive to protect their IT infrastructure. Although the challenges are immense, partnering with qualified professionals (Like us!) can ensure that your organization is always ready to combat the latest threats.


Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
Data Breach, Cyber Alert Monday 08-12-2019

Data Breach, Cyber Alert Monday:
Last week, students learned a harsh lesson about data security, law enforcement agencies were forced offline, and a creative new malware threatened Windows users.

LAST WEEK’S HACKS, ATTACKS, DATA BREACHES AND MORE…

Ameritas: Insurance company operating as a subsidiary of Ameritas Mutual Holding Company

Exploit: Phishing attack

Risk to Small Business: 1.777 = Severe: Several employees fell for a phishing scam and provided their credentials to hackers who used that information to access customer data. The insurance company disabled the affected accounts and issued a company-wide, mandatory password reset. The company’s quick actions certainly prevented the data breach from becoming more expansive, but even temporary access can allow hackers to inflict significant damage on a company’s data security. Because Ameritas failed to adequately prepare their employees for a phishing scam, they will now incur the significant cost of hiring an external security firm to shore up their data integrity, even as they face the less quantifiable reputational cost that always accompanies a data breach.

Individual Risk: 2.285 = Severe: Hackers accessed customers’ personally identifiable information, including names, addresses, email addresses, social security numbers, and policy numbers. Ameritas is offering one year of free credit and identity monitoring services, and anyone impacted by this data breach should enroll in these programs. At the same time, they should diligently monitor their accounts for unusual or suspicious activity.

Customers Impacted: Unknown

How it Could Affect Your Business: The cost of a data breach is higher now than ever before, which makes a preventable data breach even more egregious. Consequently, awareness training should be a top priority for every company. The expense of credit and identity monitoring services, reputational damage, and IT upgrades far exceeds the awareness training that can prevent phishing scams from compromising customer data.


Washoe County School District: Public school district providing educational services to students in Washoe County, Nevada

Exploit: Unauthorized database access

Risk to Small Business: 2.111 = Severe: A data breach at one of the district’s contractors, Pearson, compromised students’ personally identifiable information. Even though the district isn’t directly responsible for the data breach, they will still incur the cost of providing credit and identity monitoring services to thousands of victims, and their already strapped budgets will be further strained by the recovery efforts.

Individual Risk: 2.714 = Moderate Risk: The data breach impacts students who attended the school district between 2001 and 2016, and it includes student names and dates of birth. Some staff names and email addresses were also accessed during the breach. Those impacted by the breach should enroll in the district-provided credit and identity monitoring services to ensure their information’s long-term integrity.

Customers Impacted: 144,000

How it Could Affect Your Business: Even when an organization isn’t directly responsible for a data breach, they are still charged with helping victims recover from the episode and for strengthening the cybersecurity standards going forward. Especially when minors are involved, knowing what happens to people’s information after it leaves your network is a good place to start.


Georgia Department of Public Safety: Government agency overseeing state law enforcement divisions

Exploit: Ransomware

Risk to Small Business: 2.111 = Severe: A ransomware attack on the Georgia Department of Public Safety forced the institution to take all of its computer servers offline. The department is responsible for several law enforcement agencies, which were unable to use their systems to conduct their day-to-day operations. Fortunately, the department was prepared with a ransomware response plan that will equip them to restore operations without paying the ransom. However, as other incidents in recent months revealed, that doesn’t mean that recovery is free or even cheap. The opportunity cost associated with network outages and the IT repairs costs can quickly exceed ransom demands.

Individual Risk:  No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Business:This is the third ransomware attack on a Georgia-based government agency in the past month, costing precious public funds that could be spent on more beneficial projects. The pattern is certainly not restricted to Georgia, and organizations of every size and in every location should prioritize robust security awareness to address network vulnerabilities before an attack occurs.


Los Angeles Police Department: Local police department serving Los Angeles, California

Exploit: Unauthorized database access

Risk to Small Business: 1.666 = Severe: A hacker gained access to the department’s database housing information on thousands of recruits, compromising sensitive personal information for thousands of potential officers in the process. While the department is taking steps to protect their network going forward, they neither knew they were breached nor accounted for their officers’ data security before the incident occurred. Consequently, their officers’ personal information is available to untold bad actors.

Individual Risk: 2.428 = Severe: When hackers contacted the department, they revealed that the personal information included names, partial social security numbers, dates of birth, email addresses, and application credentials. The breach extends to officers, trainees, recruits, and applicants, and those impacted by the breach should attain the credit and identity monitoring services necessary to ensure that their information isn’t being used for nefarious purposes.

Customers Impacted: 20,000

How it Could Affect Your Business: Data breaches are a veritable PR nightmare for any company, and this is especially true when prized community members, like police officers, are victimized by the incident. Since this information can quickly make its way to the Dark Web, organizations can begin repairing the damage by verifying that this information isn’t being used to perpetuate further crimes. Moreover, offering supportive services, like comprehensive identity theft restoration, provides the support that victims need to recover from a data breach.


Poshmark: Social commerce marketplace for buying and selling clothing, shoes, and accessories

Exploit: Unauthorized database access

 

Risk to Small Business: 2.222 = Severe Risk: Hackers gained access to the company’s database where they accessed customers’ personal information. The company hashed and salted users’ passwords, making it difficult for hackers to use this information to directly access user accounts. However, similar breaches at online retailers eventually saw their customers’ data sold on the Dark Web, giving Poshmark a heavy responsibility to identity the stolen information and to ensure its long-term integrity. In addition, the company is paying the expense of hiring a third-party cybersecurity team to update their protocols in the wake of the breach.

Individual Risk: 2.714 = Moderate Risk: Poshmark is used by customers in Canada and the United States, but only US-based accounts were impacted by the breach. For those impacted by the breach, their usernames, passwords, names, gender, and city of residence are compromised. In addition, some platform-related content, like clothing size, was also made available. Ensuring this data’s security is a long-term process that doesn’t have an easy solution. Therefore, users should attain the monitoring services necessary to secure their information.

Customers Impacted: Unknown

How it Could Your Customers’ Business: Research shows that customers are unlikely to return to a platform that compromises their personal data, making cybersecurity not just a technological issue but a bottom-line priority. Providing comprehensive care to those impacted by a breach allows companies to put their best foot forward toward restoring the customers’ confidence, and, hopefully, retaining their business.


Lodi, California: City located in San Joaquin County, California

Exploit: Ransomware

Risk to Small Business: 1.888 = Severe Risk: Ransomware was delivered to city employees as an email attachment that appeared to be an invoice. The malware ultimately disabled the city’s phone lines, financial data systems, and other computer systems. Hackers demanded a $400,000 ransom in Bitcoin, which officials have declined to pay. The ransomware was first discovered in April, and, after several attempts to remove it from their system, it’s continued to plague their systems months later. While the city has cybersecurity insurance, it includes a $50,000 deductible, which means that there are only bad options for restoring network functionality.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Your Customers’ Business: This incident illustrates the complicated debate surrounding ransomware attacks. $400,000 is an expensive ransom, but local municipalities can quickly spend more as they endure the arduous process of recovering their systems. As Lodi demonstrates, this process can take months, and success isn’t a guarantee. Consequently, government agencies and organizations need to prioritize cybersecurity initiatives to strengthen their defensive posture before an attack occurs. In this case, a single malicious email will have significant financial consequences for the local government.


In Other News:

Capital One Data Breach Impacts US and Canadian Customers 

An expansive data breach at the credit card juggernaut, Capital One Financial, has compromised the personal information for more than 100 million US and Canadian customers. 

The breach exposed the personal data for more than six-million Canadians, making it one of the most significant data breaches in the country’s history. Capital One, which provides Mastercard credit cards for retailers like Costco Wholesale and Hudson Bay Company, noted that the data is primarily restricted to consumers and small businesses who applied for a credit card between 2005 and 2019.

The data includes names, addresses, postal codes, phone numbers, dates of birth, and incomes. For US customers, the stolen data also includes 80,000 linked bank account numbers and 140,000 social security numbers.

The incident is just the latest wide-spread data breach impacting small businesses and consumers, making their preemptive data protection a must-have element of personal or organization data security. For example, Kobargo’s Dark Web monitoring services can identify if an organization’s data is made available on the Dark Web, providing you with an opportunity to enhance your security posture before an attack takes place.


A Note From Kobargo..

New Malware Strain Targets Windows Users 

A new malware strain, SystemBC, targets Windows computers with a multifaceted attack that can wreak havoc on their users.

In addition to infecting computers with the primary strain of malware, SystemBC contains an on-demand proxy component that allows other malware stains to integrate with infected computers. Bad actors can use this arrangement to install trojans, ransomware, and other malware on users’ computers.

This iterative approach to malware illustrates the ever-changing cybersecurity landscape that threatens every organization. With the cost of a data breach growing each year, companies have every incentive to protect their IT infrastructure. Although the challenges are immense, partnering with qualified professionals (Like us!) can ensure that your organization is always ready to combat the latest threats.


Contact Kobargo Technology Partners to schedule a free consultation today!

 

Read more
Data Breach, Cyber Alert Mondat 08-05-2019

DATA BREACH, CYBER ALERT MONDAY:

LAST WEEK, CREDENTIALS FROM THE DARK WEB COMPROMISE A COMPANY’S NETWORK, HEALTHCARE RECORDS ARE HELD FOR RANSOM…

LAST WEEK’S HACKS, ATTACKS, DATA BREACHES AND MORE…


New Haven Public Schools:
 Public school district serving students in New Haven, Connecticut

Exploit: Ransomware

Risk to Small Business: 2.333 Severe: A network vulnerability allowed hackers to install ransomware on the district’s servers, prohibiting access to many of their critical digital assets. Fortunately, New Haven Public Schools maintained comprehensive backups, allowing them to restore functionality without paying the ransom. Many attacks in this realm are self-initiated, with an employee accidentally clicking into a phishing email that installs malware into a system. However, in this case, the district insists that technical vulnerabilities were the culprit.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Business: A holistic ransomware response plan is a mission-critical component of any organization. This plan, which must include everything from attaining the right insurance policy to determining a philosophical position on paying ransom demands, can mitigate the consequences of an attack. In this case, New Haven Public Schools had the backups in place to avoid paying a ransom and to quickly restore operations. Of course, securing IT infrastructure is a complicated process, and partnering with third-party experts can help spot vulnerabilities before the lead to a data breach.


iNSYNQCloud hosting platform providing virtual desktops for enterprise clients

Exploit: Ransomware

Risk to Small Business: 2.111 = Severe: A ransomware attack on July 16th crippled the cloud hosting platform’s services. The attack had cascading consequences, impacting both iNSYNQ and companies that use its products. In response, iNSYNQ was forced to take down their entire network, which instigated a lengthy recovery process that encouraged significant criticism on social media. Therefore, iNSYNQ’s ransomware battle is playing out on two fronts. Their IT team is struggling to restore its comprehensive digital infrastructure even as the company is navigating a PR disaster that could have grave financial implications down the road.

Individual Risk:  2.428 = Severe:  While no personal information was compromised in the event, the unique nature of iNSYNQ’s product offering means that many users may have lost access to their data without a clear path to restoration. The company is encouraging all users to back up their data for thirty days to hedge against the threat of data loss from this ransomware attack.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware attacks have become so prominent that they can feel like an inevitability, and companies should treat them as such. Losing access to company data is devastating, but when client services are implicated, the consequences are magnified. As a result, supportive services like identity or credit monitoring can offer customers the peace-of-mind necessary to begin restoring the company’s badly damaged reputation.


Park DuValle Health Center: Non-profit medical center serving patients in Louisville, KY

Exploit: Ransomware

Risk to Small Business:  1.777 = Severe: After successfully restoring their network following a ransomware attack in April, Park DuValle Health Center was attacked again in June, ultimately choosing to pay $70,000 to restore access to their network. The most recent ransomware attack encrypted medical records, contact information, insurance information, and all other patient-related data for past and present patients. The healthcare provider has been without this information since June 7th, and they’ve been unable to schedule new patients during that time. Consequently, the clinic is relying on patients’ memories about treatment and medications, a troubling reality for any healthcare provider.

Individual Risk:  No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Business: A ransomware attack is a costly ordeal with broad consequences that extend beyond the immediate expense of restoring system access. In this case, Park DuValle’s entire business was crippled, making the $70,000 ransom payment the least of their financial worries. It’s a reminder that having the tools necessary to respond to a ransomware attack is part of the cost of doing business in today’s digital environment.


Cancer Treatment Centers of America:  National, for-profit network of cancer care, research, and outpatient care centers

Exploit: Phishing Attack

Risk to Small Business: 1.888 = Severe: On June 6th, the Cancer Treatment Centers of America detected unauthorized email account access at its Philadelphia-based medical center. The account was compromised when an employee fell for a phishing scam in early May, meaning that intruders had access to patient data for more than a month before it was detected. As a result, the company will face enhanced regulatory scrutiny even as they grapple with the technological and public relations implications associated with a data breach.

Individual Risk: 2.142 = Severe: A single phishing scam compromised the personally identifiable information for thousands of patients. This includes their names, addresses, phone numbers, dates of birth, medical record numbers, and other patient-related information. Those impacted by the breach should monitor their accounts for unauthorized access, and they should consider identity or credit monitoring services to help ensure the long-term integrity of their data.

Customers Impacted: 3,904

How it Could Affect Your Business: Personally identifiable information can quickly make its way to the Dark Web, and every organization needs a plan for protecting that information in the event of a data breach. At the same time, providing supportive services, like credit or identity monitoring, is a good first step toward repairing the damage and restoring customer confidence in your organization.


In Other News:

Ransomware Gets a New Lease on Life…

Ransomware attacks have made a precipitous return to public life, making them one of the most potent threats in today’s digital landscape.

Once targeting individual computer systems, ransomware fell out of favor with cybercriminals as it failed to net significant returns. That changed when cybercriminals began targeting local governments and small and medium-sized businesses where they can earn thousands of dollars from the relatively inexpensive attack method.

Many attribute this shift in approach to the WannaCry ransomware virus, which captured national headlines and set a new direction for future cybercriminals.

As municipalities and organizations grapple with the best response plan, it’s clear that bad actors will continue to wreak havoc with new iterations of ransomware. A strong defense is the most affordable and advantageous approach to these attacks and getting expert eyes (like ours!) on your cybersecurity landscape can ensure that your vulnerabilities are accounted for.


A Note From Kobargo..The Increasing Cost of a Data Breach… 

As the headlines continually demonstrate, data breaches are quickly becoming a prominent problem for organizations of any size and operating in any sector. The bad news, according to IBM’s annual report on the cost of data breaches, is that they are also becoming more expensive.

In 2019, companies can expect to spend $3.92 million on a data breach, a 12% increase in just five years.

With today’s regulatory landscape trending toward consumers, companies can expect these numbers to continue increasing as governments intend to exact financial penalties from organizations that can’t protect their customers data.

Consequently, highly-regulated industries like healthcare and financial services saw the most significant price escalations.

The report is especially troubling for SMBs. IBM concluded that companies with less than 500 employees will still incur losses in excess of $2 million if a data breach occurs, and they can expect these costs to continue to for several years after a breach.

The high cost of a data breach makes cybersecurity partnerships a relatively inexpensive way to protect your organization from the catastrophic consequences that accompany a breach.


CHECK OUT OUR LATEST VIDEO O“PASSWORD PROTECTION” AVAILABLE NOW! 


Contact Kobargo Technology Partners to schedule a free consultation today!

The best online JS tools can be found at HTML-CSS-JS.com: script beautifier, compressor, cheat sheet or just read the blog.

Read more

CATEGORIES

YOU MAY ALSO LIKE