Cyber Alert Monday, Data Breach- We are falling prey to the phenomenon of “data breach fatigue.” Indoctrinated with daily news of compromises, we’re beginning to ignore the possibility of future cyber-attacks.
Why data never expires on the Dark Web
In the ongoing slew of mega data breaches, it’s likely that our personal information has been breached and is being auctioned off on the Dark Web. Hackers are not only scooping up more personally identifiable information (PII) than ever before, but also additional information that can be leveraged to conduct damaging fraud. At the same time, we are falling prey to the phenomenon of “data breach fatigue.” Indoctrinated with daily news of compromises, we’re beginning to ignore the possibility of future cyber-attacks.
Simply changing a few passwords is not enough. When a hacker gets his hands on persistent records such as a customer name, SSN, or permanent address, it almost never expires. The only way to survive in this new reality is by protecting employees and customers from identity theft. How can this be accomplished? Investing in identity theft solutions that can detect compromises proactively by monitoring for an organization’s employee and customer data on the Dark Web.
Last week’s Hacks, Attacks, Breaches and More…
Sizmek: American online advertising platform based in Austin
Exploit: User account takeover.
Risk to Small Business: Severe: Security researcher Brian Krebs caught hackers auctioning access to a Sizmek user account on the Dark Web, specifically a Russian-language cybercrime forum. The bidding began at $800 per account. With account access in hand, threat actors are capable of infecting ongoing ad campaigns or siphoning profits from ads in the system. After investigating, Sizmek believes that the account in question was simply a regular user account, without higher level administrator access. Nevertheless, the platform will be forced to upgrade security and deal with a PR nightmare to retain customers and continue to do business.
Individual Risk: Severe: Given that the company connects over 20,000 advertisers with 3,600 agencies across 70 countries, such a compromise could have displaced advertising revenue from clients and passed undetected for quite some time. This type of attack poses a high risk for Sizmek clients and their end-users, who have the most to lose in the event of a breach.
Customers Impacted: To be determined.
How it Could Affect Your Business: In an ecosystem of evolving B2B2C business models, companies that provide services for business users must acknowledge the possibility and gravity of a cyber-attack. As evidenced by this event, cybercriminals are peddling access to attack vectors that have the potential to cripple businesses on the Dark Web. Partnering with an MSP who can proactively monitor and navigate the inner workings of the Dark Web is crucial to securing small business customers and end users.
Source
Delaware Guidance Services: Non-profit that offers mental health services for children, youth, and families.
Exploit: Ransomware attack.
Risk to Small Business: Severe: The Delaware-based organization issued letters to 50,000 patients notifying them of a ransomware attack that took place on December 25, 2018. After records were locked by hackers, DGS ended up paying a ransom in exchange for a decryption key to regain access. Although their investigation concluded that no data was compromised, they are offering free credit monitoring and reporting services for one year to those affected.
Individual Risk: Severe: Personal details including names, addresses, DOBs, SSNs, and medical information was impacted. All members have been advised to review financial and credit reports for any suspicious activity.
Customers Impacted: 50,000 patients.
How it Could Affect Your Business: The threat of ransomware is increasing at alarming rates, and small businesses must begin to consider the potential impact of an attack on their systems. In the event of a breach, management is forced to decide whether to pay the ransom or risk losing access to customer records forever. Source
Orchard View School District: A high school district in Muskegon Township, Michigan.
Exploit: Internal data breach.
Risk to Small Business: Severe: Students allegedly hacked the school’s information system, PowerSchool, and altered grades and attendance records. The school has notified parents of the students who may be responsible and is investigating the incident. However, what data was modified and how accessed has yet to be determined.
Individual Risk: Moderate: Depending on whether a ledger of the previous data was stored or removed, other students could be at risk for having their grades modified. Regardless, the possibility of losing such data can be upsetting for students, to say the least.
Customers Impacted: To be determined.
How it Could Affect Your Business: Organizations that store important information must remain vigilant for cyber-attacks, especially originating from within. To protect valuable data from getting in the hands of the wrong people, internal systems must be “fool-proofed” by partnering with the right security provider.
The right security partner can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into its strongest points of protection. Source.
FILA: UK branch of sportswear brand
Exploit: Card-stealing Javascript malware.
Risk to Small Business: Severe: Russian security vendor Group-IB discovered that a malware dubbed GMO was installed into the clothing brand’s website for at least the past four months. The attacker responsible was able to secretly collect card data entered by customers through the company’s server, researchers reported. However, the company was unable to remove the card-stealing code from their site until very recently. Along with the threat of fines and lawsuits, the business will certainly face customer churn.
Individual Risk: Severe: Anyone who ordered from the FILA.co.uk website should be contacting their bank and checking their statements. Since the company has yet to issue a statement, it could be months before customers are notified and able to act, potentially putting them at severe risk.
Customers Impacted: An estimated 5,600 cardholders.
How it Could Affect Your Business: As the world of e-commerce grows increasingly competitive, especially in the lens of the apparel industry, businesses should know that such a breach can produce catastrophic consequences. Keeping online shoppers on your website is hard enough as-is, and companies must avoid breaches at all costs to retain trust. In order to do so, it becomes a simple matter of enlisting the help of an IT security provider. Source.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!
Cyber Alert Monday, Data Breach- Why should you care about the latest data breach or ransomware attack? Reality is, you don’t have to. In fact, that’s what cyber-criminals are counting on.
Topps: U.S. Sports trading card and collectible company.
Exploit: Form-jacking attack.
Risk to Small Business: Severe: After initially discovering unauthorized access in December and investigating, the company confirmed that customers who had placed orders from November through January may have been compromised. Payment card details including credit/debit card numbers, card expiration dates, and security codes were breached. This is the second breach suffered by the company in recent years, which may compound customer churn and security costs.
Individual Risk: Severe: Personal information such as customer names, mailing addresses, telephone numbers, and email addresses were also exposed during the attack. Users are being asked to review their payment card statements and stay alert for possible identity theft.
Customers Impacted: To be determined.
How it Could Affect Your Business: Form-jacking attacks are being deployed by hackers at an unprecedented rate, with a targeted focus towards online retailers. Once customer data is skimmed from an e-commerce site using malicious code, it can be sold on the Dark Web for profit or used to carry out various forms of cyber fraud. Even worse, such attacks can go unnoticed for long periods of time, causing more damage to both companies and their customers. Source
St. Francis Physician Services: Health system based in South Carolina.
Exploit: Unauthorized access of electronic health record system.
Risk to Small Business: Severe: On January 4th, it was discovered that an unauthorized individual gained access to systems of Milestone Family Medicine, a medical practice in Greenville. The SFPS health system previously employed the physicians that worked at Milestone Family Medicine, leading the larger organization to launch an investigation. While there is currently no indication of information misuse, letters have been sent to patients alerting them of the breach.
Individual Risk: Severe: On January 4th, it was discovered that an unauthorized individual gained access to systems of Milestone Family Medicine, a medical practice in Greenville. The SFPS health system previously employed the physicians that worked at Milestone Family Medicine, leading the larger organization to launch an investigation. While there is currently no indication of information misuse, letters have been sent to patients alerting them of the breach.
Customers Impacted: To be determined.
How it Could Affect Your Business: In this scenario, SFPS was obligated to disclose the data breach even though Milestone Family Medicine was no longer a part of its network. Small businesses should be educated on data breach notification requirements that are becoming increasingly stringent. To avoid similar situations from arising, companies must shield themselves from third-party or employee-related breaches. Source
Samsung Canada: Canadian arm of the Samsung Electronics company
Exploit: Third-party employee breach.
Risk to Small Business: Severe: On November 29th, 2018, an intruder gained account credentials for a Glentel employee and was able to view personal details of shoppers on the Samsung Canada online store. Glentel is the independent wireless retailer that operates the Samsung website, and was able to address the vulnerability within the same day. The company was forced to disclose the breach to its customers but has offered assurances that no financial information was exposed.
Individual Risk: Severe: Names, addresses, emails, phone numbers, and product purchase details were compromised. However, only customers that were making purchases during the time of exposure would have been affected.
Customers Impacted: To be determined.
How it Could Affect Your Business: Disguising or diminishing the consequences of a data breach can be detrimental for any organization. A customer openly spoke out against the data breach notification on Twitter, sarcastically noting that “only my address, phone number, email was accessed… Thanks, Samsung Canada”. In the event of a breach, it is important to communicate effectively with customers in order to restore trust and get back to business. Source.
NWT Department of Health and Social Services: Health department for the Northwest Territories of Canada
Exploit: Theft of government employee laptop.
Risk to Small Business: Severe: On May 9th, 2018, an intruder broke into a car and stole a government employee’s laptop, resulting in a severe privacy breach. It is estimated that the device contained information on up to 40,000 Canadian citizens, and included sensitive health information. Officials are citing inadequate privacy training as the core issue since managers are instructed to delete sensitive data immediately after using them. The department will now be required to conduct a list of privacy initiatives by 2020, resulting in expensive investments measured in time and money.
Individual Risk: Severe: Although less than half of those affected were only identified by health card numbers, the remaining 53% could be at risk since their names, dates of birth, health card numbers, and diagnoses were stored on the exposed laptop. Such sensitive data can be sold on the Dark Web to the highest bidder or leveraged for harmful identity theft.
Customers Impacted: 40,000 Canadian residents.
How it Could Affect Your Business: Employees are identified as agents, or extensions, of the company they work for. When news breaks that an employee is responsible for a data compromise, the entire organization is put under a microscope. Businesses must ensure that their workforce acts as custodians of customer data, and this can be accomplished through privacy training and proper vetting. Source.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!
Cyber Alert Monday, Data Breach- That business lunch you enjoyed last week just cost you more than you think. 100+ restaurants and hotels across nine states had their customer data accessed.
North Country Business Products: A Minnesota-based provider of POS systems for the hospitality sector.
Exploit: Malware injection into point-of-sale (POS) systems.
Risk to Small Business: EXTREME: Customers of restaurants and hotels in nine states, including some 50 Arizona establishments and 65 Dunn Brothers coffee shops, may have had their payment card information accessed between January 3 and January 24, 2019. Announcement of this potential exposure was made February 15 by North Country Business Products, which provides point-of-sale software systems in the hospitality sector. Upon discerning suspicious activity in certain of its clients’ networks, North Country launched an investigation January 4, determining on January 30 that an outside party deployed malware to some of its business partners.
Individual Risk: SEVERE RISK: Information potentially accessed includes the cardholder’s name, credit card number, expiration date, and CVV. Criminals can use this information to commit payment fraud, so those who patronized the Arizona restaurants and hotels affected should continuously review account statements and monitor credit reports. North Country, which says that the problem has been corrected, lists the businesses potentially affected on its website and has set up a helpline for consumers.
Customers Impacted: To be determined.
How it Could Affect Your Business: The issue was first noticed January 4 and data continued to be exposed for another 20 days, until January 24, signaling an opportunity for North Country Business Products to implement advanced security monitoring technologies. All businesses should consider the promise of machine learning solutions, which can detect and predict suspicious activities before they inflict damage. Source
AdventHealth Medical Group: Taveras, Florida-based health care practice.
Exploit: Malware.
Risk to Small Business: Severe: AdventHealth Group recently announced a 16-month data breach stretching back to August 2017 that exposed some 42,000 patients’ sensitive personal data. The medical provider group has not detected how the malware was installed, nor has it stated why the breach was not discovered for nearly a year and a half.
Individual Risk: Severe: The malware allowed access to patient names, addresses, email addresses, telephone numbers, dates of birth, health insurance information, Social Security numbers, and medical histories, as well as race, gender, weight, and height. This data could allow identity theft and potentially blackmail where particularly sensitive medical conditions, such as HIV/AIDS or addiction, are concerned.
Customers Impacted: 42,000.
How it Could Affect Your Business: The data breach extended across 16 months before it was discovered, and the medical group has not yet determined its origin, indicating a need to implement advanced security monitoring technologies. All businesses should consider the promise of machine learning solutions, which can detect and predict suspicious activities before they inflict damage. Source
American consumers: Online users in the United States
Exploit: Malvertising campaign.
Risk to Small Business: Severe: A malvertising campaign by the eGobbler group targeting U.S. users was launched over Presidents Day weekend, February 16-18, garnering some 800 million impressions. Those who clicked on the ads were redirected to a wide range of phishing sites that attempted to trick consumers to enter personal details, including financial information.
Individual Risk: Moderate: Cybercriminals can use the information collected to conduct spear phishing email campaigns or they can sell the stolen credentials on the Dark Web to other criminals.
Customers Impacted: Unknown.
How it Could Affect Your Business: Malvertising campaigns can expose sensitive customer and employee data, or cause mistrust in websites hosting the infected ads leading to brand erosion and customer churn. Source.
Labour Party: Second largest political party in the United Kingdom
Exploit: Theft of data from member databases.
Risk to Small Business: Severe: The United Kingdom’s Labour Party announced February 20, 2019, that it had detected several attempts to access member databases and campaign tools. The surmise is that members of Parliament (MPs) who recently left the Labour Party to form a competing party known as The Independent Group tried to steal information that would allow targeting in future political campaigns. Anyone obtaining or attempting to obtain personal data without the consent of the controller is committing an offense under the U.K.’s Data Protection Act of 2018.
Individual Risk: Moderate: It is yet unknown if information was obtained by individuals whose access to that information should have been revoked. Labour Party officials may also be questioned as to the large number of individuals with access to its databases, including not only MPs but also paid and volunteer campaign associates across the nation.
Customers Impacted: Undisclosed.
How it Could Affect Your Business: All organizations, whether public or private sector, need robust systems and processes to validate access rights and continually manage those rights, which includes triggering notices when unauthorized parties attempt to gain access. Source.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!
Cyber Alert Monday,Data Breach- The Cyber-criminal Spring Break party jumps off early this year, targeting favorite food spots, kids camps and more.
Dunkin’ Donuts: One of the world’s leading baked goods and coffee chains.
Exploit: Credential stuffing attack. ( A type of cyberattack where stolen account credentials typically consisting of lists of usernames and/or email addresses and the corresponding passwords (often from a Data Breach). This information is used to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application).
Risk to Small Business: Severe: On February 12th, Dunkin’ Donuts announced that it suffered a credential stuffing attack back in January. This news comes just a few months after the company fell victim to a similar attack on October 31, 2018. As we’ve covered before, hackers employ credential stuffing attacks by leveraging previously leaked usernames and passwords to access user accounts. In this case, they were able to breach DD Perks rewards accounts and are putting them up for sale on Dark Web forums. Aside for the “double whammy” of two attacks within a short time-frame, loyal customers who have lost their rewards will likely bring their business elsewhere.
Individual Risk: Moderate: This Data Breach consisted of exposed accounts containing personal information such as first and last names, email addresses, 16-digit account numbers, and QR codes. Although the accounts have been put up for sale so that buyers on the Dark Web can cash out on reward points, they can also use credentials to orchestrate further cyberattacks.
Customers Impacted: 12,000.
How it Could Affect Your Business: The trend of credential stuffing is only the first wave resulting from billions of recently leaked usernames and passwords. Companies that experience similar attacks on user accounts will be held liable, regardless of whether they are the source of the breach. To protect from future attacks, businesses must team up with security providers to ensure state-of-the-art password protection and Dark Web monitoring. Source
DataCamp: Online learning platform for data science
Exploit: Unauthorized system access.
Risk to Small Business: Severe: Last Monday, the site announced that it had suffered a breach affecting users of the platform. A third-party was able to gain access to one of its systems, and the company has notified users, logged out all accounts, and reset passwords since then. Additionally, an investigation has been initiated to discover the exact cause of the breach and how many users are affected.
Individual Risk: Moderate: Personal information including names, email addresses, and optional information such as location, company, biography, education, and profile picture were exposed. This was coupled by account details containing hashed passwords, account creation dates, last sign-in dates, and IP addresses. Users should immediately reset their passwords across all associated accounts, especially if they created a complete profile on DataCamp.
Customers Impacted: To be determined.
How it Could Affect Your Business: Striking the balance between convenience and security becomes increasingly difficult during a breach incident. In this scenario, DataCamp took an added precaution by logging all users out of their accounts and requesting password resets. However, it is entirely possible that users will switch over to other platforms after being inconvenienced. To maintain a loyal customer base, companies should focus on security solutions that are not intrusive to the customer’s path to purchase. Source
Truluck’s Seafood, Steak, & Crab House: Houston-based chain restaurant
Exploit: Malware injection into point-of-sale (POS) systems.
Risk to Small Business: Severe: Truluck’s recently disclosed a Data Breach notification to one of its servers, which occurred between November 21 to December 8 of 2018. The investigation has revealed that malware was injected into POS systems of 8 restaurant locations across Austin, Houston, Naples, Southlake, and Chicago. Although payment information was compromised, personal information was not stored, which means that the company will likely deal with breach-related expenses but be able to retain customers.
Individual Risk: Severe: Compromised information included debit or credit card numbers and expiration dates. Hackers can use such details to execute payment fraud, so previous restaurant patrons should continuously review account statements and monitor credit reports.
Customers Impacted: To be determined.
How it Could Affect Your Business: The payment breach was discovered two months after it was initially conducted, signaling an opportunity for Truluck’s to implement advanced security monitoring technologies. All businesses should consider the promise of machine learning solutions, which can detect and predict suspicious activities before they inflict damage. Source.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!