The Week in Breach: 01/01/20 – 1/07/20 | CloudSmart IT

The Week in Breach: 01/01/20 – 1/07/20

This week, ransomware disrupts the holidays, a nonprofit organization has its donor list compromised, and “password” remains a stubbornly popular password.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums
Top Compromise Type: 
Top Industry: 
Education & Research
Top Employee Count: 
250 – 500 Employees 

United States – Sinai Health System

Exploit: Phishing scam
Sinai Health System: Chicago-based healthcare network

extreme gauge Risk to Small Business: 1.555 = Severe: Two employees fell for a phishing scam that gave hackers access to email accounts containing patients’ personal data. The attack, which occurred on October 16th, wasn’t discovered until December. In response, Sinai Health Network reset employees’ email passwords and provided employees with phishing scam awareness training to prevent a similar event in the future. Unfortunately, these actions cannot undo the damage of a data breach, and the healthcare network will now endure heavy regulatory scrutiny, as the Office for Civil Rights has launched an investigation into the incident.
twib-severe Individual Risk: 2.285 = Severe: Patients’ personal information was compromised in the breach, including their names, addresses, dates of birth, Social Security numbers, health information, and health insurance information. Hospital administrators contend that there is no evidence of misuse, but patients impacted by the breach should not presume that their data is secure. Instead, they should closely monitor their accounts for unusual activity, and they should consider enrolling in identity monitoring services to ensure that their information isn’t misused down the road.

Customers Impacted: 12,578
How it Could Affect Your Customers’ Business: It’s inevitable that phishing scams will make their way into your employees’ inboxes. Fortunately, these attacks are useless if employees identify the threat and don’t engage with the email. Employee awareness training can empower email recipients to become a strong defense against phishing scams but waiting until after a breach to provide this training is fruitless. As Sinai Health System just learned, if employees aren’t ready to respond before an incident occurs, the training efforts won’t save your company’s data or its dollars. 

United States – Synoptek

Exploit: Ransomware
Synoptek: Cloud hosting and IT management company


Risk to Small Business: 2.111 = Severe: A phishing scam-enabled ransomware attack brought an early, unwanted Christmas present to Synoptek’s employees and more than 1,100 enterprise customers around the world. The attack disrupted many services, and Synoptek paid a ransom demand in an attempt to restore operations. Synoptek endured serious customer scrutiny as companies impacted by the network outages took to Twitter and Reddit to complain about the company. In addition, Synoptek is being ridiculed for a December 20th tweet encouraging companies to be vigilant about guarding against phishing scams, a message sent just days before a company employee fell for a phishing scam that instigated the ransomware attack.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks are uniquely expensive, bringing hefty recovery and opportunity costs that are compounded by the less-quantifiable reputational damage that accompanies an attack. However, they aren’t as inevitable as many people think, as these malware attacks always require a foothold. In this case, a phishing scam allowed hackers to access to company’s system and infect its network. Since the consequences of a ransomware attack are enormous, every company has millions of reasons to put their best foot forward to defend against this increasingly common cyber-attack. 

United States – Special Olympics NY

Exploit: Phishing scam
Special Olympics NY: Nonprofit organization

extreme gauge 

Risk to Small Business: 2.222 = Severe: Cybercriminals hacked the organization’s network and used this access to send phishing emails to its previous donors. Special Olympics NY contacted those impacted by the event, asking them to disregard the phishing communication and to offer confidence that their data was secure. Criminals created a sense of urgency by alerting donors that an automatic donation for $1,942,49 was scheduled to debit in two hours, and the emails invited users to confirm their donation by inputting their personal data on a malicious website.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: While it’s unclear how cybercriminals accessed the organization’s communications platform, it’s possible that they walked right through the proverbial front door. With millions of user logins available on the Dark Web, many hackers have critical login information available at their fingertips. Unfortunately, the consequences for businesses can be devastating. For Special Olympics NY, it’s possible that this event could discourage donors from contributing in the future, a damaging blow to one of their critical revenue streams. 

United States – Active Network

Exploit: Unauthorized database access
Active Network: Educational software developer

twib-severe Risk to Small Business: 1.888 = Severe: Hackers infiltrated Active Network’s IT infrastructure and gained access to customers’ personally identifiable information. Bad actors had access to the network between November 1, 2019 and November 13, 2019, but the company didn’t identify the breach until December. The breach is limited to the Active Network’s Blue Bear software platform used by public K-12 schools. This incident is an irrevocable stain on a company operating in an industry that demands data privacy as a prerequisite for doing business, meaning this breach could have significant negative consequences for their business in the future.
twib-severe Individual Risk: 2.287 = Severe: Hackers accessed users names, payment card expiration dates and security codes, and Blue Bear account usernames and passwords. However, Social Security numbers, driver’s license numbers, and government ID numbers were not included in the breach. Every Blue Bear user should reset their account passwords, and those impacted by the breach should notify their financial institutions of the event. Active Network is offering free identity monitoring services to victims and enrolling in this service can help ensure that their personal information isn’t misused now or in the future.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Brand reputation is a cherished and hard-earned standard that can quickly erode when a data breach strikes. With more consumers demanding a track record of high data security standards before doing business with a company, organizations have every incentive to build their reputation on the bedrock of strong data security procedures. Simply put, to remain competitive in today’s digital environment, businesses can’t just talk about data security, they actually have to protect customers’ information. 

Canada – TD Canada Trust

Exploit: Phishing scam
TD Canada Trust: Personal & small business banking institution

twib-severe Risk to Small Business: 2.444 = Severe: Security researchers have unearthed a two-year phishing campaign impacting Canadian banks, including TD Canada Trust. The phishing campaigns began with legitimate-looking emails containing PDFs that included official bank logos and an authorization code. Victims are instructed to renew their digital certificates to maintain their online bank accounts. When they click on a provided link, they are directed to a page that asks for their banking credentials. Hackers registered numerous domains similar to the banks’, making their efforts even more convincing.
correct severe gauge Individual Risk: 2.571 = Moderate: Phishing scams are only effective if users provide their personal details, but anyone that offered this information should be aware that it is now in the hands of cybercriminals. Those impacted by the breach should immediately notify their financial institutions of the episode. Moreover, they should carefully monitor their accounts for suspicious or unusual activity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This phishing scam underscores the capabilities of today’s cybercriminals who can quickly and easily create authentic-looking email campaigns, websites, and even documents. Since these scams are the leading cause of a data breach, every organization should take measures to prepare their employees and customers for the reality of today’s digital environment. In doing so, they can help ensure that phishing scams can’t compromise company or customer data. 

Netherlands – Maastricht University

Exploit: Ransomware
Maastricht University: Public post-secondary academic institution


Risk to Small Business: 1.888 = Severe: A ransomware attack on Maastricht University disabled the university’s Windows computers and email services. To prevent the malware’s spread, the university brought its entire network offline. While they noted that they are taking extra precautions to protect critical scientific data, they acknowledged that they can’t predict how long it will take them to overcome this expansive attack.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware has enjoyed a troubling resurgence as a prominent way to exact low-risk, high-yield payouts from victims. Often, these attacks are levied on soft targets like organizations or entities that can’t or won’t protect against these threats. Especially for SMBs, it can be tempting to leave this risk up to chance, but the high cost of a ransomware attack makes a strong defensive posture a veritable must-have to remain competitive in today’s digital landscape. 

United Kingdom – The Cabinet Office

Exploit: Accidental sharing
The Cabinet Office: Governmental department responsible for supporting the Prime Minister and Cabinet

extreme gauge Risk to Small Business: 2.333 = Severe: The Cabinet Office inadvertently uploaded the home and work addresses of recipients of various New Years’ honors recipients. The honorees included several celebrities and defense personnel, many of whom took to the internet to complain about the shocking privacy blunder. The department received special ridicule because of the government’s work in holding companies accountable for data privacy with GDPR. Although the information was only available for about 90 minutes, anyone could access this sensitive data during that time, and there’s no way to recover that information.
twib-severe Individual Risk: 2.428 = Severe: The blunder compromised personal data, including names and addresses for many prominent public figures and security personnel. This information could invite unwanted correspondence or security concerns, and those impacted by the breach should make every effort to protect their physical and online security.

Customers Impacted: 1,000
How it Could Affect Your Customers’ Business: Accidental data sharing is a common cause for data breaches, but it’s one that companies can account for in both their policy and employee training efforts. In addition, everyone can protect their digital accounts by adopting security best practices like two-factor authentication to ensure that, even if their credentials are accidentally shared online, accounts aren’t easily accessible to hackers. 

United Kingdom – Travelex

Exploit: Malware attack
Travelex: Foreign currency exchange


Risk to Small Business: 2 = Severe: Travelex rang in the new year with an old cyberattack methodology, enduring a malware attack on December 31st. The company brought its systems offline to protect data and prevent its spread. Many UK customers experienced a “server error” when trying to access the website, and many companies that rely on Travelex services were similarly disrupted because of the outage. The incident could carry heavy opportunity costs for the company, since it’s unclear how long the malware will disable their platform.

Individual Risk: At this time, no personal information was compromised in the breach. However, Travelex customers should stay abreast of the latest developments to ensure that they are ready to respond if personal data is compromised.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Malware attacks can significantly disrupt a business, but hackers rely on readily-available access points to plant malicious software. Many use login credentials or other access points that are frequently bought and sold on the Dark Web or hacker forums. By remaining vigilant about securing employee credentials, companies can cut off a frequent access point for hackers. 

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.