This week, phishing scams cost millions, oversights compromise customer data, and Magecart targets Australian brushfire donors.
Dark Web ID Trends:
Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: High-Tech & IT
Top Employee Count: 1 – 10 Employees
United States – LimeLeads
Exploit: Unsecured database
LimeLeads: B2B lead generation service
 | Risk to Small Business: 2 = Severe: LimeLeads failed to secure an internal server, allowing a prominent threat actor to acquire and subsequently sell the company’s data on the Dark Web. The data breach could have significant implications for the company, whose business model centers around brokering company data for marketing initiatives. Security researchers found that the database was publicly exposed since at least July 27, 2019, meaning that the company had ample time to secure the database before bad actors became involved. Now they must grapple with crippling losses, including the less quantifiable brand erosion that accompanies a data breach. |
 | Individual Risk: 2.428 = Severe: Company data has been for sale since October 2019, spanning across personally identifiable information such as their names, titles, email addresses, employer/company names, addresses, phone numbers, and even total revenue numbers. This information can be strategically deployed in spear phishing attacks, so those impacted by the breach should be especially critical of online communications while also closely monitoring their accounts for suspicious or unusual information. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Customers and companies are increasingly unwilling to partner with organizations that can’t secure their data. Consequently, avoidable data breaches are an especially egregious way to compromise a company’s long-term viability. Inevitably, mistakes will be made, but identifying those errors and making corrections before hackers can capitalize on the information is critical to any defensive posture.
United States – New Albany Airport
Exploit: Ransomware attack
New Albany Airport: New York-based airport authority
| Risk to Small Business: 2.111 = Severe: A ransomware attack on one of the airport’s MSPs spread to its servers, encrypting backup files, administrative information, and other resources. Fortunately, the malware did not extend to the Albany International Airport or airline computers. However, the company was forced to pay a five-figure ransom to recover their information. The attack’s effectiveness was predicated on the organization’s outdated hardware and lax cybersecurity standards. In response, the New Albany Airport Authority terminated its contract with the MSP and is taking steps to upgrade its defensive posture. Individual Risk: At this time, no personal information was compromised in the breach. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This incident underscores the cascading consequences of a data breach. For the New Albany Airport Authority, they will bear the financial cost of recovery while their MSP will lose an important contract since they failed to protect their customers’ IT. From both directions, it’s clear that data security failure is a deal-breaker in today’s digital environment.
United States – Manor Independent School District
Exploit: Phishing scam
Manor Independent School District: Public school district
| Risk to Small Business: 1.777 = Severe: Hackers successfully executed a phishing scam against employees, and they used the stolen credentials to siphon $2.3 million from the district. It took three separate transactions to acquire a significant sum, but their efforts were ultimately successful. The lost funds are just the start of an expensive process that will undoubtedly involve updating cybersecurity protocols, implementing employee awareness training, and upgrading IT infrastructure. |
| Individual Risk: 2.428 = Severe: While the phishing scam didn’t compromise the district’s data, those implicated in the scheme submitted their account credentials to cybercriminals. They will need to update their account information to ensure its long-term security. At the same time, they should closely monitor their other accounts for unusual or suspicious activity. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: While some companies might be reticent to invest in employee awareness training, this incident demonstrates that the cost of a successful phishing scam far exceeds the expense of preventative measures. The district is working to recoup lost funds but is not likely to emerge unscathed. This news offers a cautionary tale for organizations of all shapes and sizes; preventative measures are only effective if they are implemented before a breach occurs.
Canada – PlanetDrugsDirect
Exploit: Exposed client data
PlanetDrugsDirect: Online pharmacy
| Risk to Small Business: 1.666 = Severe: PlanetDrugsDirect sent emails and direct mail to its customers, notifying them of a data breach that compromised customers’ personal health information (PHI). In addition to customer blowback, PlanetDrugsDirect will face intense regulatory scrutiny because of the sensitive nature of the data compromised. Additionally, their response was ambiguous at best, minimizing the company’s ability to begin restoring customer confidence in the wake of the data breach. Individual Risk: At this time, no personal information was compromised in the breach. |
| Individual Risk: 2 = Severe: According to the company, hackers accessed customers’ names, addresses, email addresses, phone numbers, medical information, and payment information. Those impacted by the breach should notify their financial institutions of the event. PlanetDrugsDirect is asking all customers to closely monitor their bank account and credit account activity. Increased vigilance surrounding online communications is key, as this information is often used to execute phishing scams and other cybercrimes. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: PlanetDrugsDirect sent emails and direct mail to its customers, notifying them of a data breach that compromised customers’ personal health information (PHI). In addition to customer blowback, PlanetDrugsDirect will face intense regulatory scrutiny because of the sensitive nature of the data compromised. Additionally, their response was ambiguous at best, minimizing the company’s ability to begin restoring customer confidence in the wake of the data breach.
Canada – City of Corner Brook
Exploit: Unauthorized database access
City of Corner Brook: Local municipality
| Risk to Small Business: 2 = Severe: On four occasions, hackers accessed private information on the city’s website that included peoples’ personally identifiable information. Specifically, the data related to a previous voters’ directory. After identifying the breach, the city brought the entire system offline to prevent further access while officials investigate the nature and scope of the attack. |
| Individual Risk: 2.428 = Severe: The data breach included a voters’ list comprised of residents’ names and dates of birth. While the city is designating the information “low risk,” those impacted by the breach should carefully monitor their accounts. Login information that is reused across accounts can be leveraged in phishing scams that can compromise even more critical personal data. |
Customers Impacted: 10,000
How it Could Affect Your Customers’ Business: Cybercriminals often pursue soft targets, organizations or institutions with weak cybersecurity standards. Budgetary restrictions are a real hurdle to cyber defense, but any organization can improve its defensive posture by implementing simple best practices, like two-factor authentication, to secure accounts and IT infrastructure.
Germany – Bithouse Inc.
Exploit: Unsecured database
Bithouse Inc.: App developer
| Risk to Small Business: 2.111 = Severe: Security researchers discovered an exposed database for Bithouse Inc.’s Peekaboo Moments app. The software is used by parents to collect photos and videos of their children’s memorable moments, making the exposure of this information to the open internet a serious privacy violation that is certain to have significant consequences for developers. The exposed database included files dating back to March 2019, and security researchers described their IT infrastructure as “bizarrely done and grossly insecure.” Customer blowback and the subsequent financial repercussions will be considerable. |
| Individual Risk: 2.428 = Severe: In addition to user email addresses, photos and videos collected by app users were available on the exposed database. This information could be deployed in additional cyberattacks, including phishing campaigns, but the most significant violation is a profound privacy intrusion due to company negligence. |
Customers Impacted: 800,000
How it Could Affect Your Customers’ Business: Bithouse Inc. is enduring serious media scrutiny because of the uniquely sensitive nature of the content. Ultimately, functionality, accessibility, or even novelty can’t supplant data security. The episode should serve as a lesson to every company collecting personal information and encourage developing digital platforms to rethink their data security postures.
United Kingdom – Fresh Film Productions
Exploit: Unsecured database
Fresh Film Productions: Advert film production company
| Risk to Small Business: 2 = Severe: The production company failed to secure a company database, accidentally sharing their personally identifiable information (PII) online. After learning of the incident, the company immediately secured the database, but the server has been publicly available since 2018 and was accessed by cybercriminals. Most notably, the database contained the personal information of 40 men who participated in a Dove Men Plato ad campaign. |
| Individual Risk: 1.666 = Severe: The exposed database included personally identifiable information, including names, addresses, email addresses, telephone numbers, dates of birth, and bank details. Those affected need to notify their financial institutions of the breach and consider enrolling in identity and credit monitoring services to protect their information against additional cybercrimes or fraud attempts. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: For many consumers, trust in a brand’s data security standards is a prerequisite for doing business. Therefore, companies that fail to avoid even the most preventable data disasters are not well-positioned for success in today’s breach-averse culture. To be a successful, impactful organization, data security has to be a top priority.
Australia – P&N Bank
Exploit: Information breach
P&N Bank: Financial services provider
| Risk to Small Business: 1.777 = Severe: A third-party partner with P&N Bank was accessed by hackers, compromising the bank’s customer data. The breach occurred during a December server upgrade. In response, P&N shut down the servers to prevent further access or infiltration. Unfortunately, they may not have acted quickly enough, and will now have to manage the trifecta of customer outrage, media scrutiny, and regulatory oversight that’s likely to accompany the event. |
| Individual Risk: 2.285 = Severe: Although the bank doesn’t believe that customer data was misused, hackers could have accessed customers’ names, addresses, email addresses, phone numbers, customer numbers, ages, account numbers, and account balances. Those impacted by the breach should carefully monitor their accounts for unusual activity and enrolling in credit or identity monitoring services can ensure that their personal information remains secure. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: In every sector, third-party partnerships are proving to be a vulnerability when it comes to data security. While these collaborations are often necessary to provide compelling customer experience, data security should be a central element of the vetting process. Otherwise, what companies gain from increased functionality could be lost to the steep consequences of a data breach.
In Other News:
Magecart Attack Targets Australian Bushfire Donations
Australia’s bushfire natural disaster is one of the most profound in recent memories, inspiring donors from around the world to contribute resources to the cause. Unfortunately, a legitimate donations site was infected with a Magecart payment-card skimmer that stole donors’ personal information when making an online payment.
The breach was discovered by security researchers, who declined to identify the specific website impacted by the breach. Payment-card skimming malware is an increasing concern for e-commerce platforms, as it collects users’ most sensitive personal data. In addition, it undermines customer confidence in the online payment process, which could decrease their willingness to spend money online.
In this case, payment-card skimming could cost valuable resources in a dire situation. For all companies relying on e-commerce to drive revenue, it’s a reminder that customer confidence is a crucial component of successful online sales initiatives.