The Week in Breach: 03/05/20 – 03/11/20 | CloudSmart IT

The Week in Breach: 03/05/20 – 03/11/20

This week, ransomware puts contracts at risk, startups struggle to secure customer data, big security errors lead to big fines and the rise of Coronavirus-related phishing scams.

Dark Web ID Trends:

  • Top Source Hits: ID Theft Forums
  • Top Compromise Type: Domain
  • Top Industry: Media & Entertainment
  • Top Employee Count: 251 – 500

United States – Visser Precision Exploit: Ransomware. Visser Precision: Parts manufacturer for space and defense contractors.
1.51 – 2.49 = Severe Risk
Risk to Small Business: 2.111 = Severe: Visser Precision was infected with data exfiltrating ransomware that stole proprietary information before encrypting IT systems. Based on documents published online, it appears that hackers obtained company data, including a list of clients, nondisclosure agreements, and some development plans. This incident reflects a growing trend in ransomware attacks – cybercriminals are increasingly stealing company data before encrypting critical IT systems, and organizations don’t detect it until it’s too late.
Individual Risk: No personal information was compromised in this breach. Customers Impacted: Unknown. How it Could Affect Your Customers’ Business: Ransomware attacks not only negatively impact productivity and manufacturing, they also negatively impact growth. Companies like Visser Precision have many high-profile and mission-critical clients. Cybersecurity incidents can put those organizations at risk, making them less likely to do business with companies that have data security issues.

United States – Riverview Health Exploit: Accidental data sharing. Riverview Health: Healthcare provider.
1.51 – 2.49 = Severe Risk
Risk to Small Business: 2.333 = Severe: On January 14, 2020, an employee inadvertently sent notification letters that intermixed patients’ names and addresses. The messages were delivered to the appropriate addresses, but they included the incorrect patient name. In today’s digital landscape, even small clerical errors can have significant consequences as both customers and regulators look to punish companies that fail to secure personal information.
Individual Risk: 2.714 = Moderate: Patients’ names and addresses were compromised in the breach. Riverview Health maintains that the risk of data misuse is very low, but victims should still be aware that this information can be used for nefarious purposes and take precautions to ensure that their information is secure.
Customers Impacted: 2,610 How it Could Affect Your Customers’ Business: The biggest threat to your data isn’t cybercriminals, its human error. With customer blowback and regulatory penalties increasing, every organization needs to take steps to mitigate the risk posed by staff mistakes. Implementing protocols and increasing training about the pitfalls presented by phishing attacks and data sharing errors can significantly reduce your organization’s exposure to a data breach.

United States – J Crew Exploit: Unauthorized database access. J Crew: Clothing retailer.
Risk to Small Business: 2.111 = Severe: J Crew identified a data breach that took place in April 2019. In response, the company has disabled all impacted accounts and advised all customers to reset their account credentials. The incident follows cybersecurity lapses at other prominent retailers at a time in which many consumers are shunning companies that don’t secure their information. The lengthy identification and reporting time will likely open the organization up to additional regulatory scrutiny that could further erode its brand reputation and bottom line.
1.51 – 2.49 = Severe Risk
Individual Risk: 2.428 = Severe: Hackers accessed customers’ account login credentials, email addresses, and passwords. Partial payment card data and order information was also compromised. The company has closed the impacted accounts, but all J Crew customers should take steps to protect their personal information.
Customers Impacted: Unknown How it Could Affect Your Customers’ Business: With threats coming from multiple directions, every organization must enact strong cybersecurity defenses to ensure that they are ready to address potential threats and keep their clients’ data safe – and avoid the brand-eroding fallout that comes from a cybersecurity disaster. In doing so, they can minimize the consequences of a breach, keep customer data off the Dark Web, and promote rapid recovery.

Canada – Charlottetown, P.E.I. Exploit: Ransomeware. Charlottetown, P.E.I: Provincial government.
1.51 – 2.49 = Severe Risk
Risk to Small Business: 1.666 = Severe: One week after this provincial government experienced a ransomware attack, internal government documents began appearing online. Specifically, financial reports, bank statements, and payment details related to its Agriculture Stability Program. Unfortunately, hackers noted that the released information represents just a portion of a 200 GB cache stolen from the government. This tactic is increasingly common with a ransomware attack and multiplies the damage done by the incident.
1.51 – 2.49 = Severe Risk
Individual Risk: 2.285 = Severe: Hackers released program documents that included sensitive data like names, SIN numbers, contact information, and business details. This information can be used to execute spear phishing scams, sold on the Dark Web or tapped to perpetrate other malicious activities. Those impacted should carefully scrutinize digital communications and monitor accounts for unusual or suspicious activity.
Customers Impacted: Unknown How it Could Affect Your Customers’ Business:  Ransomware attacks were already one of the most costly and devastating cyberattacks. Hackers are upping the stakes by stealing data before encrypting critical digital infrastructure. Now the cost and impact of lost data is part of the equation when considering the recovery expenses, productivity decline, and reputational damage that already accompanies a ransomware attack.

Canada – Simon Fraser University Exploit: Ransonware. Simon Fraser University: Public academic institution.
1.51 – 2.49 = Severe Risk
Risk to Small Business: 1.555 = Severe: A ransomware attack provided hackers access to personal data that they then exfiltrated from the university’s network before encrypting certain IT elements. The breach affects some faculty, staff, students, alumni, and retirees who had a relationship with Simon Fraser University before June 20, 2019. Although the breach was limited in scope, the school recommends that users reset their account passwords. The incident was discovered on February 27, 2020 and contained within 24 hours, but the university will still face regulatory scrutiny and possible public backlash due to the sensitive nature of the event.
1.51 – 2.49 = Severe Risk
Individual Risk: 2.142 = Severe: Before encrypting the school’s network, hackers accessed student and employee names, numbers, birth dates, email addresses, mail list memberships, course enrollments, and encrypted passwords. This information can be used to craft convincing phishing scams that, if acted upon, can compromise even more personal data. Those impacted should carefully evaluate incoming messages requesting confirmation of personal data and take steps to ensure that their information isn’t being misused.
 Customers Impacted: Unknown. How it Could Affect Your Customers’ Business: Already a major menace, hackers have upped their game when executing ransomware attacks, making incidents even more costly, invasive, and destructive. Every company needs to review its defensive posture to ensure that it is taking the basic steps necessary to mitigate the risk of ransomware. Since this malware always requires a foothold, every company can actively take steps to prevent it from being the next victim.

United Kingdom – Loqbox Exploit: Data compromise. Loqbox: Credit score builder.
1.51 – 2.49 = Severe Risk
Risk to Small Business: 1.777 = Severe: A cyberattack on February 20, 2020 compromised customers’ personal data and payment information but didn’t impact customer funds. The company admitted that the breach occurred because of a known vulnerability, raising questions about the priority of data security at the fintech startup. Now Loqbox is poised to experience significant customer blowback and regulatory scrutiny as it falls under the purview of Europe’s GDPR.
1.51 – 2.49 = Severe Risk
Individual Risk: 2 = Severe: The breach included personal information that could be used to target customers with highly convincing spear-phishing emails. In addition to customer names, hackers acquired their dates of birth, addresses and phone numbers, plus financial data like partial credit card numbers, expiration dates, and bank account numbers. Those impacted by the breach should immediately notify their financial institutions and strongly consider enrolling in credit and identity monitoring services.
Customers Impacted: Unknown How it Could Affect Your Customers’ Business: Over the past several years, data breaches have compromised billions of login credentials, giving hackers front-door access to your data and systems. Every company should add improved security to its login process by enabling simple, efficacious measures like two-factor authentication to keep accounts secure.

United Kingdom – Cathay Pacific Exploit: Unauthorized database access. Cathay Pacific: International airline.
1.51 – 2.49 = Severe Risk
Risk to Small Business: 2 = Severe: Cathay Pacific was recently hammered with a fine totaling £500,000 as a result of its failure to identify and address a data breach that lasted for more than four years. While the ruling offers a 20% discount if Cathay Pacific pays the penalty by March 12, the penalty is still a significant financial hit to the international airline. The company was cited for multiple “security inadequacies” including failing to encrypt databases containing customers’ personal data, a slow response to a known security vulnerability, and lengthy communication delays that further jeopardized customer information.
1.51 – 2.49 = Severe Risk
Risk to Small Business: 2.428 = Severe: The data breach included a treasure trove of Cathay Pacific customers’ personal data, including names, nationalities, birthdates, phone numbers, email addresses, mailing addresses, passport information, and other company-specific information. Those impacted by the breach should be sure to reset their airline account credentials and any other accounts using similar information. In addition, they should be aware that this kind of data is often used to develop sophisticated, personalized spear-phishing attacks that further compromise personal information.
Customers Impacted: 9,400,000 How it Could Affect Your Customers’ Business: Regulatory penalties are on the rise as regulators and legislators seek to punish companies that incur a data breach without having adequate data security protocols or incident response plans in place. In this case, GDPR’s governing body issued the fine, but governments around the world are imposing substantial fines on companies that fail to protect their customer data – and those fines are climbing every day.

Australia – Alinta Energy Exploit: Unauthorized data sharing. Alinta Energy: Private energy and gas company.
1.51 – 2.49 = Severe Risk
Risk to Small Business: 1.777 = Severe: Alinta Energy is under intense scrutiny after a whistleblower exposed the company’s improper storage of customers’ personal information in overseas storage. This possible violation of Australia’s privacy laws could have a significant impact on its bottom line. At the same time, the brand erosion and degradation of customer trust engendered by this situation could magnify the consequences for Alinta Energy.
1.51 – 2.49 = Severe Risk
Individual Risk: 2.428 = Severe: According to the whistleblower, customer information including addresses, credit card information, and phone numbers are being stored overseas. Customers should be aware of this compliance oversight, taking special care to review their accounts and to advocate for their personal information to be adequately protected and managed.
Customers Impacted: 1,100,000 How it Could Affect Your Customers’ Business: Today’s global data privacy landscape is expansive and convoluted, making it challenging for any company to adhere to the many new laws hitting the books. But this challenging landscape isn’t an excuse for companies to fail at compliance. Instead, they need to attain the resources and support necessary to ensure that they have the infrastructure in place to adhere to the flurry of emerging data privacy regulations.
Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

In Other News

60% of UK Consumers Impacted By a Data Breach in 2019

As expected, 2019 was a devastating year for data breach victims. As more year-end studies are completed and released, we’re learning more about who was affected the most. According to a recent report, nearly 60% of UK consumers were impacted by a data breach last year, a staggering total that underscores the personal implications of the more than 7,000 data breaches that affected UK companies in 2019. The report noted the potential consequences of such an extensive breach environment, including cybercriminals using the sensitive personal and financial information that they collect from users as a gateway to deploy other cyberattack tactics like spear-phishing that can compromise sensitive information, data, and systems even more severely. Although the number of breaches hasn’t increased significantly, the amount of compromised records has escalated. The number of records that have been compromised has tripled since 2018, surpassing 15 billion this year. This 300% year-over-year increase should encourage companies to seek solutions that can monitor the Dark Web for their data to preempt further hacking attempts. At the same time, training employees to identify and neutralize increasingly sophisticated spear-phishing campaigns is an absolute prerequisite for a capable defensive posture in 2020.

Coronavirus Phishing Scams Capitalizing on Fear & Urgency

As concern over the Coronavirus (COVID-19) spreads around the globe, hackers are exploiting the atmosphere of panic and fear created by the pandemic to steal peoples’ personal information. According to a recent report, more than 4,000 Coronavirus-related domains have been registered since the beginning of the year. Experts consider 3% to be outright malicious, and 5% are categorized as suspicious – more than double the usual number. Hackers are likely to target organizations with phishing attacks in an attempt to steer employees toward these malicious sites where they can steal critical data. The World Health Organization has already issued a warning about Coronavirus-related phishing attacks that purport to be from to their organization, and CISA has released several warnings about the emerging threat of COVID-19 related phishing scams. Taken together, it’s a reminder that while phishing scam awareness training is an effective defense against cybercrime, security education isn’t a static endeavor. It must always adapt to address today’s shifting threats in order to keep your organization a step ahead of tomorrow’s bad actors.
View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.