The Week in Breach: 04/29/20-05/05/20 | CloudSmart IT

The Week in Breach: 04/29/20-05/05/20


This week, phishing scams compromise patient data, ransomware disrupts remote work, the sale of the world’s largest whiskey collection is thwarted, and employees struggle to deter cybersecurity threats while working from home.

Dark Web ID Trends:

  • Top Source Hits: ID Theft Forums
  • Top Compromise Type: Domain
  • Top Industry: Education & Research
  • Top Employee Count: 1-10

United States – Ambry Genetics    

Exploit: Phishing scam  

Ambry Genetics: Genetic testing laboratory  

gauge indicating extreme risk

Risk to Small Business: 1.373 = Extreme

An employee failed to identify a phishing scam, interacting with the message and giving hackers access to patient data between January 22, 2020, and January 24, 2020. However, the incident wasn’t reported until March 22nd, as the company struggled to dedicate resources to cybersecurity while it transitioned to remote work. In total, the breach is the second largest healthcare breach of the year, and, although the company is updating its cybersecurity practices in response to the incident, they will need to navigate a challenging recovery process during a pandemic.

gauge indicating extreme risk

Individual Risk: 1.290 = Extreme

Hackers had access to patient data, including names, medical information, genetic-specific information, and a limited amount of Social Security numbers. This information has a strong market on the Dark Web, and those impacted by the breach should take steps to guard themselves against medical or identity theft. To support victims, Ambry Genetics is offering free identity monitoring services for a year. Also, those impacted by the breach should monitor their digital communications for potential spear-phishing messages that could compromise additional data.    

Customers Impacted: 233,000

How it Could Affect Your Customers’ Business: Healthcare services collect and store peoples’ most sensitive personal information, and they are a top target for cybercriminals during the COVID-19 pandemic. Rather than reacting to a cybersecurity incident, companies should take a proactive stance to protect PII. The incredible rise in phishing scams targeting healthcare facilities during this time should make employee awareness training a top priority.  

United States – CivicSmart  

Exploit: Ransomware

CivicSmart: Smart parking meter technology producer 

gauge showing severe risk

Risk to Small Business: 2.130 = Severe

A ransomware attack encrypted CivicSmart’s network and exfiltrated company and customer data. The attack, which took place in March, was identified when hackers threatened to publish 159 gigabytes of sensitive data online. To prevent publication, the company paid an undisclosed ransom, and the files were brought offline. However, CivicSmart can’t rest easy. Despite promises to delete the information, it’s unlikely that cybercriminals will destroy valuable resources, which means that the stolen data could come back to haunt the company or its customers.  

gauge showing severe risk

Individual Risk: 2.671 = Severe

Although the details are unclear, CivicSmart’s platform collects peoples’ personal and payment information as part of its smart parking meter service. What’s more, it partners with a variety of mobile apps and parking-garage vendors that could also be compromised in the breach. As a precaution, those impacted by the breach should notify their financial institutions of the incident, while carefully scrutinizing incoming messages for signs of a spear phishing scam.    

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Even before bad actors began exfiltrating data, ransomware attacks were uniquely costly and incredibly destructive. Today, companies can expect that a ransomware attack will double as a data breach, giving every organization millions of reasons to ensure that their networks are guarded against this especially problematic malware. 

United States – Saint Francis Ministries  

Exploit: Phishing scam

Saint Francis Ministries: Non-profit organization  

gauge showing severe risk

Risk to Small Business: 1.583 = Severe

An employee interacted with a phishing scam that provided hackers with access to company IT. The breach, which was first identified on December 19, 2019, gave hackers access to user data between December 13, 2019, and December 20, 2019. However, it would be another two months before the organization understood the full scope of the breach. What’s more, it took until March 24, 2020, to determine that the breach included peoples’ personal data, and Saint Francis Ministries is just now notifying the public of the incident.  

gauge showing severe risk

Individual Risk: 1.677 = Severe

The impacted email account contained peoples’ personally identifiable information, including names, Social Security numbers, dates of birth, driver’s license numbers, state ID information, bank account details, treatment and diagnosis information, account credentials, and other healthcare data. This comprehensive breach could have far-reaching ramifications for victims, who will need to protect themselves against future data misuse. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Whether hackers extract account credentials through phishing scams, purchase them on the Dark Web, or otherwise acquire this valuable data, organizations need to be prepared to protect accounts even when account information is compromised. Enabling easy-to-use tools like two-factor authentication is a natural first step.

United States – LearnPress—threats/researchers-find-vulnerabilities-in-popular-remote-learning-plug-ins/d/d-id/1337697

Exploit: Software vulnerability

 LearnPress: WordPress plug-in 

gauge showing severe risk

Risk to Small Business: 1.708 = Severe

Cybersecurity researchers identified flaws in the LearnPress plug-in that could allow hackers to access student information, steal money from course creators, or to alter their access privileges to become teachers. The popular WordPress plug-in is used by more than 100,000 schools, organizations, and content creators who rely on these digital services even more now that eLearning is the de-facto presentation method for nearly all students.    

Individual Risk: At this time, there is no evidence that personal information was compromised in the breach. However, users should carefully monitor their accounts and credentials for misuse or abuse.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Developers took steps to repair the vulnerability, but businesses that want to thrive in our altered digital environment will need to identify threats before their products reach the public. As other organizations have discovered, the COVID-19 pandemic can be an excellent time to demonstrate strength or expose yourself to issues that will erode your brand’s image long after the crisis abates.

Canada – Northwest Territories Power Corporation

Exploit: Ransomware 

Northwest Territories Power Corporation: Electricity provider   

gauge indicating severe risk

Risk to Small Business: 1.571 = Severe

A ransomware attack disabled the power provider’s servers and email accounts. Website visitors were abruptly greeted by a message from the hackers notifying them of the attack and providing steps to purchase a decryption key to unlock the data. The event brought dismay from consumers who lamented another hurdle in an already tumultuous time. What’s more, it’s unclear if the company will be able to restore services from backup files, meaning they will likely have an expensive path to recovery.  


Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware attacks can feel random and inevitable. In reality, they always require an access point, and companies can take steps to defend their digital environment from these attacks. For instance, assessing your network for vulnerabilities and identifying compromised login credentials can go a long way toward ensuring that your company isn’t the next victim.

United Kingdom – Zaha Hadid Architects    

Exploit: Ransomware 

Zaha Hadid Architects: Architectural design firm

gauge showing severe risk

Risk to Small Business: 2.207 = Severe

A ransomware attack forced Zaha Hadid Architects to bring its network offline, disrupting its remote operations as its distributed teams work from home during the COVID-19 pandemic. Fortunately, the company restored operations using backup data, but they were unable to determine the specific data sets that hackers exhilarated before encrypting the network. As a result, the consequences will likely continue, as those responsible try to extract financial value from their efforts.  


Individual Risk: At this time, it’s unclear if personal data was compromised in the breach. However, employees and customers should be especially vigilant to monitor their accounts and messages for unusual activity.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: As companies battle to remain productive and profitable during the COVID-19 crisis, ransomware remains a constant threat to both priorities. Now, more than ever, every company needs to ensure that its defensive posture is ready to address this growing threat.  

EU – Proton Technologies AG 

Exploit: Exposed database

Proton Technologies AG: GDPR compliance advice website  

gauge showing severe risk

Risk to Small Business: 1.672 = Severe

An exposed database compromised users’ login credentials on GDPR.EU, an advice site for organizations striving to improve data privacy compliance that is partially sponsored by the Horizon 2020 Framework Programme, an EU research program. The ironic cybersecurity incident was easily-identifiable by cybersecurity researchers, who reported the vulnerability to developers. For a company that relies on institutional funding to power its platform, this incident is an embarrassing failure that could impact its long-term viability as a government partner.

gauge indicating moderate risk

Individual Risk: 2.509 = Moderate

The breach compromised usernames and passwords, and victims should immediately reset their account credentials. In addition, any accounts that use the same username and password combination could also be compromised, and users should immediately update that information. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: While we rightly give a lot of attention to the financial cost of a data breach, many organizations fail to appraise the reputational damage that accompanies a cybersecurity incident. Especially for organizations predicated on their data privacy expertise, even a relatively small oversight can have significant consequences.

 Australia –

Exploit: DDoS attack Online auction platform   

1.51 – 2.49 = Severe Risk

Risk to Small Business: 1.393 = Severe

A DDoS attack disrupted and ultimately forced the cancellation of an auction of the largest private whisky collection for public sale. The event was expected to net millions of dollars, and the cancellation will undoubtedly hurt the company’s bottom line. To protect critical data, the company was forced to bring its website offline, and members are encouraged to stay alert for future breach notifications.

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Even before COVID-19 forced everyone online, many people already preferred digital platforms to in-person buying experiences. Of course, the pandemic has only accelerated this trend, which means that companies looking to capitalize on digital platforms need to ensure that they are safe, secure amidst a rapidly expanding threat landscape.

Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

In Other News

Many Employees Feel Vulnerable to Cyberattacks   

A survey of more than 1,500 UK employees found widespread fear of becoming the victim of a cyberattack following the national order to impose social distancing and transition to remote work. 49% of respondents indicated that they lack confidence in their computer hardware, and 42% reported receiving a suspicious email while working from home.  

Notably, 18% indicated that they’d experienced a cybersecurity event while working from home, and more than half of breach victims indicated a malicious email was to blame. Phishing attacks have soared, up over 600% in the wake of COVID-19. 

While some participants felt that their employers provided helpful defensive tools, like antivirus software or access to a VPN service, only 28% received specific training for the endpoints and applications that comprise their workflow.  

The risks of remote work are well-documented, and with this arrangement likely to continue for the foreseeable future, now is the perfect time to ensure that your employees have the tools necessary to protect your valuable data.

Need to Know

IT Leaders Recognize the Risks of Remote Work  

The cybersecurity risks of remote work have received center-stage in light of the workplace restrictions in place because of COVID-19. However, these risks were well-known, even before COVID-19. According to a recent study, in 2019, nearly half of IT leaders admitted that remote workers had intentionally or accidentally put data security at risk. Most prominently, apathy or a failure to take security seriously was identified as one of the most substantial risks associated with remote work. 

Simply put, many remote workers are not attuned to the data security risks experienced when working from home. In some cases, murky technology policies contribute to the risk, but other factors, like being unprepared to identify and respond to phishing scams, pose a significant threat to data security. Fortunately, companies can move the meter in this regard, as intentional strategies, like comprehensive employee awareness training, can equip employees to be a prominent defender of data security. 

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.