This week in The Week in Breach, slow breach responses put customers at risk, a malware attack undermines the benefits of shopping online, and a new study reveals that frequently resetting passwords is essential even if they haven’t been directly compromised.
Dark Web ID Trends:
- Top Source Hits: ID Theft Forums
- Top Compromise Type: Domain
- Top Industry: Education & Research
- Top Employee Count: 501+
United States – Quidd
Exploit: Unauthorized database access
Quidd: Digital collectibles app
Risk to Small Business: 2.137 = Severe
Bad actors infiltrated a Quidd database and shared its contents online, exposing users’ account credentials. The database was circulating on private forums for months, but the platform didn’t identify the breach until it appeared on a public board this week. The passwords were encrypted, but hackers have already cracked more than 135,000 passwords. Quidd’s slow response was further exacerbated by delayed notification procedures, as victims still haven’t been notified of the incident.
Individual Risk: 2.795 = Moderate
The data breach compromised usernames and passwords. All platform members should immediately update their credentials while assessing the integrity of other online accounts. Quidd users should continue evaluating their accounts for unusual or suspicious activity.
Customers Impacted: 4,000,000
How it Could Affect Your Business: Rapidly identifying and responding to potential data breaches is a critical component of any defensive posture. In this case, the company could have acted much sooner if the Dark Web was being monitored for their information. Being able to identify the sale or transfer of company data enables businesses to respond before an incident escalates.
United States – Arbonne International
Exploit: Unauthorized database access
Arbonne International: Multi-level marketing (MLM) platform
Risk to Small Business: 1.692 = Severe
A data breach has exposed personal information for thousands of MLM participants. The data loss event began when the company detected unusual network activity on April 20th, but the incident was not revealed publicly until this week. The breach specifically applies to California employees, which means regulatory authorities will likely scrutinize the incident under the California Consumer Privacy Regulation
Individual Risk: 2.591 = Severe
The breach compromised MLM members’ names, email addresses, mailing addresses, phone numbers, purchase histories, and account passwords. Those impacted need to reset their Arbonne account password, and they should update other credentials using the same details. At the same time, victims should carefully monitor their accounts and communications for suspicious activity, since personal data is often used in subsequent phishing scams and other fraud attempts.
Customers Impacted: 3,527
How it Could Affect Your Business: Consumer sentiment has quickly shifted toward a privacy-first approach to personal information, and regulatory efforts are enforcing that priority. Data privacy laws already apply in many places, and companies should expect more regulatory scrutiny in the years ahead.
United States – Minted
Exploit: Unauthorized database access
Minted: Online marketplace for independent artists
Risk to Small Business: 1.980 = Severe
After a database was made available on the Dark Web, Minted acknowledged a data breach that compromised customer information. The breach happened when hackers accessed a company database on May 6th, and it’s unclear why it took the company more than three weeks to identify and respond. Customers are increasingly willing to walk away from platforms that can’t protect their data, and the company’s slow response could make it more challenging to regain users’ trust.
Individual Risk: 2.602 = Moderate
The incident compromised users’ data, including their names, addresses, phone numbers. Less than 1% of victims also had their dates of birth exposed. In addition, users’ login credentials were impacted. In response, those affected by the breach need to update their Minted passwords and any other platform passwords that use similar information.
Customers Impacted: 5,000,000
How it Could Affect Your Business: Data beaches are a public relations nightmare, and a fast, effective response can be the difference between restoring trust and watching customers walk away. At the same time, equipping employees and customers with tools to secure their accounts demonstrates a tangible commitment to data security.
Canada – Northwest Atlantic Fisheries Organization (NAFO)
NAFO: International fisheries organization
Risk to Small Business: 1.542 = Extreme
A ransomware attack has compromised the organization’s servers, making them unusable. Consequently, NAFO’s website has been inaccessible for more than a week, and a critical database for an upcoming scientific council is inoperable. NAFO had previously been warned of cybersecurity vulnerabilities, but they failed to take action, which may have contributed to this effective ransomware attack. Now the organization must decide if they will pay the undisclosed ransomware or attempt to restore systems in other ways. Regardless, it will be an expensive recovery process for the organization and its employees.
Individual Risk: At this time, no personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware attacks are devastating for small businesses, which often lack the robust resources of larger corporations to restore operations. In an already-challenging business environment, ensuring that your digital environment is prepared to defend against these attacks should be a top priority. As NAFO learned the hard way, failing to repair small vulnerabilities can have outsized consequences.
Ireland – Savia
Exploit: Accidental data sharing
Savia: Victims’ rights group
Risk to Small Business: 1.427 = Extreme
An employee included hundreds of abuse victims’ personal identities in an external email, creating a data privacy incident with vast implications. Advocates, incensed by the oversight, called for the organization’s leader to resign, and others have publicly threatened to sue Savia. Making matters worse, the organization was slow to address the error, promising to manage the situation after a long holiday weekend concluded. For an organization predicated on trust, this incident has significantly undermined its mission, making it more difficult to successfully advocate for victims’ rights. At the same time, regulatory scrutiny will certainly accompany the incident, potentially bringing financial consequences to an already-arduous situation.
Individual Risk: 1.122 = Extreme
The data breach included the names and personal stories for hundreds of victims, many who never shared their stories publicly. This privacy violation could have profound personal implications for each person involved.
Customers Impacted: 250
How it Could Affect Your Business: The Information Commissioner has already promised an investigation into the data breach. The results of the investigation could have profound implications for the organization. When coupled with the reputational damage, Savia certainly has a long road ahead as it seeks to rebuild the public’s trust.
Belgium – European Parliament
Exploit: Unauthorized database access
EU Parliament: Legislative branch of the European Union
Risk to Small Business: 2.105 = Severe
A website managed by the European Parliament exposed sensitive personal details for current and former staff members. The breach was detected by a cybersecurity company conducting a random screening of exposed data, meaning EU officials were unaware of the vulnerability. This underscores the agency’s integrity, as it tries to curtail data privacy issues through its expansive General Data Protection regulation. In response, users will be required to reset passwords more frequently and adhere to more stringent defensive tactics.
Risk to Small Business: 2.430 = Severe
Officials have not released the specific information categories compromised in the breach, but they admitted that it includes both personal and professional data. Notably, the breach exposes people to the risk of phishing attacks, which could lead to even more harmful compromises. Those impacted need to carefully scrutinize incoming, ensuring that they are engaging with authentic communications.
Customers Impacted: 16,200
How it Could Affect Your Business: Even after steps are taken to repair the damage of a data breach, the consequences can linger for years afterward. Bad actors can reuse stolen information to craft convincing phishing scams that threaten sensitive information. Therefore, in today’s digital environment, phishing scam awareness training is a must-have component of any data security initiative.
United Kingdom – Páramo
Exploit: Malware attack
Páramo: Clothing retailer
Risk to Small Business: 1.755 = Severe
Card-skimming malware was active on Páramo’s online store for more than eight months before the retailer identified and eradicated the malicious code. Specifically, the malware redirected shoppers’ card information through a PayPal plugin. The information was forwarded to hackers who could use the data to commit financial fraud. This attack was especially difficult to detect, underscoring the importance of actively securing the online checkout process against bad actors.
Individual Risk: 1.992 = Severe
The card-skimming malware collected shoppers’ names, addresses, card numbers, and CVV codes. This information can be used in a variety of financial crimes, and victims should immediately report the breach to their financial institutions. Also, they should enroll in a credit monitoring service that can help ensure the long-term integrity of their personal and financial data.
Customers Impacted: 3,743
How it Could Affect Your Business: Online shopping has surged since the COVID-19 pandemic, presenting an opportunity for retailers to recoup some of the losses from diminished foot traffic. However, while shoppers are spending more money online than ever before, they are also more willing to walk away from retail outlets that can’t protect their information. Card-skimming malware is a real threat to the checkout process, and it’s one of many cybersecurity concerns that businesses looking to capitalize on their online stores need to consider.
Australia – Big Footy
Exploit: Phishing scam
Big Footy: AFL fan website
Risk to Small Business: 2.226 = Severe
Cybersecurity researchers discovered more 132GB of accessible data originating from Big Footy’s online platform. The data includes personal and business data, as well as private conversions between users. The company has taken steps to secure its infrastructure and notify users, two tasks that will be costly to its reputation and bottom line. Big Footy hopes that bad actors haven’t accessed this information, but information that’s publicly exposed is often collected and sold on the Dark Web.
Individual Risk: 2.761 = Moderate
The breach exposed users’ private messages, email addresses, phone numbers, passwords, and other sensitive personal details. The breach compromised many high-profile users, including police officers and government officials, giving the public unprecedented access to their private conversations. Big Footy is warning users to carefully monitor their accounts and communications for signs of misuse. Those impacted by the breach should update their Big Footy passwords and any other account credentials using a similar password combination.
Customers Impacted: Unknown
How it Could Affect Your Business: Today’s organizations face threats on many fronts, making accidental, unforced errors especially problematic. In this case, the company failed to adequately assess its IT environment to ensure that all of the access points were secure. It’s a reminder that small details can have enormous consequences, and today’s organizations need to plan for a 360-degree approach to cybersecurity.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News
Small Businesses Suffer More Than A Quarter of all Breaches
According to Verizon’s 2020 Data Breach Investigations Report, small businesses are increasingly the target of cybercriminals. The report, which analyzed more than 157,000 cybersecurity incidents, found that 28% were directed at small businesses. Previously, cybercriminals have targeted larger organizations as the rate of return was often higher. However, a transition to cloud computing and the use of social engineering attacks, like phishing scams, has increased the risk for small businesses.
In response, it’s clear that small businesses need to prioritize cybersecurity as a data breach has an outsized effect on smaller organizations. Among other recommendations, the report encourages small businesses to invest in continuous vulnerability management, secure their email infrastructure to protect themselves from the growing threat of phishing attacks. It’s also essential that companies recognize and identify insider threat sources and eliminate them as quickly as possible.
Knowing that small businesses often lack the in-house cybersecurity resources to implement a 360-degree defensive strategy, MSPs have an opportunity to reach out to small business customers to build a partnership that fills that gap effectively and affordably to provide essential cybersecurity support in this tumultuous time.
Using tools and services that support good password hygiene, offering things like single sign-on, two-factor authentication, and other password-oriented enhancements, and enforcing stricter password reuse and sharing policies can help mitigate the risk of password compromise through password reuse and weakness.
Need to Know
New Trouble Comes From Users Who Rarely Update Their Passwords
Despite years of advocacy and continual advice to update passwords frequently, the majority of victims fail to follow through on this priority. According to research by the Carnegie Mellon University’s CyLap, even after a data breach, users rarely voluntarily update their credentials, and only 13% even did so within three months of a known breach.
Updating passwords consistently is an essential security tool. Part of protecting a company’s data and systems from bad actors requires knowing when that company’s credentials have been compromised – and that compromise isn’t always on them. A third party breach could put corporate passwords at risk unexpectedly.
Given the high number of compromised credentials available on the Dark Web, updating passwords after a breach is a critical recovery act that can help limit the scope and impact of the breach. Dark Web ID is an essential tool for finding out if company credentials have been compromised in someone else’s breach.