The Week in Breach: 07/22/20-07/28/20 | CloudSmart IT

The Week in Breach: 07/22/20-07/28/20

This week colleges wrestle with third party security risks, healthcare breaches pile up, and billions of leaked credentials put business data at risk.


Dark Web ID’s Top Threats


  • Top Source Hits: ID Theft Forum
  • Top Compromise Type: Domain
  • Top Industry: Education & Research
  • Top Employee Count: 501+

Breach News: United States 


United States –  CaptainU

https://cybernews.com/security/college-recruitment-database-leaking-nearly-1-million-students-gpas-sat-scores-ids-and-other-personal-data/?web_view=true

Exploit: Unsecured Database

CaptainU: College Recruiter 

cybersecurity news gauge indicating extreme risk

Risk to Small Business: 1.117 = Extreme

Cybersecurity researchers recently uncovered an unsecured Amazon S3 (Simple Storage Service) bucket containing nearly 1 million records of sensitive high school student academic information. The exposed data included GPA, ACT, SAT, and PSAT scores, unofficial transcripts, student IDs, students’ and parents’ names, email addresses, home addresses, and phone numbers – plus pictures and videos of students’ athletic achievements, messages from students to coaches, and other recruitment materials. The files are still available.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.190 = Extreme

CaptainU is claiming that this information was always intended to be publically available, although that message differs from what parents and students were told about how information was shared by the company. Any student with a profile at this company should consider their information exposed and take appropriate measures against identity theft, spear phishing, fraud, and other criminal uses.

Customers Impacted: 1 million

How it Could Affect Your Business: Handling sensitive data, especially for children, creates an extra level of responsibility. Companies that fail at taking that seriously will inevitably lose business. This incident also opens CaptainU up to regulatory scrutiny and lawsuits.


United States – CouchSurfing

https://www.zdnet.com/article/couchsurfing-investigates-data-breach-after-17m-user-records-appear-on-hacking-forum/?&web_view=true

Exploit: Unsecured Database

CouchSurfing: Crowdsourced Hospitality 

cybersecurity & breach news represented by a gauge showing severe risk

Risk to Small Business: 2.177 = Severe

The San Francisco based housing and hospitality service is investigating a security breach that was recently discovered when hackers began selling the details of 17 million users on Telegram channels and hacking forums, with some priced at $700 USD. User details such as user IDs, real names, email addresses, and CouchSurfing account settings, were for sale, although no passwords or financial data were reported as available. The pilfered information is now available on RAID Forum, the go-to place for buying and selling stolen databases on the public internet.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.509 = Moderate

According to CouchSurfing’s release, no financial data was compromised in the incident. Users who think their accounts may have been compromised should consider this ammunition for possible spear phishing attacks.

Customers Impacted: 17 million

How it Could Affect Your Business Unprotected databases are always trouble. Although no passwords were listed as compromised in this attack, these incidents often raise a company’s risk of credential compromise if a staffer has recycled their password or signed up for a service using their business email.


United States – Garmin

https://www.zdnet.com/article/garmin-services-and-production-go-down-after-ransomware-attack/?&web_view=true

Exploit: Ransomware

Garmin: Navigation Hardware and Software Provider

cybersecurity news gauge indicating extreme risk

Risk to Small Business: 1.397 = Extreme

Garmin has had a difficult and damaging week. A ransomware attack wreaked havoc on its operations and manufacturing capability, encrypting its internal network and some production systems. The company plans to deal with the mess a multi-day maintenance operation including shutting down many essential business components for restoration and security updates. Those components include its official website, the Garmin Connect user data-syncing service, Garmin’s aviation database services, and some production lines in Asia. Garmin’s call centers were also impacted, rendering it unable to answer calls, emails, and online chats sent by users.

Individual Risk: No personal or financial data was reported as compromised at this time

Customers Impacted: Unknown

How it Could Affect Your Business:  Ransomware is typically the nasty payload of a phishing email. Even huge, multinational corporations can be humbled by something as small as one email, just like Twitter was last week.


United States – GEDmatch

https://apnews.com/0def85a68f2d1d5a03d5b27dbcdd45e6

Exploit: Unauthorized Database Access 

GEDmatch: Genealogy and Genetic Testing Service

cybersecurity news gauge indicating extreme risk

Risk to Small Business: 1.331 = Extreme

GEDmatch is famous for being the site used to catch and effectively prosecute the notorious Golden State Killer. But they weren’t able to secure their data effectively, because hackers were able to gain access to the company’s internal storage, obtain some user information, and change account permissions last week. About 280,000 of the 1.45 million profiles on the site had agreed to share their information with law enforcement agencies. In the recent breach, attackers scooped up information and also changed users’ settings so that all 1.45 million DNA profiles were available to law enforcement searches – twice. The hack was then compounded as information purportedly gained in the incident was used to mount a phishing attack on the clients of an Israeli partner of GEDmatch, MyHeritage. The GEDmatch site has been taken down for maintenance and recovery with no ETA on restoration.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.172 = Severe

While no genetic data or financial information has been reported as compromised, the investigation is still ongoing. Users of GEDmatch should be cautious that personal information may have been compromised and made available to law enforcement officials.

Customers Impacted: 1 million 

How it Could Affect Your Business: Not only can a cybersecurity incident lead to an embarrassing and expensive breach for one company, it can also open that company’s partners up to cybercrime risks, like the phishing campaign mounted against MyHeritage users.


United States – Family Tree Maker

https://www.infosecurity-magazine.com/news/genealogy-software-maker-exposes/?&web_view=true

Exploit: Unauthorized Database Access

Family Tree Maker: Genealogy Software 

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 2.137 = Severe

An unsecured Elasticsearch server is to blame for Family Tree Maker’s leak of more than 25GB of user data. User information that was leaked includes email addresses, geolocation data, IP addresses, system user IDs, support messages, and technical details. The leak apparently also included technical details about the system’s backend.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.503 = Moderate

No personally identifiable or financial data was reported as compromised in this breach, but users should be aware of spear phishing attempts using this compromised data.

Customers Impacted: 60,000

How it Could Affect Your Business: An unsecured database is an unnecessary foul. Overlooking basic security measures like this is an indicator that cybersecurity best practice isn’t being enforced actively and corners are being cut by careless staffers without repercussions.


United States – Instacart

https://www.buzzfeednews.com/article/janelytvynenko/instacart-customers-info-sold-online

Exploit: Unauthorized Database Access

Instacart: Grocery Delivery Service

cybersecurity news represented by a gauge indicating moderate risk

Risk to Small Business: 2.571 = Moderate

Instacart suffered a data breach last week. Maybe. Multiple reliable news outlets are reporting that Instacart had a breach, with records for hundreds of thousands of users in the US and Canada discovered as exposed on the Dark Web. Instacart denies that it had a security breach. Instead, Instacart said in a corporate statement that third-party bad actors were able to use “a few” usernames and passwords that were compromised in previous data breaches of other websites and apps to log in to some Instacart accounts and access basic customer account information such as first name, address, last order, total order number, and in some cases, the last four digits of a customer’s credit card.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.823 = Moderate

No financial information was reported stolen, but sensitive health data may have been compromised. Affected users should be alert for potential spear phishing attempts or blackmail using this data. 

Customers Impacted: 278,531

How it Could Affect Your Business: Credential compromise from other sources is a problem for every business. With so many login and password combinations to keep track of these days, password recycling is common – and dangerous.


United States – Lorien Health

https://www.bleepingcomputer.com/news/security/lorien-health-services-discloses-ransomware-attack-affecting-nearly-50-000/?&web_view=true

Exploit: Ransomware 

Lorien Health: Nursing and Rehabilitation Center Operator 

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 1.883 = Severe

Maryland-based Lorien Healthcare admitted that it was the victim of a Netwalker Ransomware attack after cybercriminals released their data online when the ransom as not paid. Upon investigation, Lorien Healthcare determined that patient information had been accessed by the hackers including names, Social Security numbers, dates of birth, addresses, and health diagnosis and treatment information. Employee data was also accessed.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.074 = Severe

The company has informed affected clients of the details about the attack and their options for protecting their personal information, along with complimentary credit monitoring and identity protection services.

Customers Impacted: 47,754

How it Could Affect Your Business: Ransomware is the bane of every IT professional, and it’s only getting worse. By increasing phishing resistance training, businesses can keep ransomware at bay, since the majority of ransomware arrives as part of a phishing attack.


Breach News: Canada


Canada – Wattpad 

https://betakit.com/wattpad-investigating-reported-massive-data-breach-of-user-records/ 

Exploit: Unauthorized Database Access

Wattpad: Entertainment Platform

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 1.883 = Severe

Wattpad has announced that it is investigating claims of a breach that occurred during the first week of July of approximately 270 million user records after they were discovered being sold on the Dark Web.  The cybersecurity researchers who discovered the information say that the stolen users’ records included login credentials, full names, contact numbers, dates of birth, password hashes, Facebook identifications, Tumblr passwords, and email addresses.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.224 = Severe

Wattpad users should immediately reset their account credentials and be aware of the potential for spear phishing and identity theft using this information.

Customers Impacted: 271 million

How it Could Affect Your Business: This kind of incident is messy and expensive to recover from in every way, from forensics to public relations. Adding strong protections like Multifactor Authentication to database access points helps keep data safe by putting an extra roadblock between your data and the bad guys.


Breach News – United Kingdom & European Union


United Kingdom – University of York

https://www.york.ac.uk/news-and-events/news/2020/blackbaud-response/

Exploit: Third Party Data Breach

University of York: Institution of Higher Learning

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 2.227 = Severe

Last week we reported on a data breach at fundraising services provider BlackBaud, and this week we’re starting to see the fallout from that ransomware incident. Information that was breached for University of York students and alumni who have participated in fundraising events includes name, title, gender, date of birth, student number, home address, phone numbers, email addresses, LinkedIn profile details, course and educational attainment details, fundraising activities, fundraising event participation, fundraising volunteering, donations made, and professional details.

cybersecurity news represented by a gauge indicating moderate risk breach news

Individual Risk: 2.804 = Moderate

No financial information was reported as breached, and the personal information taken was generally publically available. Alumni will need to be especially cautious of possible spear phishing attempts made using this information.

Customers Impacted: Unknown

How it Could Affect Your Business: A vendor or service provider’s cybersecurity failures could cause a data breach that not only affects another company, it also affects its customers. This is especially dangerous when that third party handles sensitive personal or financial data.


Spain – ADIF

https://portswigger.net/daily-swig/spanish-state-railway-company-adif-hit-by-revil-ransomware-attack

Exploit: Ransomware 

ADIF: Railway Operator and Authority

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 2.092 = Severe

REvil ransomware is at work again in an incident at Spanish national railway controller ADIF. As the Administrator of Railway Infrastructure, ADIF is a state-owned operation that manages rail traffic and infrastructure and collects fees from railway operators that has been in hot water before – this is the third recent incident. Two previously successful REvil ransomware campaigns enabled attackers to grab an estimated 800 GB of data including internal correspondence and accounting figures.

Individual Risk – No personal information or financial data was reported as compromised in this breach, although the attackers do claim to have sensitive corporate data that they will release if their demands are not satisfied.

Customers Impacted: Unknown

How it Could Affect Your Business: REvil ransomware has been involved in many recent incidents, and as ransomware continues to present a growing problem for cybersecurity professionals, companies have to take security awareness training seriously. This information was the 3rd incident for ADIF, and one is too many for many companies to survive. Most ransomware is delivered through email, and improved phishing resistance training helps users spot it.


Breach News – Australia & New Zealand


Australia – Western Australia Department of Health (WA Health)

https://www.theage.com.au/national/western-australia/unforgivable-the-privacy-breach-that-exposed-sensitive-details-of-wa-s-virus-fight-20200720-p55dsm.html?&web_view=true

Exploit: Third Party Data Breach

Western Australia Department of Health: Government Agency 

cybersecurity news gauge indicating extreme risk breach news

Risk to Small Business: 1.327 = Extreme

The saga continues for WA Health. Cascading complications have increased the severity and the damage from the data breach that we reported on last week. New information has come to light, making this incident involving the agency and its paging service one of the state’s biggest privacy breaches. Thousands of state government communications were published on a public website, including confidential health data like COVID-19 test results for scores of people. More than 400 records including confidential doctor/patient communications, official doctor/health department messages, personal details of patients in quarantine, and extensive case management information were publically exposed. The rapidly expanding incident has grown to impact other health-related state services including St. John Ambulance, the Department of Fire and Emergency Services, and the Department of Justice.

cybersecurity news represented by agauge showing severe risk breach news

Individual Risk: 1.889 = Severe

While no financial information was reported stolen, a great deal of very specific and highly sensitive personal health data has been compromised. This is especially troubling as COVID-19 anxiety runs high, and may lead to public personal ramifications for patients that were affected as well as lending itself to spear phishing and blackmail attempts.

Customers Impacted: Unknown

How it Could Affect Your Business: The ripple effect of one breach can sometimes be felt throughout an industry, as many services and companies are intertwined. By adding a solid digital risk protection platform to their security plan, businesses can gain a more holistic view of their risks to start patching up holes in security before a problem becomes a disaster.


Risk Levels


1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


News Spotlight


Billions of Leaked Credentials Create New Risk 

Two huge data dumps of leaked credentials in recent weeks have drawn attention in breach news this week raising questions about the risk posed by these treasure troves of information for cybercriminals. These batches of information from past breaches demonstrate the danger of a third party data breach and how that can create a cascade effect that damages other companies.

In early July, Dark Web researchers found over 15 billion credentials from more than 100,000 data breaches on the Dark Web, including everything that a bad actor might need for unrestricted access to everything from streaming services to banking accounts and financial services.

Later in the month, cybersecurity analysts found another giant cache of sensitive information on the Dark Web, this time including personally identifiable information including names, addresses, dates of birth, Social Security numbers, and other sensitive personal information for an estimated 40,000 Americans.

This is far from a rare occurrence. As time goes on, more data dumps of this type will happen regularly as data accumulates from a constant spate of breaches, putting even more peoples’ personally identifying information on the Dark Web – and putting the companies that they work for in danger.

Two major concerns about how cybercriminals may use this information to damage other companies are credential stuffing attacks and spear phishing. With a bit of research and a big enough list of email addresses and potentially associated passwords, cybercriminals can mount dangerously accurate credential stuffing operations that can quickly bypass many data protections. They can also use personal details collected from other breaches to craft extremely convincing phishing emails to use against targeted companies that lure in unwary staffers to unwittingly deploy ransomware or give up access credentials, passwords, and data.


Need to Know


Cybercrime Boom Means Data Breach Risks are Rising 

In a challenging economy, even cybercriminals have to work a little bit harder – and they’re working overtime. A 23% overall increase in cybercrime in 2020 so far (and a more than 600% increase in phishing attacks) means that your data is at greater risk than ever before. So what can you do right now to improve data security immediately, and add additional protection that keeps your data safer in the future?  

For a long term solution, increase security awareness training, especially phishing resistance. Many of today’s most dangerous cyberattacks, like ransomware, have an element of phishing – and the lastest breach news shows that over 90% of incidents that end in a data breach start with a phishing email. Phishing attacks aren’t always attempted with an email attachment either; they can be links, PDfs, even SMS messages.

By taking an approach that combines both a fast fix and continuous improvements in security awareness, businesses can reduce their risk of falling victim to cybercrime like a potentially disastrous data breach and be ready for future threats as they crop up.

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.