The Week in Breach: 08/27/19 – 09/03/19 | CloudSmart IT

The Week in Breach: 08/27/19 – 09/03/19

This week, customer loyalty programs are compromised, employees continue to fall for phishing scams, and data breach costs continue to increase. 

Dark Web ID Trends:

Top Source Hits: ID Theft Forums 
Top Compromise Type: 
Top Industry: 
Education & Research
Top Employee Count: 
501+ Employees 


United States – Lyons Insurance

Exploit: Unauthorized email account access
United States – Lyons Insurance: Independent insurance broker and employee benefits firm

twib-extremeRisk to Small Business: 1.333 = Extreme Risk: An unauthorized party gained access to two employee email accounts that contained customers’ personally identifiable information. The data from one account was available between February 4th and March 12th, and information from the second account was available for several hours on March 12th. The company hired a third-party cybersecurity firm to audit their security standards, and they’ve made changes to prevent a similar breach in the future. However, it’s unclear why the company waited so long to notify customers, and future reparations will not be able to recover the damage of the data that’s already stolen.

Individual Risk: 2.143 = Severe: Impacted email accounts contained personal information, including customers’ names, dates of birth, contact information, drivers’ license information, financial information, medical record numbers, patient identification numbers, and treatment-related information. In addition, some users had their Social Security numbers compromised in the breach. Lyons is providing free credit monitoring and identity restoration services for everyone impacted by the breach. Since this information is incredibly valuable to cybercriminals on the Dark Web, breach victims should take advantage of these services to help ensure the integrity of their data.

Customers Impacted: Unknown

United States – Presbyterian Healthcare Services

Exploit: Phishing scam
Presbyterian Healthcare Services: Private not-for-profit healthcare system and provider

twib-severeRisk to Small Business: 1.555 = Severe: An employee unwittingly opened a phishing email that provided hackers with access to a treasure trove of patients’ personally identifiable information. The breach occurred on or before May 9th, and it wasn’t discovered for nearly a month. While the healthcare provider began notifying those impacted by the breach in early August, the latest accounting reveals even more extensive damage than originally identified. Moreover, Presbyterian Healthcare Services expects that they still have to understand the full scope of the breach. Healthcare is a highly regulated industry, so Presbyterian Healthcare Services will endure a significant repair cost, along with increased scrutiny from regulatory bodies.
correct severe gaugeIndividual Risk: 2.571 = Moderate Risk: While hackers didn’t have access to electronic health records or billing information, they were able to access patient names, dates of birth, Social Security numbers, and health plan information. Although Presbyterian Healthcare Services hasn’t found the data on the Dark Web yet, those impacted by the breach should assume that it will be exploited for fraud in the near future.

Customers Impacted: 183,000

United States – Oregon Judicial Department

Exploit: Phishing scam
Oregon Judicial Department: Judicial branch of the state of Oregon


Risk to Small Business: 1.444 = Extreme Risk: A phishing campaign effectively duped five employees into opening malicious emails that compromised the personal information of thousands of people. The attack occurred on July 15th, and it left affected accounts exposed for four hours before IT admins could disable access to personal data. Consequently, the department is responsible for providing credit monitoring services to impacted individuals, an expense that will hinder the efforts of an already cash strapped organization.

twib-severeIndividual Risk: 2.286 = Severe: The data breach exposed personally identifiable information, including names, full and partial dates of birth, financial information, health data, and Social Security numbers. Anyone impacted by the breach should enroll in the provided credit monitoring services to keep tabs on their financial data. Meanwhile, they should be vigilant about monitoring their personal accounts for suspicious or unusual activity.

Customers Impacted: 6,607

United States – Wisconsin Diagnostic Laboratories

Exploit: Unauthorized database access
Wisconsin Diagnostic Laboratories: Medical laboratory and testing service provider

twib-severeRisk to Small Business: 1.556 = Severe: A June 2019 data breach at one of the company’s partners has compromised the personal information of patients at Wisconsin Diagnostic Laboratories. The company has severed the relationship with their third-party vendor, and they are taking steps to retrieve and secure compromised patient data. Of course, retrieving information once it reaches the web is extremely difficult, and Wisconsin Diagnostic Laboratories will certainly face regulatory scrutiny that will cost time and resources.
correct severe gaugeIndividual Risk: 2.857 = Moderate Risk: The data breach revealed personal data including patient names, dates of birth, dates of service, and other medical information. In some cases, payment information, including credit card numbers and bank account details, was exposed. Social Security numbers and payment data were excluded in the breach. Since this type of information is frequently exchanged on the Dark Web, those impacted by the breach should monitor their accounts closely.

Customers Impacted: 114,985

United Kingdom – Teletext Holidays 

Exploit: Exposed database
Teletext Holidays: Travel company offering short- and long-term beach vacation planning services

twib-severeRisk to Small Business: 1.778 = Severe Risk: In a data breach that is relatively unprecedented in today’s digital environment, Teletext Holidays exposed their customers’ personal information collected from recorded call center interactions. The calls, which took place on April 10, 2016, were exposed on an unsecured database, and they include information from customers speaking with service representatives with recorded dialogue while customers were on hold. The breach will likely spark customer backlash, and Teletext Holidays must work to improve its cybersecurity stance even as they navigate the negative customer dynamics that will almost certainly accompany the breach.
correct severe gaugeIndividual Risk: 2.571 = Moderate Risk The recordings revealed customer data including names, dates of birth, partial payment information, and other sensitive details. In addition, recordings that were made of customers on hold contain personal conversations that constitute a serious breach of privacy for Teletext Holidays’ customers. This data can be used to compile more comprehensive profiles that can proliferate even more extensive cybercrimes, and those impacted need to guard themselves against the risk of identity or financial fraud.

Customers Impacted: 212,000

Germany – Mastercard Priceless Specials Loyalty Program

Exploit: Unauthorized database access
Mastercard Priceless Specials Loyalty Program: Customer loyalty program for Mastercard users

twib-severeRisk to Small Business: 1.667 = Severe Risk: Two extensive spreadsheets containing customer data were published online, an event that led Mastercard to uncover a data breach of its loyalty program. The Priceless Specials loyalty program is managed by a third-party, but this data breach will have profound implications for the credit company. Notably, because the incident falls under the purview of GDPR regulators, Mastercard could be responsible for fines and penalties that will directly impact their bottom line. In addition, Mastercard has taken its loyalty program completely offline, which could erode their reputation. Along with incurring the immediate costs of trying to remove customer data from the internet and for providing credit monitoring services to those impacted by the breach.
extreme gaugeIndividual Risk: 2.429 = Severe Risk: Although the data breach did not impact customers payment details, it did expose significant amounts of personally identifiable information. This data includes names, payment card numbers, email addresses, home addresses, phone numbers, gender, and dates of birth. Mastercard is providing free credit monitoring services to those impacted by the breach. Since this information can quickly spread on the Dark Web, everyone should be especially careful to monitor online correspondences and accounts for unusual activity.

Customers Impacted: Unknown

Lithuania – Hostlinger

Exploit: Unauthorized database access
Hostlinger: Employee-owned web hosting provider and internet domain registrar

twib-severeRisk to Small Business: 2 = Severe Risk: Unauthorized database access was detected on one of Hostinger’s servers, prompting the platform to reset all of its user passwords. Hackers obtained an access token that allowed them to view customer data without entering a username or password. The customer data was scrambled using the SHA-1 algorithm, an outdated approach that the company has since updated. In total, the breach impacts nearly half of the company’s customers, and they face an uphill battle to repair the IT infrastructure and to restore their customers’ confidence.
correct severe gaugeIndividual Risk: 2.571 = Moderate Risk: Sensitive data, including usernames, email addresses, and passwords, was exposed in the breach. Fortunately, financial data was spared in the breach, but that doesn’t mean that victims are safe. Personal information like this can be used to perpetuate additional cybercrimes, and those impacted by the breach need to be especially vigilant about examining digital communications and monitoring their accounts for suspicious activity.

Customers Impacted: 14,000,000

Australia – TGI Fridays
Exploit: Exposed database
Australia – TGI Fridays: Restaurant chain operating as a unit of the Sentinel Capital Partners and TriArtisan Capital Partners

twib-severeRisk to Small Business: 2.111 = Severe Risk: A database for TGI Fridays’ Australia customer loyalty program was left exposed to the internet, revealing sensitive customer data. The database included back-up files that contained personally identifiable information but did not include payment elements. The company is encouraging users to change their passwords, and they are partnering with cybersecurity experts to prevent similar problems in the future. However, those efforts won’t be able to reclaim customer data, and the company will face an uphill battle to restore customer confidence.
correct severe gaugeIndividual Risk: 2.857 = Moderate Risk: TGI Fridays has not disclosed the specific information exposed in the breach, but users should assume that some degree of personally identifiable information was exposed to the internet. Previous breaches of similar programs saw usernames and passwords compromised, and that information was used to facilitate credential stuffing attacks. Therefore, those impacted by this event should be especially careful to monitor their personal accounts for suspicious activity.

Customers Impacted: Unknown

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.