The Week in Breach: 02/26/20 – 03/04/20 | CloudSmart IT

The Week in Breach: 02/26/20 – 03/04/20

C-suite executives are compromised, failure to password protect customer data leads to breach, and phishing scam awareness begins to improve.

Dark Web ID Trends:

  • Top Source Hits: ID Theft Forums
  • Top Compromise Type: Domain
  • Top Industry: Media & Entertainment
  • Top Employee Count: 1-10

United States – Slickwraps

https://www.zdnet.com/article/slickwraps-says-customer-trust-was-violated-in-avoidable-data-breach/?&web_view=true

Exploit: Unprotected database.

Slickwraps: Producer and distributor of hardware skins.

1.51 – 2.49 = Severe Risk

Risk to Small Business: 2 = Severe:

The company’s databases lacked basic protections that exposed customer data to the internet. Slickwraps cited the long-term trust of its customers as a vital component of its business model, making this episode an especially problematic event for the business. The problem is compounded by the fact that an internet user tried to alert the company about the breach multiple times. Ultimately, Flickwraps discovered the breach after it was posted on Twitter.

1.51 – 2.49 = Severe Risk

Individual Risk: 2.428 = Severe:

The company’s unsecured database exposed customer details to the internet. This included names, email addresses, physical addresses, phone numbers, and purchase histories. The breach does not extend to customers who accessed the online store as a guest, and it did not include financial data. Those impacted by the breach should be aware that this information can be used in spear-phishing attacks or for other malicious purposes. They should be especially vigilant in monitoring online communications.

Customers Impacted: 850,000

How it Could Affect Your Customers’ Business: Slickwraps has been extremely apologetic after the breach. However, this contrite posture is no replacement for simple steps that they could have taken to secure company and customer data from day one. Customers and regulatory authorities expect companies to follow basic best practices when dealing with sensitive data, and the company’s apologetic tone is unlikely to help avoid a negative fallout from the incident.

 


United States – NRC Health

https://journalstar.com/business/local/lincoln-s-nrc-health-latest-company-to-be-hit-by/article_3d6a00b0-bdf4-5ec2-a99c-609776c27a05.html

Exploit: Ransomware

NRC Health: Management service provider.

1.51 – 2.49 = Severe Risk

Risk to Small Business: 2.333 = Severe:

A ransomware attack has encrypted critical IT infrastructure and forced the company to shut down its remaining systems to prevent the malware from spreading. The company expects to restore its operations from backups, but the ransomware attack is significantly prohibiting productivity until this can be accomplished. Currently, no personal or company data was compromised, but clients are expressing concerns to the media about the possibility of a future breach because of this incident. Collectively, NRC Health is experiencing a drop in productivity, a damaged brand reputation, and, because of the nature of their business, regulatory scrutiny.

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: In 2020, companies are well aware of the risk posed by third-party partnerships, as these helpful affiliates are often a gateway to serious data breaches. In this case, NRC Health’s clients are openly expressing concern about the company, which could disrupt their work now while also diminishing opportunities in the future.


United States – Pacific Specialty

https://finance.yahoo.com/news/pacific-specialty-insurance-company-provides-210000475.html?&web_view=true

Exploit: Phishing scam.

Pacific Specialty: Insurance provider.

1 – 1.5 = Extreme Risk

Risk to Small Business: 1.444 = Extreme:

Several employees fell for a phishing scam that compromised customers’ personal data. The attack allowed hackers to access some employee accounts between March 20, 2019 and March 30, 2019. However, the insurance provider wasn’t aware of the breach until November 7, 2019 and did not identify details until January 14, 2020. In response, the company has hired a cybersecurity team to update its data privacy practices, and reset all employee login credentials while enabling two-factor authentication on its accounts. Nevertheless, the company will end up paying much more than they would have if they had invested in basic security solutions.

1.51 – 2.49 = Severe Risk

Individual Risk: 1.857 = Severe:

Personally, identifiable information was compromised in the breach. This includes customers’ names, Social Security numbers, drivers’ licenses or government-issued IDs, financial information, payment card data, medical details, and health insurance credentials. Pacific Specialty is offering 12 months of credit and identity monitoring service to victims.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Phishing scams are a known threat to every company, and organizations that are committed to data security will take steps to prevent this common attack methodology from negatively impacting customer data. Selecting strong, unique passwords for every account and enabling two-factor authentication can thwart cybercriminals, even when employees act upon a phishing scam, making them an obvious security feature for every organization. Of course, they can only prevent a breach if they are implemented before an incident occurs.


United States – Clearview AI

https://www.thedailybeast.com/clearview-ai-facial-recognition-company-that-works-with-law-enforcement-says-entire-client-list-was-stolen?&web_view=true

Exploit: Unauthorized database access.

Clearview AI: Facial recognition software provider.

1.51 – 2.49 = Severe Risk

Risk to Small Business: 2.111 = Severe:

Hackers obtained a copy of the company’s entire client list, which, given the sensitive nature of their work, is an especially egregious breach of data. In addition to the client list, hackers also obtained information identifying the number of accounts that clients set up and the number of searches conducted on the platform. In response, the company cited the inevitability of data breaches in the 21st Century, a platitude that is unlikely to placate the company’s clients. Indeed, Clearview AI is already enduring significant media scrutiny and customer blowback that could have significant implications for the company’s bottom line and future prospects.

Individual Risk: At this time, no personal data was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business:  Data breaches may be an unfortunate reality in the 21st Century, but that doesn’t mean that they have to be inevitable. Adjusting your defensive posture to address the most probable threats can significantly lessen the likelihood of a breach. At the same time, having the right policies and procedures in place to respond to a breach will mitigate the damage, allowing your company to meet any cybersecurity challenge.


Canada – Quebec Treasury Board

http://globalnews.ca/news/6582061/personal-information-quebec-teachers-data-breach/

Exploit: Unauthorized database access.

Quebec Treasury Board: Government agency.

1.51 – 2.49 = Severe Risk

Risk to Small Business: 2 = Severe:

Hackers obtained a user code and password for Quebec’s Treasury Board, which they used to collect the personal information of thousands of teachers. It’s unclear how hackers received the user code and password, but this information is often acquired when employees respond to phishing emails. While the agency doesn’t believe that their IT is holistically compromised, it reveals a stunning lack of account security for an agency charged with securing peoples’ sensitive information.

1.51 – 2.49 = Severe Risk

Individual Risk: 2 = Severe:

The agency has not released the specific data sets that were compromised in the breach, but they did note that it pertains to personal data for thousands of public teachers. Victims can take advantage of a free year of credit and identity monitoring services to ensure that their personal or financial data isn’t misused by hackers.

 Customers Impacted: 360,000

How it Could Affect Your Customers’ Business: There are many ways that hackers can access account login credentials, giving bad actors front-door access to critical IT infrastructure. By enabling two-factor authentication, organizations can ensure that cybercriminals can’t access these systems, even with login credentials in their hands.


Netherlands – Transavia

https://simpleflying.com/transavia-data-breach/

Exploit: Phishing scam

Transavia: Low-cost airline.

1.51 – 2.49 = Severe Risk

Risk to Small Business: 2.111 = Severe:

A phishing scam provided hackers with access to an employee’s inbox that contained customers’ personal data. Strangely, the data was five years old, containing passenger information for flights between January 21, 2015 and January 31, 2015. The breach did not extend to passengers flying to Egypt, the Canary Islands, or Lopland. The episode raises questions about the company’s data management standards and the effectiveness of their defensive efforts to combat today’s cyber threats.

1.51 – 2.49 = Severe Risk

Individual Risk: 2.285 = Severe:

The breach compromised personal data, including names, dates of birth, luggage reservations, and accommodation details. Even though this information is more than five years old, it can still be used to facilitate additional phishing scams or cybercrimes. Victims should carefully monitor their accounts for unusual or suspicious communications. In addition, identity monitoring services can help ensure that compromised data isn’t being misused now or in the future.

Customers Impacted: 80,000

How it Could Affect Your Customers’ Business: Email accounts are a significant cybersecurity vulnerability. Despite their best efforts to keep these accounts secure, phishing scams will inevitably make their way into employee inboxes. However, comprehensive awareness training can equip employees to identify these threats and to render them ineffective.


United Kingdom – Ordnance Survey

https://www.infosecurity-magazine.com/news/ordnance-survey-breach-hits/?&web_view=true

Exploit: Phishing Scam

Ordnance Survey: Mapping agency.

1.51 – 2.49 = Severe Risk

Risk to Small Business: 1.888 = Severe:

A successful phishing scam compromised employee data. The phishing attack targeted the company’s CFO, and hackers used his credentials to access and exfiltrate the company’s payroll files. Fortunately, no customer information was compromised in the breach, but that doesn’t mean that the company will escape consequences. In addition to recovery expenses, the company may have a more difficult time attracting or retaining talented employees if they can’t secure their private information.

1.51 – 2.49 = Severe Risk

Risk to Small Business: 2 = Severe:

It’s unclear what information was explicitly compromised in the breach, but payroll-related information often contains peoples’ most sensitive personal and financial data. In addition to enrolling in the provided credit and identity monitoring services offered by the company, victims should notify the financial companies of the breach and closely monitor their accounts for suspicious activity.

Customers Impacted: 1,000

How it Could Affect Your Customers’ Business: Phishing scams are becoming more common but also more sophisticated. People can’t rely on tell-tale signs of a phishing scam, like incorrect grammar or spelling, to identify a fraudulent message. At the same time, this incident is a reminder that phishing scams can impact employees at every level, and today’s companies need top-to-bottom initiatives to prevent phishing scams from compromising company data.


France – Decathlon

https://www.infosecurity-magazine.com/news/sports-giant-decathlon-leaks-123/?&web_view=true

Exploit: Unprotected database

Decathlon: Sporting goods retailer

1.51 – 2.49 = Severe Risk

Risk to Small Business: 1.777 = Severe:

A misconfigured company database exposed the personal information of millions of customers and employees. The 9GB database was discovered by security researchers and pertains to the company’s Spanish and UK operations. The breach contained all the information that hackers would need to access user accounts and company IT, which means that Decathlon will have to balance the responsibility of helping customers recover with the urgency to repair and secure its accounts. The database was secured within five days of discovery, but it’s unclear how long hackers could access the information before researchers identified the flaw.

1.51 – 2.49 = Severe Risk

Individual Risk: 1.85 = Severe:

The exposed database contained sensitive customer and employee data. This includes employee usernames, unencrypted passwords, names, Social Security numbers, addresses, phone numbers, and birth dates. For customers, their email addresses and login credentials were available. This information can be misused in a litany of cybercrimes, and victims need to reset their Decathlon account credentials and any other accounts using that same information. In addition, they should enroll in a credit and identity monitoring service to ensure that this information isn’t being misused.

Customers Impacted: 123,000,000

How it Could Affect Your Customers’ Business: Data breaches have far-reaching, long-lasting consequences for every victim, which makes avoidable incidents especially problematic. In 2020, cybersecurity might be a company’s most significant priority, as a failure in this regard can eliminate profits, put organizations out of business, and cause extensive damage to peoples’ lives.


Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News

A New Scam Targets Data Breach Victims

The costs associated with a data breach are well-documented, but they carry unique implications for each individual impacted by a data loss event. Now, a new scam is targeting data breach victims who are looking to recoup financial losses or exact justice. This scam originates from a website claiming to be run by the US Trade Commission, and it promises to provide financial compensation for data breaches involving personal data.

Unfortunately, the US Trading Commission does not exist, and the fraudulent website is collecting personal information, including names, credit card numbers, and Social Security numbers, which the website claims will be used for identification purposes. While the website boasts many hallmarks of a phishing scam, it can be enticing for victims to provide this information out of desperation or frustration.

Unfortunately, there isn’t a magic cure after a data breach hits. Instead, companies need to focus on their defensive strategies before an attack. For instance, securing accounts using two-factor authentication, training employees to spot phishing scams, and assessing your network for unseen vulnerabilities are all steps that companies can take to help ensure that a breach doesn’t occur in the first place.

https://www.thespectrum.com/story/news/local/mesquite/2020/02/24/dont-fall-scam-site-promises-pay-data-breaches/4858038002/

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.