The Week in Breach: 03/10/21-03/16/21

 
 

This week Molson Coors goes dry after a cyberattack impacts production and ransomware halts unemployment assistance in Spain.


United States – Molson Coors

https://edition.cnn.com/2021/03/11/tech/molson-coors-cybersecurity-hack/index.html

Exploit: Hacking

Molson Coors: Brewing Conglomerate

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.727 = Severe

Molson Coors told regulators that they’ve experienced a serious cybersecurity incident. The hack has taken its systems offline, delaying and disrupting parts of Molson Coors’ operations, including its production and shipments.

Individual Impact: No sensitive personal or financial information was announced as impacted in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Hacking that disrupts production is a big problem, and reassessing cybersecurity training is a good idea after a serious incident like this.


United States – Premier Diagnostics

https://www.infosecurity-magazine.com/news/utah-company-unsecured-server/ 

Exploit: Unsecured Database

Premier Diagnostics: Medical Testing

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.872 = Severe

Utah medical testing company Premier Diagnostics has exposed the sensitive information of more than 50,000 customers by storing personally-identifying information on an unsecured server. The breach at Premier Diagnostics was discovered by researchers and contains sensitive customer data including scans of passports, health insurance ID cards, and driver’s licenses. Patients affected are from Utah, Nevada and Colorado.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.612 = Severe

Patients should be aware of this information being used for identity theft and spear phishing.

Customers Impacted: 50,000

How it Could Affect Your Customers’ Business Sensitive PII requires stong protection, esopecially in the medical sector, because failure to keep it safe incurs huge fines.


United States – University of Texas at El Paso

https://www.infosecurity-magazine.com/news/hackers-target-texas-university/

Exploit: Hacking

University of Texas at El Paso: Institution of Higher Learning 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.212 = Severe

The computer network of the University of Texas at El Paso had to be shut down as technicians discovered a significant cyberattack in progress. Email and the server hosting the university’s website were affected by the incident, forcing faculty and students to communicate via Blackboard. The cyber-attack has also led to the closure of the university’s walk-up COVID-19 testing sites.

Individual Impact: No sensitive personal or financial information was announced as impacted in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Hackers can disrupt large parts of an operation fast, leaving businesses scrambling to get back to work and causing lost revenue.


United States -Cochise Eye & Laser

https://www.infosecurity-magazine.com/news/ransomware-attack-on-arizona/

Exploit: Ransomware

Cochise Eye and Laser: Optometry

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.727 = Severe

A ransomware incident at an optometrist located in Sierra Vista, Arizona, has affected up to 100,000 patients. In a recent breach notice, Cochise Eye and Laser informed regulators that the practice has been hit by ransomware, encrypting the office’s patient scheduling and billing software.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.603 = Severe

Patient data stored in the billing software included names, dates of birth, addresses, phone numbers, and in some cases Social Security numbers. There is no evidence that data was exfiltrated, but customers of this practice sjould be ready for potential identity thefy or phishing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: This is a tremendous problem for businesses of every size, and even without confirmation that data was stolen the practice will be dinged with a substantial fine.


Canada – Canada Revenue Agency (CRA)

https://www.ctvnews.ca/canada/experts-call-on-cra-to-get-serious-about-cybersecurity-after-800k-users-locked-out-as-a-precaution-1.5346546

Exploit: Hacking

Canada Revenue Agency (CRA): National Taxation Authority

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.102 = Extreme

The CRA has locked down 800,000 online taxpayer accounts following an internal investigation that found user logins and other sensitive information may have been hacked. The agency noted that it could take until March 22 for the issues to be resolved.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: 800,000

How it Could Affect Your Customers’ Business: Reports say that this hack was likely discovered by dark web monitoring, preventing a potential cybersecurity disaster.

 


United Kingdom – West Ham Football Club

https://www.infosecurity-magazine.com/news/west-ham-supporters-personal/

Exploit: Unsecured Database

 West Ham Football Club: Professional Sports Team

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.775 = Moderate

English Premier League football club West Ham United appears to have accidentally leaked personal data of supporters on its official website. Cybersecurity experts believe it is likely the problem was caused by an internal error.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.802 = Moderate

Details of fan account profiles including full names, dates of birth, telephone numbers, address and email address were displayed when supporters attempted to log into the club’s ticketing website.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Human error is the top cause of cybersecurity incidents. Improve security awareness training for everyone in the organization to reduce it.


Scotland – University of the Highland and Islands (UHI) 

https://www.theregister.com/2021/03/08/uni_highlands_islands_cyber_incident/

Exploit: Ransomware

University of the Highland and Islands (UHI): Institution of Higher Learning 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.603 = Severe

The University of the Highlands and Islands (UHI) in Scotland has been hit with a suspected ransomware attack that has shut down its campuses. All 13 locations across were impacted as well as its Brightspace virtual learning environment.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is almost always part of a phishing attack. 


Spain – State Public Employment Service (SEPE)

https://www.cyberscoop.com/spain-ransomware-employment-agency-sepe/

Exploit: Ransomware

State Public Employment Service (SEPE): Government Agency 

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 2.020= Severe

The cyberattack on Spain’s State Public Employment Service (SEPE) affected the agency’s offices around the country, forcing employees to use pen and paper to take appointments. The suspected ransomware attack disrupted operations at the authortity for unemployment assistance snarling progress for for hundreds of thousands of unemployed Spainiards. The incident is under investigation.

Individual Impact: No sensitive personal or financial information was declared as compromised immediately but the investigation is ongoing and more details may emerge.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware doesn’t discriminate, and even a narrow impact can have big consequences for operations, causing delays and dissatisfaction for clients.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

 

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.




Protect Your Business From Third-Party and Supply Chain Cybersecurity Disasters 


As was recently illustrated by the Microsoft hack, third-party and supply chain risk is a threat that every business is vulnerable to in our interconnected world. But not all of your vendors, service providers, or partners take information security seriously, and that creates risk for your business.

Over 90% of US businesses experienced a cybersecurity incident like a data breach in 2020 because of a third-party or supply chain risk. These businesses didn’t make a cybersecurity misstep themselves – another company created vulnerabilities for them. Often these are vulnerabilities that you won’t even know about until it’s too late.

Third-party and supply chain risk will continue to be a growing problem in 2021 and beyond. The data that cybercriminals glean from data breaches inevitably makes its way into dark web markets and data dumps, providing ample fuel for future cyberattacks. Data breaches exposed 36 billion records in the first half of 2020 alone, feeding plenty of cybercrime. 

This is just one increasing risk factor in 2020. As the fallout from the global pandemic settles, more risk from dark web sources will become a problem for businesses. Even cybercriminals have to work a little harder these days to make ends meet. Don’t let them snatch your piece of the pie – add dark web monitoring today to stay in the know about your company’s risk.

Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 844.200.0549 today for your no-cost, no-obligation consultation.