The Week in Breach: 05/20/20-05/26/20 | CloudSmart IT

The Week in Breach: 05/20/20-05/26/20

This week, accidental data exposure erodes brand reputation, ransomware disrupts operations, and insurers increase their scrutiny of cybersecurity policies.  

Dark Web ID Trends:

  • Top Source Hits: ID Theft Forums
  • Top Compromise Type: Domain
  • Top Industry: High-Tech & IT
  • Top Employee Count: 11 – 50

United States – Edison Mail   

Exploit: Coding error

Edison Mail: Email application 

gauge showing severe risk

Risk to Small Business: 2.171 = Severe

A coding error in Edison Mail’s popular iOS app allowed messages to be viewed by other users. The update was released on Friday, May 15th, and the company claims that it was repaired by the end of the weekend. However, for an app that touts its advanced security features, this oversight undermines one of its primary selling points. What’s more, three days is an eternity in the cybersecurity space, giving bad actors ample time to take advantage of this vulnerability. Users, incensed by the oversight, aggressively criticized the platform on social media, adding a PR component to an already-arduous recovery process. 

gauge indicating moderate risk

Individual Risk: 2.602 = Moderate

The app’s flaw only applies to iOS users who downloaded the update on May 15th. Many victims noted that they could read up to 100 emails from accounts that didn’t belong to them, potentially compromising anything in those messages. Those impacted by the breach should carefully monitor their accounts for misuse, and they should consider enrolling in credit and identity monitoring programs to help secure their information if it falls into the wrong hands.  

Customers Impacted: Unknown

How it Could Affect Your Business: After years of seemingly endless cybersecurity incidents, many consumers are finally fed up with companies that can’t protect their privacy. As many users commented on social media, this event undermined their trust in the application, which could prompt them to turn to a competitor for a more compelling platform. In this way, cybersecurity can be considered a bottom-line differentiator that can make or break companies in the digital economy.    

United States – Home Chef

Exploit: Unauthorized database access 

Home Chef: Meal kit & food delivery company 

gauge showing severe risk

Risk to Small Business: 1.790 = Severe

Hackers obtained a database containing customer data, and sold the information on the Dark Web. The database, which was lifted in a data breach in early May, was available for just $2,500, and it contains the personal data for more than 8 million customers. This incident will further stigmatize Home Chef, which is still grappling with the cybersecurity implications of the previous breach.  

gauge showing severe risk

Individual Risk: 1.980 = Severe

The database stored customer details, including email addresses, encrypted passwords, partial credit card information, genders, ages, and subscription information. Victims should immediately update their Home Chef account passwords and any other platform credentials using the compromised data. In addition, they should carefully monitor their online accounts for instances of fraud or misuse. 

Customers Impacted: 8,000,000

How it Could Affect Your Business: Customers’ personal data is a valuable commodity, and there is an army of ready buyers on the Dark Web. In response, every company needs to know when their company or client data is being circulated in this nefarious environment, potentially giving them an opportunity to respond before bad actors can capitalize on its availability. 

United States – Wishbone

Exploit: Unauthorized database access

Wishbone: Poll & Comparison App

gauge showing severe risk

Risk to Small Business: 1.562 = Severe

A company database was stolen by hackers, who then released the data in full on the Dark Web. The information was captured as part of a cybersecurity incident that occurred in January 2020, and it’s unclear why it took Wishbone more than five months to identify the incident. This is the second cybersecurity incident for the perennially popular company. Now, consumers are much less forgiving. In addition, today’s regulatory environment is significantly more critical of companies’ cybersecurity stance, which could contribute to a multifaceted problem for the platform moving forward.

gauge showing severe risk

Individual Risk: 1.670 = Severe

Users’ personal data was exposed in the breach. This includes usernames, email addresses, phone numbers, hashed passwords, and profile pictures. This information is easily obtained on the Dark Web, and everyone impacted should immediately update their account passwords and take steps to secure their personal details. Since this information can quickly be redeployed in a spear phishing campaign, victims need to be especially vigilant about monitoring the veracity of incoming messages.

Customers Impacted: 40,000,000

How it Could Affect Your Business: Consumers and data privacy regulators are increasingly critical of companies that fail to protect customer data. Moving forward, it’s evident that data security will be a bottom-line issue for many companies, as they will rely on their defensive capabilities to bolster consumer sentiment and to ward off regulators, both of whom are ready to hold businesses accountable for privacy violations.

United States – Mathway

Exploit: Unauthorized database access 

Mathway: Online tutoring and mathematics education platform

gauge showing severe risk

Risk to Small Business: 1.807 = Severe

Hackers accessed a company database and made it available for sale on the Dark Web. The breach was first detected by cybersecurity researchers when the platform’s data was available for private purchase. Now, it’s widely available to bad actors for $4,000. The incident is especially untimely, as students and teachers turn to online platforms to supplement learning opportunities while schools operate remotely. It could impact the platform’s ability to capitalize on this prominent moment for ed-tech services.   

gauge showing severe risk

Individual Risk: 1.780 = Severe

While Mathway is unable to detail specific data sets compromised in the breach, they acknowledged that users’ account credentials were exposed. Consequently, all users should reset their account passwords and continue to monitor their accounts for instances of fraud. As the company provides more specific details, users should continue to adjust their response accordingly. 

Customers Impacted: 25,000,000

How it Could Affect Your Business: There are millions of account credentials available on the Dark Web, and businesses that are serious about securing their data will put an additional layer of protection between login credentials and IT infrastructure. Taking simple steps, like adding Dark Web monitoring to a company’s cybersecurity plan, can help companies keep their data secure even when passwords are compromised. 

Cyprus – Covve

Exploit: Unauthorized database access  

Covve: Address book app    

gauge indicating severe risk

Risk to Small Business: 2.208 = Severe

A cybersecurity researcher identified an unsecured database containing millions of customers’ personal data. The database was first discovered in February, but the breach wasn’t linked to Covve until May 15th. It took the company several days to identify the scope of the incident before notifying customers. Although the company notes that the breach contains “mostly scrapable data from public sources,” it will undoubtedly have meaningful customer satisfaction and public relations blowback for the company.  

gauge indicating moderate risk

Individual Risk: 2.702 = Moderate

The exposed database includes some users’ names, job titles, email addresses, phone numbers, and physical addresses. Covve notes that account details, including login credentials, remain secure, but this information can be repurposed for numerous identity and financial crimes. Those impacted by the breach should enroll in an identity monitoring service to ensure the long-term integrity of their information, and they need to carefully vet their incoming messages to identify potential spear phishing messages.  

Customers Impacted: 23,000,000 

How it Could Affect Your Business: Today’s companies are constantly under siege from bad actors, making an accidental, avoidable data breach especially problematic. Given the numerous ways that company or customer data can make its way into the wrong hands, every company needs advanced notification when their information could be compromised.

United Kingdom – EasyJet    

Exploit: Unauthorized database access 

EasyJet: Airline 

gauge showing severe risk

Risk to Small Business: 1.809 = Severe

Hackers accessed EasyJet’s network, compromising customer details and exposing them to potential cybersecurity risks. The company took quick action to secure compromised IT, but the breach will still have costly implications for the company, which now has a triumvirate of responsibilities, including repairing IT vulnerabilities, restoring customer trust, and addressing regulatory scrutiny. The timing couldn’t be worse, as the airline industry, like many sectors, has been severely degraded by the COVID-19 pandemic, making this breach especially problematic for the company.  

gauge showing severe risk

Individual Risk: 2.191 = Severe

Customers’ personally identifiable information was exposed in the breach. This includes usernames, passwords, credit card numbers, and passport credentials. The company encourages customers to carefully monitor incoming communications, as this information is often used to craft convincing-looking spear phishing campaigns. In addition, customers should consider enrolling in a credit or identity monitoring service to help ensure their information’s security even after the immediate crisis subsides.

Customers Impacted: 9,000,000

How it Could Affect Your Business: As many companies begin turning their attention to post-COVID-19 recovery strategies, the growing number of cybersecurity risks threaten to undermine these efforts. Companies looking to thrive after the crisis need to address these risks that stand in opposition to data security and many organizations’ viability.

Australia – BlueScope Steel   

Exploit: Ransomware 

BlueScope Steel: Steel manufacturer

gauge showing severe risk

Risk to Small Business: 1.702 = Severe

A cybersecurity incident at the steel producer has disrupted operations at the company’s Australia-based facilities. In response, the company shuttered parts of its digital operations, reverting to manual operations whenever possible. BlueScope Steel expects its capabilities to be diminished as it works to recover from this disruptive cyberattack.

Individual Risk: At this time, no personal data was compromised in the breach.  

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware attacks are a uniquely expensive cyber threat. Not only do they force companies to pay high recovery costs, but the productivity loss and opportunity costs compound the problem. These attacks are not inevitable. Companies can defend against these attacks by ensuring that their digital environment doesn’t offer a foothold to bad actors.

Australia – The Toll Group

Exploit: Ransomware 

The Toll Group: Transportation and logistics company   

gauge indicating extreme risk

Risk to Small Business: 1.205 = Extreme

The cascading consequences of a January cybersecurity incident are becoming increasingly apparent for The Toll Group. Earlier this month, the logistics company suffered a ransomware attack predicated on this earlier network compromise. The incident included data exfiltration. That information has now been shared and sold on the Dark Web, complicating an already arduous recovery process for the company and its customers. This incident is a reminder that cybercriminals are no longer content to encrypt networks in hopes of a financial windfall. They are willing to steal and sell company data to ensure that they earn a return on their efforts. 

gauge showing severe risk

Individual Risk: 1.407 = Severe

The compromised server contains personal information for many past and present employees. While the company didn’t identify the specific data points, employees should assume the worst and take precautionary measures to secure their personal and financial information. This includes monitoring accounts for suspicious activity and enrolling in credit and identity monitoring services to oversee their personal information 

Customers Impacted: Unknown

How it Could Affect Your Business: This incident highlights a troubling trend in ransomware. Criminals are exfiltrating data before encrypting company networks, creating multifaceted income streams that make their work more lucrative, and, consequently, more advantageous. However, ransomware attacks are not inevitable, and companies can defend their networks and data by ensuring that their accounts are secure and their network is protected against bad actors. 

Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

In Other News

Verizon’s 2020 Data Breach Investigations Report Narrows Down the Threat Landscape     

Cybersecurity is a known threat that can be hard for non-tech folks to understand and can be seen as too broad to truly prioritize. Giving solid, actionable information about the nature and frequency of today’s threats is helpful when illustrating why cybersecurity matters. Verizon’s 2020 Data Breach Investigations Report shows that threats continue to grow and lays out a few facts that make it easier to quantify the importance of strong security, especially when supporting a remote workforce. 

More than two-thirds of all data breaches are attributable to just three factors: credential theft, social engineering attacks like phishing scams, and human error.  

Insider threats are a constant problem in the breach landscape, and that hasn’t changed.  While we usually think of threats as coming from outside an organization, malicious insider threats are incredibly devastating and need to be a major concern. 

The listed attack methodologies comprise the most likely vulnerabilities, allowing businesses to respond with more pinpoint precision. Cybersecurity tools are becoming more effective at blocking common malware strains, with human error overtaking malware this time. Some of it still gets through,  though especially as part of a phishing attack. 

The threat of phishing attacks has never been higher, making updated training and testing essential. Although technology has become more successful at filtering phishing scams, many continue to make their way to employees’ inboxes, which is why the report called for businesses to implement security awareness training programs to combat these attacks.  

While today’s threat landscape is ominous and expansive, Verizon’s latest report makes it clear that businesses can make significant improvements to their defensive posture by prioritizing the most prescient risks in a comprehensive digital risk protection strategy.

Need to Know

Cyber Insurers Increase Scrutiny of COVID-19 Claims As the Pandemic Increases Their Submission  

Businesses hoping to rely on cybersecurity insurance coverage to offset the cost of a data breach may have a more difficult time recouping their losses. According to reporting by The Wall Street Journal, insurers are becoming increasingly critical of cybersecurity-related claims. Specifically, companies are adding questions to surveys used to calculate premiums and assess damages.  

In some ways, this change is the result of a rapid shift to remote work. As we’ve covered extensively, remote work comes with many cybersecurity risks, and insurers are hedging their bets, assuming that they could incur an influx of claims as companies fail to grapple with the ramifications of remote work. For businesses, this is a reminder that they shouldn’t rely on cyber insurance to bail them out if they have a cybersecurity incident. Instead, they should invest in the tools that can prevent a cybersecurity incident in the first place.

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.