The Week in Breach: 10/07/20-10/13/20

This week medical providers aren’t just battling COVID-19, they’re also battling cybercrime, malicious insiders cause chaos, and studies show how frequently customers break up with businesses that have a data breach.

The Week in Breach News: Dark Web ID’s Top Threats This Week


  • Top Source Hits: ID Theft Forum
  • Top Compromise Type: Domain
  • Top Industry: Education & Research
  • Top Employee Count: 501+

The Week in Breach News – United States 


United States –  Boom! Mobile

https://securityaffairs.co/wordpress/108925/malware/ajg-ransomware-attack.html 

Exploit: Skimming (MageCart)

Boom! Mobile: Telecom 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.997 = Severe

Credit card skimming software has landed at Boom! Mobile, courtesy of the cybercriminal skimmers at Fullz House. The card skimmer code settled in, collecting payment card information from input fields every time it detects any changes and immediately exfiltrating the harvested data for a week. The company’s mobile payment system is still undergoing repairs.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.517 = Severe

Customers of Boom! Mobile who made electronic payments through the company’s website should consider their credit card information compromised and be alert to potential identity theft or fraud using that account.

Customers Impacted: Unknown

How it Could Affect Your Business: Malware like this runs on a script that’s been grafted into the payment system, meaning cybercriminals have access to the nuts and bolts of that business.


United States – Friendemic

https://www.infosecurity-magazine.com/news/marketing-firm-spills-nearly-three/

Exploit: Unsecured Database 

Friendemic: Marketing Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.227 = Severe

Digital marketing firm Friendemic committed a classic blunder that led to a nasty data breach. An unsecured Amazon S3 bucket resulted in the exposure of  2.7 million records including full names, phone numbers, and email addresses, alongside 16 OAuth tokens stored in plaintext. The company noted that the information was not current customer data and the OAuth tokens were not currently in use.

Individual Risk: No individual information was reported as compromised in this incident, although the potential is there. No details about the uncovered data are available.

Customers Impacted: Unknown

How it Could Affect Your Business Failing to secure a database, even an old one, shows a basic lack of attention to cybersecurity best practices, and that doesn’t build customer confidence.


United States – AAA Ambulance Service, Inc.

https://www.hattiesburgamerican.com/story/news/local/hattiesburg/2020/10/05/aaa-ambulance-service-hattiesburg-ms-reports-july-data-breach/3625304001/

Exploit: Ransomware

AAA Ambulance Service, Inc.: Ambulance Service 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.602 = Severe

Hattiesburg, Mississippi based AAA Ambulance Service, Inc. is just one of several medical sector targets impacted by ransomware this week. A ransomware attack was repelled by the company’s security in July, but it was recently discovered that some client data was obtained around August 2020.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.316 = Severe

Personal information about clients of the service was obtained by hackers, including client date of birth, Social Security number, driver’s license number, financial account number, diagnosis information, medical treatment information, patient account number, prescription information, medical record number, and health insurance information. Customers who may have been impacted have been contacted by the company and are also being offered complimentary credit monitoring services through TransUnion.

Customers Impacted: Unknown

How it Could Affect Your Business: Serious personal information deserves serious security – and even a seemingly unsuccessful cyberattack can still result in data loss. Not only will healthcare sector companies have to pay recovery costs, but they’ll also be on the hook for regulatory penalties.


United States – Chowbus

https://www.businessinsider.com/chowbus-data-breach-leaked-information-hundreds-thousands-users-2020-10

Exploit: Accidental Insider Threat

Chowbus: Asian Food Delivery Service

cybersecurity news represented by a gauge indicating moderate risk

 

Risk to Business: 2.267 = Moderate

A Chowbus staffer committed a blunder this week, resulting in a massive cybersecurity disaster. An email address registered with the company sent a link to files containing details of about 4,300 restaurants as well as information for 400,000 customers. So far, the incident appears to be a simple human error.

cybersecurity news represented by a gauge indicating moderate risk

 

Individual Risk: 2.660 = Moderate

The 400,000 customer accounts leaked included clients’ names, postal addresses, phone numbers, and email addresses. All of the impacted accounts may not be unique, and no payment data was compromised. The restaurant information included was not specified.

Customers Impacted: 4,300 restaurants and approximately 400,000 customers.

How it Could Affect Your Business: The number one cause of a data breach never really changes – human error is typically at fault, whether it’s giving up a phished password or making an email forwarding mistake.


United States – Daniel B. Hastings

https://www.freightwaves.com/news/ransomware-hackers-claims-attack-on-texas-customs-broker

Exploit: Ransomware

Daniel B. Hastings: Freight Forwarder

cybersecurity news represented by a gauge indicating moderate risk

 

Risk to Business: 2.326 = Moderate

In the latest incident in a spate of recent trucking and freight transport industry cyberattacks, Laredo, Texas-based Daniel B. Hastings was hit with a ransomware attack. the Conti ransomware group posted a selection of the company’s files on Saturday, and sources say that they appear authentic. They include completed U.S. Customs and Border Protection documents for shipments involving multiple countries, companies, and modes of transport.

Individual Risk: No personal data has been reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is a devastating weapon that bad actors are using to shut down essential services and attacks in the transportation and freight sectors have been increasing, with recent incidents involving several trucking and shipping companies.


United States – Georgia Department of Human Services 

https://www.cbs46.com/news/cyber-attack-targets-georgia-department-of-human-services/article_57f9749e-0a72-11eb-a724-3b34ced6f18f.html

Exploit: Employee Email Account Compromise 

Georgia Department of Human Services: State Agency 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.414 = Extreme

A massive breach at the Georgia Department of Human Services has left the highly sensitive data of adults and children in Child Protective Services (CPS) cases of the DHS Division of Family & Children Services (DFCS). The employee email account compromise ocurred in May 2020. Georgia DHS secured the account quickly, but damage included

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.202 = Extreme

Extremely sensitive information about parens, children, and families that has contact with DFCS was stolen in this attack, including full names of children involved in those cases and household members, relationship to the child receiving services, county of residence, DFCS case numbers, DFCS identification numbers, date of birth, age, number of times contacted by DFCS, an identifier of whether face-to-face contact was medically appropriate, phone numbers, email addresses, Social Security numbers, Medicaid identification numbers, Medicaid medical insurance identification numbers, medical provider names and appointment dates, plus some psychological reports, counseling notes, medical diagnoses, or substance abuse information and bank information.

Customers Impacted: Unknown

How it Could Affect Your Business: Not only does a data breach leave a huge mess of expensive cleanup behind, in many industries like healthcare, a data breach can also mean your organization will be paying big regulatory penalties and fines too.


The Week in Breach News – Canada


Canada – Unity Health Toronto

https://www.canadiansecuritymag.com/toronto-hospital-network-says-info-of-about-150-patients-allegedly-stolen/

Exploit: Unauthorized Database Access (Malicious Insider) 

Unity Health Toronto: Hospital

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Risk to Business: 1.969 = Severe

A malicious insider caused a hubbub at a Canadian hospital. A disgruntled staffer at a third-party service provider stole patient information from Unity Health Toronto, which they then followed up with an attempt to extract payment from the organization for the return of the data. Unity Health Toronto disclosed that at least 150 patient records were impacted in this insider incident.

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Individual Risk: 1.994 = Severe

The records exposed contained patient names, medical history, diagnoses and treatments, according to the network. The company noted that no financial or health insurance information was included.

Customers Impacted: 150

How it Could Affect Your Business: Third party risk is a problem that every business faces in our increasingly interconnected world. When sensitive data is involved, the need to secure information that third party vendors have access to that could harm your business is paramount.


The Week in Breach News – United Kingdom & European Union


United Kingdom – Ardonagh Group 

https://www.theregister.com/2020/10/06/ardonagh_group_ransomware/

Exploit: Ransomware

Ardonagh Group: Insurance Broker 

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Risk to Business: 2.319 = Severe

Top UK insurance broker Ardonaugh fell victim to a damaging ransomware attack that caused it to suspend 200 internal accounts, including accounts with admin privileges, as the infection progressed. Recovery operations are currently underway and a company spokeswoman noted that they’re working with third-party forensic and IT experts to manage the situation.

Customers Impacted: Unknown

How it Could Affect Your Business: Phishing-based email threats are a danger for any company, and they’re only increasing as cybercriminals take advantage of a wealth of cheap data and software for conducting these attacks on the Dark Web.


United Kingdom – Wisepay 

https://news.yahoo.com/wisepay-school-payments-hit-cyber-155028223.html

Exploit: Skimming 

Wisepay: Student Payment Account Provider 

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Risk to Business: 2.022 = Severe

Parents that use Wisepay to pay for their children’s ancillary school expenses experienced a shock this week when it was uncovered that the system had been breached by cybercriminal credit card skimming. The attacker was able to harvest payment details between October 2 and 5 via a spoof page. Attempted payments to about 300 schools have been affected by the scam.

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Individual Risk: 2.312 = Severe

Any credit cards used to add money to student or school accounts during that window have likely been captured. Users should beware of fraudulent charges and identity theft attempts.

Customers Impacted: Unknown

How it Could Affect Your Business: Payment skimmers are a fast and easy way for cybercriminals to make a quick profit, but disastrous for the merchants and services that are hit with skimming attacks, shaking customer confidence and exposing systems access weaknesses.


Ireland – University Hospital Limerick

https://www.informationsecuritybuzz.com/expert-comments/experts-on-gardai-investigate-major-data-breach-at-limerick-hospital/

Exploit: Information Theft/Malicious Insider

University Hospital Limerick: Medical Center

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.636 = Moderate

In a strange event, University Hospital Limerick suffered a data breach caused by a malicious insider that exposed patient information on social media. The culprit, a rogue non-HSE employee, leaked records obtained from the hospital pharmacy containing the details of treatment and personal information for more than 600 patients, including 95 children.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.822 = Moderate

The hospital has sent letters to notify those affected. The data exposed included the impacted patients’ names, dates of birth, and medicines dispensed from the hospital pharmacy between April 18 and April 22, 2020. No payment, insurance, or health record data was included.

Customers Impacted: 630

How it Could Affect Your Business: While most insider threats are accidental incidents caused by carelessness or employee error, more than 20% of cybersecurity incidents are caused by malicious insiders.


Germany – Software AG

https://www.zdnet.com/article/german-tech-giant-software-ag-down-after-ransomware-attack/

Exploit: Ransomware

Software AG: Software Company 

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 2.377 = Severe

German tech giant Software AG ran afoul of a ransomware gang that’s demanding more than $20 million for the encryption key to some of their sensitive data. The gang, identified as Clop, posted samples of the data to the Dark Web after negotiations hit an impasse, including sensitive business data like employee passport and ID scans, employee emails, financial documents, and directories from the company’s internal network.

cybersecurity news represented by agauge showing severe risk

 

Individual Risk: 2.417 = Severe

The posted data shows that the gang obtained some employee personal data, and may have also obtained financial data. Employees should remain alert for potential identity theft, spear phishing, and fraud attempts

Customers Impacted: Unknown

How it Could Affect Your Business: Phishing is today’s biggest cybersecurity risk, and ransomware is one of the reasons why it’s an IT professional’s nightmare.


The Week in Breach News – Australia & New Zealand


Australia – Snewpit

https://cybernews.com/security/australian-social-news-platform-leaks-80000-user-records/

Exploit: Unsecured Database

Snewpit: News Sharing Platform

 
cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 2.411= Severe

Cybersecurity researchers discovered an unsecured and exposed data bucket that belongs to Snewpit, an Australian news sharing platform. The unsecured bucket contains close to 80,000 user records, including usernames, full names, email addresses, and profile pictures. The bucket has since been secured.

 
cybersecurity news represented by agauge showing severe risk

 

Individual Risk: 2.301 = Severe

The exposed data included 256 video files filmed and uploaded by Snewpit users and developers, 23,586 image files of photos documenting local events that were uploaded by the users, and 4 CSV files, one of which contained 79,725 user records, including full names, email addresses, usernames, user descriptions, last login times, and total time spent in the Snewpit app, among other metrics.

Customers Impacted: 79,725

How it Could Affect Your Business: Leaving user records and other proprietary data available in an unsecured database is a rookie move, and speaks to that company’s relationship with cybersecurity.


The Week in Breach News Guide to Our Risk Scores


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

 

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


The Week in Breach: Featured Briefing


COVID 19 Related Data Breaches Rocked Almost Half of Businesses


In 2020, cybercrime has skyrocketed. 80% of firms have seen an increase in cyberattacks. Phishing attempts have increased by more than 660%. Ransomware attacks jumped by more than 140% in March 2020 alone. And most disturbing of all, almost half of businesses were impacted by a COVID-19 related cyberattack in 2020, with 47% reported experiencing five or more attacks.

A perfect storm of factors combined to make that happen. The shattered global economy quickly created a greater hunger for data in Dark Web markets, especially COVID-19 related medical data. Stay-at-home orders brewed up a sudden influx of pandemic-stressed, newly remote workers. Plus, everyone was hunting for reliable information about the crisis.

Conditions in 2020 have been ideal for cybercrime, and bad actors have been quick to take advantage of that. It’s not even completely clear yet just how many organizations have been hit – 63% of security leaders in a recent survey admit it’s likely their systems suffered an unknown compromise over the past year.

 


One important lesson to learn from the COVID-19 related cybercrime bonanza is the importance of simple security tools. They may not be full of bells and whistles, but they’re full of value. That’s why secure identity and access management has moved to the head of the class as a cybersecurity superstar in a rapidly-shifting risk landscape, and that’s good news for MSPs.

Remote identity and access management is a key priority for many CISOs this year for good reason – it protects businesses from many dangers without killing IT budgets.

The Week in Breach: Need to Know


Customers Are Ready to Break Up With Businesses That Have Breaches

While data breach can be an expensive and complex recovery proposition for your company, there’s one area that you may never fully repair: customer trust. Customers are indicating that they’re more motivated than ever to terminate their relationships with firms that can’t keep their data safe – and that’s bad news for the 49% of companies that will experience a data breach this year.

While that number is high (and continues growing) there’s one sure-fire way to reduce your risk of joining the club. That’s good news for your business because a recent cybersecurity poll determined that customers are 84% less likely to do business with a company that’s been breached.

The secret? Security awareness training. Engaging in regularly updated security awareness training including phishing resistance training is crucial for reducing your risk of having a cybersecurity incident. Adequate cybersecurity awareness training reduces your chance of a disaster like a data breach by up to 70%.

Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.