The Week in Breach: 12/18/19 – 12/24/19 | CloudSmart IT

The Week in Breach: 12/18/19 – 12/24/19

This week, online stores can’t protect their customers, ransom causes chaos at school, and CCPA prepares to go into effect.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums
Top Compromise Type: 
Domain
Top Industry: 
Education & Research
Top Employee Count: 
501+ Employees 


United States – Rooster Teeth Productions 

https://www.bleepingcomputer.com/news/security/attackers-steal-credit-cards-in-rooster-teeth-data-breach/

Exploit: Malware attack
Rooster Teeth Productions: Entertainment production company

extreme gauge Risk to Small Business: 2 = Severe: Hackers injected malware into the company’s online store that siphoned off customers’ payment details at checkout. The breach was first detected on December 2nd, and the company claims that the malware was removed on the same day. However, it’s unclear why they waited several weeks before notifying customers of the breach. Rooster Teeth Productions has sent breach notification letters to those impacted by the incident, but the episode will certainly have a negative impact on the brand’s reputation at a critical time of year for sales.
twib-severe Individual Risk: 2.285 = Severe: Those impacted by the breach had their names, email addresses, telephone numbers, physical addresses, and payment card information stolen in the breach. As a result, they should immediately contact their financial institutions to report the breach. Rooster Teeth Productions is offering a free year of identity monitoring services, and enrolling in this service can offer long-term oversight of personal data.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The timing of this data breach couldn’t be worse. Customers continually demonstrate that they aren’t willing to make purchases from platforms that can’t secure data, so Rooster Teeth Productions will almost certainly lose business during the busy holiday shopping season. Any company relying on e-commerce sales needs to understand cybersecurity risks and take necessary steps to ensure their revenue centers do not become liabilities. 


United States – Conway Medical Center

https://www.beckershospitalreview.com/cybersecurity/south-carolina-hospital-alerts-2-550-patients-of-data-breach.html

Exploit: Phishing attack
Conway Medical Center: Healthcare provider

twib-severe Risk to Small Business: 1.555 = Severe: Several employees fell for a phishing scam that provided hackers access to patients’ personal data. Although the healthcare provider quickly identified the intrusion and cut off access to those accounts, they can’t recover information already accessed by cybercriminals. As a result, Conway Medical Center will face regulatory scrutiny, which often results in fines and other penalties that can damage their reputation and profitability.
twib-severe Individual Risk: 2 = Severe: Hackers had access to patients’ personally identifiable information, including their names, dates of birth, Social Security numbers, phone numbers, dates of admission, account numbers, and account balances. Conway Medical Center is providing free identify and credit monitoring services to those impacted by the breach, and those affected should enroll in these services. In addition, they should be vigilant about monitoring their accounts for unusual or suspicious activity.

Customers Impacted: 2,250
How it Could Affect Your Customers’ Business: This major cybersecurity incident was entirely avoidable since phishing scams are only effective if employees engage with malicious emails. Unfortunately, Conway Medical Center will now bear the cost of credit and identity monitoring services for thousands of patients, as well as the fines and penalties that often accompany a breach. In contrast, comprehensive employee awareness training is a bargain, protecting your company against the phishing attacks that will inevitably make their way to employee inboxes. 


United States – Central Square Technologies 

https://www.cbs46.com/news/security-breach-threatens-credit-card-info-of-marietta-utility-customers/article_b70e1b7e-21f2-11ea-8797-834dde57a97e.html

Exploit: Malware attack
Central Square Technologies: Technology services provider for public sector agencies

extreme gauge Risk to Small Business: 1.888 = Severe: Hackers compromised the Click2Gov payment system that allowed customers to pay their utility bills online, allowing them to siphon off payment details from customers. Specifically, the breach impacts the City of Marietta, as customers who entered payment information on the website between August 26th and October 26th may have had their credit card information stolen. However, the breach does not impact those paying in person, over the phone, or who are enrolled in the auto-pay system. Unfortunately, the company didn’t identify the breach until early December, which will complicate their recovery efforts and place customers at higher risk for data misuse.
twib-severe Individual Risk: 2.428 = Severe: The data breach compromised customers’ personal and payment details. Those impacted by the breach should contact their financial institutions to notify them of the breach, and they should carefully monitor their accounts for unusual activity both now and during the period when accounts were compromised.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Third-party partnerships are essential business initiatives in today’s digital environment, but when they result in a cybersecurity incident, the repercussions often far outweigh the opportunities. Moreover, vendors with a track record for lax cybersecurity standards will likely find it difficult to find customers willing to work with them, making data security a critical component of any successful business model. 


United States – Nexus Mods

https://www.bleepingcomputer.com/news/security/nexus-mods-game-modding-site-discloses-data-breach/

Exploit: Unauthorized database access
Nexus Mods: Game modification website

twib-severe Risk to Small Business: 2.111 = Severe: Hackers exploited a legacy codebase on the platform to access user credentials. Although the company discovered the breach in November, they just revealed it this week, a move that will likely increase the customer blowback from the incident. While Nexus Mods moved up the development of new software and worked to mitigate the risks posed by their outdated code base, the incident reflects a lack of attention to detail and breach response plan.
twib-severe Individual Risk: 2.428 = Severe: A subset of users had their account information accessed, including names, email addresses, usernames, and passwords. The platform recommends that victims carefully scrutinize digital communications, as this data is often used to create authentic-looking phishing scams that can further compromise customers’ information.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Exposed user account details can be a serious vulnerability to your customer and company data. Even if your platform isn’t breached, many customers reuse their credentials, allowing hackers to easily deploy phishing scams and gain front-door access to user accounts. However, when equipped with security features like two-factor authentication, customer accounts remain secure even when credentials fall into the wrong hands. 


Canada – Life Labs 

https://www.zdnet.com/article/lifelabs-pays-hackers-to-recover-data-of-15-million-customers/

Exploit: Ransomware
Life Labs: Laboratory diagnostics and testing service

twib-severe Risk to Small Business: 2.222 = Severe: Hackers accessed Life Labs’ IT, stealing copious amounts of customer information, and demanding a ransom for the data’s return. In a notice to customers, Life Labs notes that it identified the breach in October, but waited until December to notify customers, a concerning timeframe that will make it more difficult for victims to protect their credentials against misuse. According to the company, they paid the ransom, and their data was returned. Now they are declaring the incident a “low risk” to customers,” but given their poor communication so far, this is unlikely to assuage anyone’s concerns anytime soon.
twib-severe Individual Risk: 2.285 = Severe: Hackers stole customers’ personally identifiable information, including their names, home addresses, email addresses, usernames, passwords, and health card numbers. Those impacted by the breach should monitor their accounts for unusual or suspicious activity, while being mindful that this information is often reused to commit other cybercrimes, including phishing attacks, that attempt to extract even more sensitive personal information.

Customers Impacted: 15,000,000
How it Could Affect Your Customers’ Business: Life Labs had several missteps in their handling of this data breach. However, the company did deploy Dark Web monitoring to ensure that their customers’ information wasn’t for sale to the highest bidder. These services can provide peace-of-mind to customers while also helping companies mitigate the often cascading consequences of a data breach. 


Canada – Andrew Agencies 

https://www.bleepingcomputer.com/news/security/canadian-insurance-firm-hit-by-maze-ransomware-denies-data-theft/

Exploit: Ransomware
Andrew Agencies: Insurance and financial services provider

twib-severe 

Risk to Small Business: 2.222 = Severe: A ransomware attack has encrypted hundreds of the agency’s computers, rendering them unusable and leaving the company searching for a solution. The company first discovered the attack back in October but has declined to pay the ransom. However, the hackers are continuing to set new payment deadlines with promises to publish the company’s data if they don’t comply. The group claims to have 1.5GB of customer data, but that claim has gone unverified by hackers and the media.

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: 876
How it Could Affect Your Customers’ Business: While ransomware attacks are incredibly expensive, they often don’t result in a data breach, as hackers merely encrypt a company’s IT while trying to extract payment. However, this event illustrates the potential for ransomware attacks to become data breaches, a progression that will become more costly and concerning as it inevitably becomes more widespread. 


United Kingdom – Missoma

https://www.jewelleryfocus.co.uk/27034-missoma-victim-of-data-breach

Exploit: Malware attack
Missoma: Jewelry retailer

extreme gauge Risk to Small Business: 1.888 = Severe: An attack on the company’s online store has compromised customers’ payment details. The heist, which was quickly resolved by the jeweler, allowed hackers to make off with customer data. The breach is likely to negatively impact the company’s online sales during the holiday shopping season. Moreover, the company may face regulatory fines or penalties under Europe’s privacy regulation, GDPR.
twib-severe Individual Risk: 2 = Severe: Customers impacted by the breach had personally identifiable information and financial data compromised. This includes names, addresses, payment card numbers, and CVVs. Those impacted by the breach should immediately notify their financial institutions of the incident, and they should take every necessary step to ensure that this information isn’t misused now or in the future.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Any company expecting to thrive in today’s digital-first shopping experience has to have its cybersecurity standards locked down. Today’s customers will not put up with retailers that can’t protect their personal or payment data, which could have severe implications for the company’s viability. 


Germany – Justus Liebig University 

https://www.zdnet.com/article/more-than-38000-people-will-stand-in-line-this-week-to-get-a-new-password/

Exploit: Ransomware
Justus Liebig University: Public university

twib-severe 

Risk to Small Business: 1.777 = Severe: A ransomware attack on the university has crippled its digital operations and instigated several time-intensive recovery procedures. Notably, 38,000 students were asked to stand in line with their ID cards and a piece of paper to receive new email account passwords. At the same time, university staff was individually scanning every computer for malware, using more than 1,200 USB flash drives equipped with scanners to complete the job. The bizarre image of thousands of students standing in line for passwords created a buzz on social media, which placed a spotlight on the university’s cybersecurity incident.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This ransomware attack is complete with absurd images and time-consuming recovery initiatives. However, such peculiarities underscore the opportunity cost that always accompanies a ransomware attack. These attacks extract concessions from their victims on many fronts, and they are a scourge on a brand’s bottom line and reputation. Often, ransomware attacks are instigated through open vectors like compromised employee accounts, and companies can readily address these avenues by putting proper account security protocols in place.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.