Wednesday, November 20, 2019

Breached

United States - Zynga https://www.cisomag.com/data-breach-affected-218-million-words-with-friends-gamers/

Exploit: Unauthorized database accessZynga: Social game development company
twib-severeRisk to Small Business: 2 = Severe: Hackers gained access to the company’s database, which exposed the personally identifiable information(PII) for millions of customers. The company discovered the breach in September, and they responded by hiring an external investigator to determine the scope and severity of the breach. Unfortunately, by the time they responded, hackers uploaded user data to various hacker forums.
twib-severe

Individual Risk: 2.428 = Severe: The data breach applies to all users of the platform’s popular Words with Friends gaming app on Android and iOS who registered on or before September 2, 2019. In addition, some users of Draw Something, another mobile game produced by Zynga, were compromised. The exposed information includes names, email addresses, login IDs, hashed passwords, password reset tokens, phone numbers, Facebook IDs, and other Zynga account details. Since this information is already available to bad actors on the Dark Web and will be used to perpetuate additional cybercrimes, those impacted by the breach should carefully monitor their accounts while being especially watchful for other fraudulent communications.
Customers Impacted: 218,000,000
How it Could Affect Your Customers’ Business: Data security is increasingly top of mind for consumers. For companies operating in a highly competitive marketplace, it can mean the difference between keeping your customers happy while increasing revenue or losing them forever. Therefore, businesses of every size need to meet the moment by understanding their vulnerabilities, embracing best practices for cyber defense, and building a breach response action plan.

ID Agent to the Rescue: Dark Web IDTM alerts MSPs when their customers’ employee emails and passwords have been compromised and are for sale to the highest bidder, before a breach occurs. Learn how you can partner up with us here: https://www.idagent.com/dark-web/#contact.

United States - Tomo Drug Testinghttps://finance.yahoo.com/news/tomo-drug-testing-provides-notice-210000275.html

Exploit: Unauthorized database access
Tomo Drug Testing: Medical laboratory providing drug and screening services
twib-severe
Risk to Small Business: 1.888 = Severe: An unauthorized user gained access to Tomo’s customer database, which contained a treasure trove of personal data. Upon discovering the access, Tomo hired an external forensic firm to investigate the incident, which confirmed that customer data was either deleted or removed from the database. Although Tomo can’t confirm that hackers downloaded data, they are charged with notifying their customers and regulatory bodies of the incident. This could bring additional expenses and revenue reductions to the drug testing company. Moreover, the company will certainly face additional criticism and scrutiny for its lengthy reporting process and the sensitive nature of the compromised information in question. The breach occurred on July 1, 2019 but wasn’t officially reported until this week.
twib-severe

Individual Risk: 2.142 = Severe: Tomo confirmed that personal data, including names, driver’s license numbers, Social Security numbers, and drug test results could be compromised. The drug testing company has set up a designated helpline, and they encourage those impacted by the breach to acquire a free credit report to identify abnormalities.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Although Tomo states that data privacy is one of their top concerns, their actions say otherwise. Companies demonstrate their priorities by actively securing their customers’ data and by having a response plan ready in case a breach occurs. Knowing what happens to data after it is stolen and having deliberate channels to communicate this information to your customers are both critical to hastening the recovery process and restoring customer confidence in your brand.

ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web.

United States - Zendesk 
https://www.channele2e.com/technology/security/zendesk-chat-data-breach/

Exploit: Unauthorized database access
Zendesk: Customer service software company
twib-severe
Risk to Small Business: 1.888 = Severe: More than three years after the event, Zendesk acknowledged a data breach after a third party notified the customer service software company of unauthorized data access. The breach impacts Support and Chat accounts, and it includes personal data from all categories of Zendesk users, including customers, agents, and end users. The company is resetting all passwords for users that registered before November 1, 2016. However, the platform touts many high-profile companies as clients, which means that the breach could have far-reaching repercussions for all stakeholders involved.
twib-severe

Individual Risk: 2.285 = Severe: The personal details of customers, agents, and end users were compromised in the breach. This includes names, email addresses, phone numbers, passwords, and other technically-oriented data. The company is contacting all customers who could be impacted by the breach, and those affected should reset their Zendesk passwords and any redundant passwords used on other platforms.
Customers Impacted: 10,000
How it Could Affect Your Customers’ Business: When it comes to protecting customer data, speed and precision are your best friends. Unfortunately, too many companies don’t have the IT capabilities to identify a data breach or to adequately investigate an event after it happens. As a result, customer data can virtually linger indefinitely before protective action can be taken, such as changing passwords or otherwise ensuring data integrity. This incident serves as an important reminder that every business needs to enlist in services that help proactively monitor and protect customer data.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

Canada - Listowel Wingham Hospital Alliancehttps://www.cbc.ca/news/canada/kitchener-waterloo/rural-hospitals-in-southwest-ontario-hit-by-ransomware-attack-1.5301947

Exploit: RansomwareListowel Wingham Hospital Alliance: Healthcare partnership between Listowel Memorial Hospital and Wingham and District Hospital
twib-severe
Risk to Small Business: 2 = Severe: The Listowel Wingham Hospital Alliance, which is comprised of two hospitals, was struck by a ransomware attack that significantly curtailed their treatment capabilities. Although the emergency rooms remain open, less urgent patients are enduring long waits or are being transferred to other facilities. In addition, the hospitals are unable to communicate with other healthcare providers until their network is cleared of ransomware-spreading malware. Not only does this put patients’ health at risk, but the recovery expenses and opportunity costs are sure to be immense.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: There are no inexpensive ways to respond to a ransomware attack, which raises the importance of strong cybersecurity standards that can defend against these attacks. As the cost of a ransomware attack continues to rise, every business needs to be aware of the urgent need to secure their IT infrastructure against this incredibly frustrating and unfortunately expensive cybersecurity threat.


ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist™, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.

Canada - The National Basketball Association 
https://www.narcity.com/sports/ca/nba-canada-data-breach-reported-one-month-after-the-incident

Exploit: Unauthorized database access
The National Basketball Association: Men’s professional basketball league in North America
twib-severeRisk to Small Business: 2.111 = Severe: An unauthorized user accessed a server managed by the NBA for its Canadian business efforts. The league quickly identified the intrusion and took the server offline, began an investigation, and hired cybersecurity experts to make further recommendations. However, these measures can’t retroactively restore users’ data integrity, nor will it negate the reputational damage that always accompanies a privacy breach.
twib-severe

Individual Risk: 2.428 = Severe: The exposed user data includes names, addresses, email addresses, phone number, and other account-related information. Although the breach is limited to those who recently entered an online contest in Canada, this information is especially sensitive, and those impacted by the breach should take every precaution to ensure the long-term integrity of their credentials.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Digital platforms can be a great way to engage customers, but when data integrity is compromised, these initiatives can quickly become a liability. Therefore, cybersecurity needs to be the bedrock of any online engagement to ensure that such marketing efforts meet customers where they are securely, as opposed to manifesting into self-inflicted wounds on your company's reputation and customer engagement.


ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id.

United Kingdom - EA Sports https://www.infosecurity-magazine.com/news/ea-games-leaks-personal-data/

Exploit: Accidental sharing
EA Sports: Developer and publisher of sports video games
twib-severe
Risk to Small Business: 2 = Severe: EA Sports inadvertently leaked the personal data of 1,600 gamers who participated in a competition on the company’s website. The breach is related to the company's FIFA 20 Global Series competition. Aside from becoming a PR nightmare for EA Sports on social media, the leak occurred just hours after the company's announcement of new security features and promotional events related to the UK’s National Cyber Security Month. The web form was removed after thirty minutes, and the competition was temporarily cancelled.
twib-severe

Individual Risk: 2.142 = Severe: The leaked data includes email addresses, account ID numbers, usernames, and dates of birth. Those impacted by the breach should monitor their accounts for suspicious or unusual activity.
Customers Impacted: 1,600
How it Could Affect Your Customers’ BusinessEven relatively small data breaches can have a sizable impact on a company’s reputation and future earnings potential. Even apart from the bad press and media scrutiny that often accompanies a breach, customers are quick to take to social media to voice their concerns. Taken together, a data breach can quickly escalate into a PR disaster. To protect your brand’s reputation, prioritize customer data security.


ID Agent to the RescueDark Web ID alerts MSPs when their customers’ employee emails and passwords have been compromised and are for sale to the highest bidder, before a breach occurs. Learn how you can partner up with us here: https://www.idagent.com/dark-web.

Australia - West Gippsland Hospitalhttps://www.theage.com.au/national/victoria/surgeries-delayed-and-patient-security-fears-after-cyber-attack-on-victorian-hospitals-20191001-p52wp1.html

Exploit: Ransomware
West Gippsland Hospital: Regional emergency hospital

twib-severe
Risk to Small Business: 2.111 = Severe: A ransomware attack has significantly impacted the healthcare provider’s ability to conduct business and treat patients. West Gippsland Hospital expects their book and record keeping system to be unavailable for two weeks. In response, the hospital had to disconnect and isolate its computer network to prevent the malware’s spread. Emergency and surgery centers remain operational, but some patient procedures were cancelled, and others were delayed until full operations can be restored. The ransomware attack was one of seven reported at healthcare providers around Australia.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessRansomware attacks are on the rise, and healthcare providers are a top target. However, regardless of industry, every organization needs to examine the deliverable pathways for ransomware. Since there is no advantageous or affordable response once a ransomware attack occurs, these critical defensive maneuvers are a bottom-line issue for every company in 2019.

ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id.

New Zealand - Tu Ora Compass Health https://www.stuff.co.nz/dominion-post/news/116318497/up-to-1-million-new-zealand-patients-data-breached-in-criminal-cyber-hack

Exploit: Unauthorized database access
Tu Ora Compass Health: Primary health organization

twib-severeRisk to Small Business: 1.666 = Severe: Tu Ora Compass Health recently acknowledged a data breach that compromised the personal information for up to a million people. The breach was extensive, and hackers likely had access to the healthcare provider’s system since 2016. The organization discovered the breach after its website was defaced in August, and their slow response time made an already difficult situation even more damaging. Now, the organization will face public backlash, regulatory scrutiny, and high recovery costs.
twib-severe

Individual Risk: 2.428 = Severe: Tu Ora Compass Health’s data breach included a wide range of patient data, including names, ages, ethnicities, and addresses. In addition, hackers had access to patients’ smoking history, alcohol intake levels, immunization records, diabetes information, and other highly-personal data points. Administrators believe this data was harvested to perpetuate identity theft, so those impacted by the breach should enroll in identity monitoring services to ensure that their information isn’t leveraged for nefarious reasons.
Customers Impacted: 1,000,000
How it Could Affect Your Customers’ BusinessCompanies operating in highly regulated industries like healthcare have to be especially vigilant about their cybersecurity stance. Patients’ personal data must be protected at all costs, and when a breach occurs, it should not take three years to discover. Deploying proper defenses is much more affordable and advantageous than considering data breaches an inevitability and leaving it up to chance.

ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win!: https://www.idagent.com/goal-assist.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

Breached