Friday, September 20, 2019

Week In Breach

This week, the malware makes networks unusable, gamers lose control of their personal data, and employees are stunningly resistant to improving their account passwords. 
Dark Web ID Trends:
Top Source Hits: ID Theft Forums 
Top Compromise Type: 
Domain 
Top Industry: 
Education & Research
Top Employee Count: 
501+ Employees 

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

Thursday, September 19, 2019

Breached Companies!

United States - Rhode Island Ear, Nose, and Throat Physicians Inc.https://www.hipaajournal.com/rhode-island-healthcare-provider-hacked-3000-records-potentially-compromised/

Exploit: Unauthorized database accessRhode Island Ear, Nose, and Throat Physicians Inc.: Specialty healthcare practice providing family care for diseases of the ears, nose, and throat
twib-severeRisk to Small Business: 1.666 = Severe: Hackers accessed a patient database that contained personally identifiable information for patients served by the practice between May 1st and June 12th. Third-party forensic IT specialists determined that information wasn’t copied or downloaded. Regardless, the practice will incur the cost of updating their protocols, and also be subjected to regulatory scrutiny. This could eventually result in additional HIPAA fines, which will negatively affect their bottom line.
twib-severe
Individual Risk: 2.285 = Severe: For those impacted by the breach, personal information, including names, dates of birth, and clinical data was exposed. In some cases, patients had their Social Security numbers compromised as well. Since this information can quickly spread online and onto the Dark Web, identity monitoring services can help identify potential misuses in the future.
Customers Impacted: 2,493
How it Could Affect Your Customers’ Business: Personal data can quickly make its way to the Dark Web marketplaces where it is often used to facilitate crippling attacks. Therefore, businesses bear the responsibility of protecting and informing their customers of what happens to compromised information. With the CCPA on the brink of being implemented, healthcare companies aren’t the only ones that face the threat of legal penalties.

ID Agent to the Rescue: Dark Web ID™ alerts MSPs when their customers’ employee emails and passwords have been compromised and are for sale to the highest bidder, before a breach occurs. Learn how you can partner up with us here: https://www.idagent.com/dark-web.

United States - Massachusetts General Hospital https://www.bostonglobe.com/metro/2019/08/22/mgh-reports-data-breach-that-exposed-information-nearly-people/Cj7S671ykepHZdbSlRojaI/story.html

Exploit: Unauthorized database access
Massachusetts General Hospital: The largest teaching hospital of Harvard Medical School
twib-severeRisk to Small Business: 1.555 = Severe: Massachusetts General Hospital (MGH) has begun notifying patients of a data breach in two of the hospital’s computer programs. The event first occurred in June, but the hospital waited more than two months before notifying patients, significantly restricting their opportunity to take precautionary measures before the data is further misused. Now, MGH is incurring the cost of third-party security analysts, and they will be subjected to additional regulatory scrutiny because of the sensitive nature of their business.
twib-severeIndividual Risk: 2.428 = Severe: The data breach exposed personal information for patients participating in select clinical trials. The information includes patient names, dates of birth, medical record numbers, and medical histories. However, Social Security numbers and financial data was not exposed to hackers. Despite the elongated timeframe, those impacted by the breach should review their accounts for suspicious activity, and they should enroll in identity monitoring services to ensure their information’s security moving forward.
Customers Impacted: 10,000
How it Could Affect Your Customers’ Business: Especially for businesses operating in highly-regulated industries, protecting personal information is of the utmost importance. However, when a mistake is made, every business needs to supportive resources in place to hasten a full recovery and to begin repairing the intense reputational damage that accompanies a cybersecurity incident. In doing so, companies protect their customers, which could make a big difference when securing their loyalty in the future.

ID Agent to the Rescue: Backed by ID Agent’s $1 million identity theft restoration policy, SpotLight ID™ allows MSPs’ clients to protect customers while enhancing their overall cybersecurity awareness. Learn more: https://www.idagent.com/identity-monitoring-programs.

United States - City of Borger http://abc7amarillo.com/news/local/city-of-borger-releases-update-on-restoration-efforts-following-ransomware-attack

Exploit: Ransomware
City of Borger: Local government administration serving Borger, Texas
extreme gauge
Risk to Small Business:  1.666 = Severe: A ransomware attack on the city’s IT infrastructure has crippled their ability to conduct business. The attack was part of a targeted effort impacting 20 Texas municipalities, and it cut off access to basic city services like public records, bill payments, and communications systems were inaccessible. Fortunately, the city has been able to restore several functions without paying the ransom, but several services remain unavailable.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks increasingly afflict local governments and small businesses that often don’t have robust resources to devote to cybersecurity initiatives. However, cybersecurity experts that can identify and address potential vulnerabilities are a relative bargain compared to the tangible and less quantifiable costs associated with a ransomware attack.

ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID™ compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id.

United States - Fargo Public Schoolshttps://www.valleynewslive.com/content/news/Fargo-Public-Schools-hit-by-nationwide-data-breach--557436201.html

Exploit: Unauthorized database accessFargo Public Schools: Public school district serving students in Fargo, North Dakota
twib-severeRisk to Small Business: 1.888 = Severe: An expansive data breach at a third-party vendor compromised students’ personally identifiable information. The breach is attributed to Pearson, but the cost of containment and restoration will fall squarely on the district’s shoulders. Consequently, the district will endure the cost of updating its data privacy protocols and the increased public and media scrutiny that often accompany a data breach.
twib-severeIndividual Risk: 2.285 = Severe: Hackers accessed students names, birthdates, and student ID numbers. However, Social Security numbers or payment information were not compromised. Unfortunately, even small amounts of personal information can be used to enact future identity or cybercrimes. Therefore, those impacted by the breach should enroll in the provided identity monitoring services while also being aware that their information could be used against them in future phishing or other cyber-attacks.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Today’s business environment often depends on third-party partnerships that can increase an organization’s capabilities. However, when it comes to data privacy, these relationships can also create vulnerabilities, so cybersecurity protocols need to be a top priority when entering into these relationships. Moreover, having customer protection services in place can help mitigate the risks of a data privacy event negatively impacting your customers.


ID Agent to the Rescue: SpotLight ID allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started herehttps://www.idagent.com/identity-monitoring-programs.

Denmark - Tivoli 
https://news.cgtn.com/news/2019-08-18/Denmark-s-most-popular-amusement-park-Tivoli-hacked-Jg27uV6Ida/index.html

Exploit: Intelligent brute force attack
Tivoli: Popular European amusement park based in Copenhagen, Denmark
twib-severeRisk to Small Business: 2 = Severe Risk: Hackers used an intelligent brute force attack to access the personal data for thousands of guests. The data breach impacted the amusement park’s My Tivoli website, a guest website providing information and payment opportunities for the park’s visitors. Not only does this breach bode poorly for the park’s customer relations, but these credentials are often acquired on the Dark Web, meaning Tivoli could be vulnerable to similar attacks in the future.
twib-severeIndividual Risk: 2.428 = Severe Risk: This extensive data breach impacted significant amounts of personal information. Those impacted by the breach could have their names, addresses, phone numbers, email addresses, dates of birth, and credit card information exposed. This information can quickly make its way to the Dark Web, and those impacted should take every precaution, including obtaining credit and identity monitoring services, to ensure their data’s integrity.
Customers Impacted: 1,000
How it Could Affect Your Customers’ Business: Protecting customer data is critical for every company, and data breaches predicated on previously stolen information represent a real vulnerability for many platforms. To put it simply, preventing future data breaches often means determining the integrity of employee and customer credentials. By identifying compromised credentials, companies can take the necessary precautions to prevent a data breach before it occurs.


ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID™ is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

Germany - Fanatec https://www.pcmag.com/news/370363/peripheral-maker-fanatec-hacked-customer-details-stolen

Exploit: Unauthorized database access
Fanatec: Maker and distributor of gaming peripherals
twib-severeRisk to Small Business: 1.777 = Severe Risk: Hackers infiltrated the company’s global online store, gaining access to customers’ personal data along the way. The breach occurred on August 16th, and it’s unclear how long the hackers had access to customer data before Fanatec resolved the issue. In response, the company has reset all customer account passwords. The company hired a third-party IT security company to audit their protocols to prevent a similar breach in the future, but there is no way to retrieve the information now that it is available online.
extreme gaugeIndividual Risk: 2.142 = Severe Risk: Fanatec didn’t disclose the specific information compromised in the breach, but because hackers infiltrated the online store, users should assume that all relevant personal information and financial data could be compromised. In addition to contacting credit lenders, users should carefully monitor their accounts for suspicious activity, and they should enroll in monitoring services that can provide long-term oversight of their credentials.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessOnline shopping is a critical outlet for many companies, allowing them to embrace a global consumer base while limiting their on-the-ground presence. Data breaches undermine customers’ confidence in these services, and many won’t return to an online store after it was compromised in a breach. Therefore, cybersecurity should be top-of-mind for every business with an online store, and a strong defense posture is the most beneficial expression of this priority.


ID Agent to the RescueWith BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

Australia - New Payments Platform Australia https://au.finance.yahoo.com/news/payid-data-breach-expose-big-bank-customer-details-044612621.html

Exploit: Exposed database
New Payments Platform Australia: National payment platform for Australia

twib-severeRisk to Small Business: 1.888 = Severe Risk: An exposed database related to the platform’s PayID lookup function inadvertently exposed users’ personal information. The national payment platform is mutually owned by 13 of the country’s major financial institutions, and this data breach is its second cybersecurity incident this summer. Australians in particular have shown that they are often unwilling to return to platforms that compromise their personal data, which means that New Payments Platform Australia will need to launch a concerted effort to restore their damaged reputation while also working to repair the significant cybersecurity lapses impacting their platform.
twib-severeIndividual Risk: 2.285 = Severe Risk: Although officials are quick to assert that hackers can’t use stolen information to access or withdraw customer money, personally identifiable information was made available. Specifically, hackers accessed customer names, PayID usernames, phone numbers, and BSBs. While this information will not allow hackers to directly withdraw funds, it still has a long shelf life on the Dark Web where it can be used to perpetuate additional cybercrimes. Therefore, everyone impacted by the breach needs to be critical of digital communications, and they should enroll in the credit and identity monitoring services that can provide long-term oversight of their personal information.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessToday’s consumers are increasingly wary of dealing with companies that can’t protect their customers’ data. Consequently, data breaches have cascading consequences that include IT repair costs, growing recovery expense, and the less-understood obligation to restore their customers’ confidence in their cybersecurity protocols. Rather than waiting to respond, every business should prioritize threat identification and response as a must-have priority.

ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

Malaysia - Astro Malaysia Holdings https://themalaysianreserve.com/2019/08/23/astro-hit-by-2nd-data-breach-in-14-month-period/

Exploit: Unauthorized database access
Astro Malaysia Holdings: Media and entertainment holding company

twib-severeRisk to Small Business: 2 = Severe Risk: Hackers gained access to the company’s Mykap database, compromising the customer data for 0.2% of the company’s millions of users. Although the company took immediate action to constrain the event, it’s their second data breach in 14 months, which raises serious questions about their data security standards while giving customers a reason to take their business elsewhere.
twib-severeIndividual Risk: 2.285 = Severe Risk: Customer’s financial information was not disclosed in the breach, but hackers still accessed personal details in their Mykad accounts. This includes names, dates of birth, addresses, gender, race, and NRIC numbers. Victims of the previous Astro breach had their data sold on the Dark Web, and those impacted by this week’s breach should assume that their personal information will be made available as well. Consequently, they need to enroll in identity monitoring services to know if this information is being deployed by bad actors to perpetuate other crimes.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessSurveys suggest that customers are often unwilling to work with a company after they are victimized by a data breach, and those prospects don’t improve when a company endures multiple cybersecurity lapses in a short time period. To put it simply, cybersecurity is a bottom-line issue for every business. What’s more, since stolen data can have long-term consequences for both the company and its customers, understanding what happens to data after it’s stolen data can help mitigate some of the consequences.

ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/bullphish-id.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

Wednesday, September 18, 2019

ACSC Warns Australian Small Businesses About BlueKeep Vulnerability



According to a warning by the Australian Cyber Security Centre, thousands of Australian SMBs are at risk of being compromised by the BlueKeep vulnerability that can wreak havoc on outdated Windows operating systems. 

The warning comes on the heels of a disclosure by a security researcher who revealed a publicly available Remote Desktop Protocol that can scan for unpatched systems. 

The ACSC estimates that 50,000 Australian devices are vulnerable to this malady, which is easily defensible using a patch provided in a software update. 

Unfortunately, for companies that don’t take advantage of the update, their systems can be easily infiltrated by bad actors who steal and destroy company data.

Software updates are critical for ensuring that your business is protected in an ever-evolving threat landscape. Moreover, cybersecurity specialists (Like us!) can provide a comprehensive view of your cybersecurity readiness posture, ensuring that all vulnerabilities are accounted for.

https://www.cyber.gov.au/news/update-acsc-confirms-potential-exploitation-bluekeep-vulnerability


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

Tuesday, September 17, 2019

Monday, September 16, 2019

In Other News: Canadian Government Launches Cybersecurity Certification Program for SMBs

A recent survey by StaySafeOnline.org found that 71% of data breaches occur at small businesses, a prolific problem that the Canadian government is trying to solve. Consequently, they’re instituting an incentive program for SMBs prioritizing cybersecurity initiatives. 

The new initiative, CyberSecure Canada, allows organizations to prove that they meet specific security criteria, then awards the organization with a certificate and logo that they can include on their website and promotional material. 

To become CyberSecure certified, SMBs must demonstrate compliance with 13 security controls that collectively create a safer internet experience for businesses and their customers. The program strives to encourage Canadian SMBs to spend time and resources on cybersecurity initiatives. Not only will this help shore up their own long-term viability, but it also supports customer data security, a top priority in the digital age.

Interestingly, the survey found that many companies aren’t equipped to defend against these threats. The research found that 64% of small businesses don’t have a security team, and only 1/3 provided cybersecurity training to their employees.

Notably, SMBs don’t have to tackle this priority alone. Partnering with qualified cybersecurity professionals can help augment your cybersecurity posture and transforming weaknesses into strengths.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

Friday, September 13, 2019

Breached!!

United States - Grays Harbor Community Hospitalhttps://healthitsecurity.com/news/hackers-demand-1m-in-grays-harbor-ransomware-attack

Exploit: RansomwareGrays Harbor Community Hospital: Healthcare provider operating as part of the Harbor Medical Group
twib-severeRisk to Small Business: 1.666 = Severe: After an employee accidentally clicked on a phishing email, cybercriminals were able to infect the hospital’s IT infrastructure with ransomware that impacted the provider’s access to medical records, prescription information, and more services, including payment processing. The hackers demanded $1 million to unlock the files, a significant sum that places a serious strain on the cash-strapped hospital. While it’s unclear if the hospital paid the ransom, officials noted that restricted cash flow will threaten the organization’s future financial viability.
twib-severe
Individual Risk: 2.142 = Severe: While there is no evidence that personal data was collected as part of the breach, sensitive patient information, including medical records, demographic information, insurance information, medical history, medical treatment, and billing information could have been made accessible to unauthorized third-parties. Since personally identifiable information can quickly make its way to the Dark Web, where it can be used to facilitate additional cybercrimes, those impacted by the breach should acquire monitoring services to secure this information.
Customers Impacted: 85,000
How it Could Affect Your Customers’ Business: Ransomware is much more than a temporary inconvenience. The astounding costs surrounding repair, restoration, or even ransom payments can significantly impact a company’s ability to continue operating. Once ransomware takes hold of a company’s IT infrastructure, every path forward is expensive and fraught with difficulties. Therefore, identifying and addressing vulnerabilities before they enable a breach is the only effective way of avoiding the costly aftermath of a ransomware attack.

ID Agent to the Rescue: With BullPhish ID™, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

United States - National Baseball Hall of Fame https://www.bleepingcomputer.com/news/security/national-baseball-hall-of-fame-hit-by-payment-card-stealing-attack/

Exploit: Malicious code script
National Baseball Hall of Fame: American History Museum for Major League Baseball
twib-severeRisk to Small Business: 1.555 = Severe: The notorious hacking group MageCart infiltrated the National Baseball Hall of Fame, compromising the personal information of customers shopping on their e-commerce store. Hackers had access to shopper information for seven months, beginning in November 2018. The hackers injected a malicious script into the checkout page that forwarded user information to the hacking group. Now, the museum will incur the inevitable repair costs that always accompany a data breach, and the reputational damage to their online store will likely cost them revenue and loyal customers moving forward.
twib-severeIndividual Risk: 2.428 = Severe: MageCart scams steal customer data at checkout, and online shoppers between November 15, 2018 and May 14, 2019 could have their information stolen by the hacking group. This data involves customers’ names, addresses, and payment information, including CVV codes. Customers who made purchases at the online store during this timeframe are encouraged to contact their credit card company and monitor accounts for fraudulent or suspicious activity.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Online shopping is quickly becoming the go-to buying method for many shoppers, and SMBs rely on this revenue stream to compete with major corporations. Therefore, securing IT infrastructure is critical to stay competitive in today’s digital-first environment. To mitigate the damage after a breach, businesses should strive to provide proactive customer care to ensure that they can quickly and completely recover from a breach.

ID Agent to the Rescue: Did you know that SpotLight ID™ is 100% US-based and more comprehensive than LifeLock® or other competitors? Discover more about the personal identity protection solution here: https://www.idagent.com/identity-monitoring-programs.

United States - Camp Verde Unified School District http://www.journalaz.com/news/education/49717-hackers-hit-cvusd-hit-with-ransomware-attack-as-school-year-starts.html

Exploit: Ransomware
Camp Verde Unified School District: Public school district serving students in Camp Verde, Arizona
extreme gauge
Risk to Small Business:  2.111 = Severe: A ransomware attack prevented the school district from accessing its entire network for more than two weeks. The attack’s timing is particularly problematic since it occurred during back-to-school season for the district and its families. Consequently, records and payments are being recorded by hand as the district attempts to continue business as usual. Fortunately, the district has ransomware insurance that will help offset some of the costs, but those resources won’t undo the difficulties incurred by the organization at a critical time for business operations.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Opportunity cost is a significant factor in a ransomware attack. Many businesses are making arrangements to account for the costs of recovery, but there is no way to avoid losses in productivity and revenue that inevitably occur during a ransomware attack. Therefore, businesses and organizations need to take every precaution to prevent a ransomware attack before it occurs.

ID Agent to the Rescue: Dark Web ID™ alerts MSPs when their customers’ employee emails and passwords have been compromised and are for sale to the highest bidder, before a breach occurs. Learn how you can partner up with us here: https://www.idagent.com/dark-web.

United States - Hy-Veehttps://www.supermarketnews.com/retail-financial/hy-vee-notifies-customers-payment-data-breach

Exploit: Unauthorized database accessHy-Vee: Supermarket chain with 245 locations throughout the Midwestern United States
twib-severeRisk to Small Business: 1.777 = Severe: Unauthorized activity involving payment processing software compromised transaction data at the company’s fuel pumps, coffee shops, and restaurants. However, card data involving the company’s supermarket check lanes and other payment systems was not impacted by the breach. As a result, the regional company will have to spend considerably to upgrade its cybersecurity standards and absorb the less quantifiable costs in brand erosion.
twib-severeIndividual Risk: 2.428 = Severe: Hy-Vee took steps to eradicate the malicious activity, but the company has not revealed the specific data sets that were compromised in the breach. Given that the event focused on point-of-sale platforms, it’s possible that names and payment information was made available to hackers. Customers should anticipate further developments from the company, but they should carefully monitor their accounts to identify suspicious activity.
Customers Impacted: 15,298
How it Could Affect Your Customers’ Business: Supporting those impacted by a data breach is the most important responsibility of any company that fails to protect customer data. Having the policies, procedures, and technology in place to quickly respond to a breach can help mitigate the inevitable reputation damage and customer blowback that accompanies a security lapse.


ID Agent to the Rescue: SpotLight ID allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started herehttps://www.idagent.com/identity-monitoring-programs.

United States - Choice Hotels 
https://www.zdnet.com/article/700000-choice-hotels-records-leaked-in-data-breach/

Exploit: Ransomware
Choice Hotels: Hospitality franchisor based in Rockville, Maryland
twib-severeRisk to Small Business: 2 = Severe Risk: An unsecured database for the hospitality company was discovered by security researchers, but cybercriminals stole a trove of company data before Choice Hotels could repair the vulnerability. When repairing the database, researchers discovered a ransom note indicating the data theft and demanding a $4,000 payment in Bitcoin to return the information. Cybersecurity personnel believe that the hackers intended to destroy the entire database, but their efforts failed.
correct severe gaugeIndividual Risk: 2.714 = Moderate Risk: The data breach includes data from staff and students from the years 2001 - 2016, and it includes first and last names, school email addresses, and birth dates. Personal data can travel quickly on the Dark Web, and those impacted by the breach should enroll in the credit monitoring services offered by the district.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Choice Hotels is working to put new security measures in place to prevent something like this from happening again. Unfortunately, once a breach occurs, customer information is readily and permanently available online. Therefore, data security is one of the best customer-facing initiatives that a business can adopt. When mistakes are made, knowing what happens to that information and putting procedures in place to prevent future breaches is a must-have service for any business.


ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id.

Australia - Tribal Group PLC https://www.morningstar.co.uk/uk/news/AN_1565601473082757200/tribal-reports-data-breach-in-australia%3B-other-operations-unaffacted.aspx

Exploit: Unauthorized database access
Tribal Group PLC: Software and service provider for educational institutions
twib-severeRisk to Small Business: 1.555 = Severe Risk: A data breach at the company’s subsidiaries, Tribal Campus, sent their stock price plummeting nearly 5%. The company reacted quickly to restrict the data breach and to repair the vulnerability, but they face an uphill battle to recover their stock price and to restore their tarnished reputation.
extreme gaugeIndividual Risk: 2.285 = Severe Risk: Those attending schools that rely on Tribal’s software and services could be impacted by the breach. The company is notifying individuals whose data was accessed, which could include their names and other personally identifiable information. This data can quickly spread on the Dark Web, and those affected should attain the credit and identity monitoring services necessary to ensure their information’s security and integrity.
Customers Impacted: 9,300
How it Could Affect Your Customers’ BusinessTribal Group PLC’s data breach underscores the vast financial implications of a data breach. Not only does repair and restoration result in significant expense but shifting consumer sentiment and global regulations are lowing investors tolerance for lax data security. In other words, data security is a bottom-line issue, and it should be a top priority for businesses of every size.


ID Agent to the RescueSpotLight ID allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs.

Germany - European Central Bank https://www.ecb.europa.eu/press/pr/date/2019/html/ecb.pr190815~b1662300c5.en.html

Exploit: Unauthorized database access
European Central Bank: Central bank for monetary policy within the Eurozone

twib-severeRisk to Small Business: 1.666 = Severe Risk: Hackers infiltrated the database for Banks’ Integrated Reporting Director (BIRD), which includes the subscription information for a newsletter published by the organization. In addition, hackers injected malware into the network that can aid in phishing scams. As a result, the organization took their website offline indefinitely. However, all bank and market-related information was not impacted by the event.
twib-severeIndividual Risk: 2.428 = Severe Risk: Database access provided hackers with subscribers' personal information, including their email addresses, names, and position titles. Fortunately, account passwords were not compromised. Since the BIRD website operates independently from the central bank, more critical information was not exposed during the breach.
Customers Impacted: 481
How it Could Affect Your Customers’ BusinessIn today’s digital landscape, dealing with third-party vendors is an inevitable component of any comprehensive IT infrastructure. However, data security needs to be top-of-mind when contracting with third-parties. In this case, a vulnerability at a third-party hosting service compromised the data at an organization with a rigorous and multifaceted approach to data security.

ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

Week In Breach