Wednesday, March 27, 2019

Breached!!

Exploit: Form-jacking attack
Topps: Sports trading card and collectible company
correct severe gaugeRisk to Small Business: 1.666 = SevereAfter initially discovering unauthorized access in December and investigating, the company confirmed that customers who had placed orders from November through January may have been compromised. Payment card details including credit/debit card numbers, card expiration dates, and security codes were breached. This is the second breach suffered by the company in recent years, which may compound customer churn and security costs.
correct severe gauge                                                Individual Risk: 2.428 = Severe: Personal information such as customer names, mailing addresses, telephone numbers, and email addresses were also exposed during the attack. Users are being asked to review their payment card statements and stay alert for possible identity theft.
Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: Form-jacking attacks are being deployed by hackers at an unprecedented rate, with a targeted focus towards online retailers. Once customer data is skimmed from an e-commerce site using malicious code, it can be sold on the Dark Web for profit or used to carry out various forms of cyber fraud. Even worse, such attacks can go unnoticed for long periods of time, causing more damage to both companies and their customers.

ID Agent to the Rescue:  Dark Web ID™ can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Exploit: Unauthorized access of electronic health record system
St. Francis Physician Services: Health system based in South Carolina
severe gaugeRisk to Small Business: 1.888 = Severe: On January 4th, it was discovered that an unauthorized individual gained access to systems of Milestone Family Medicine, a medical practice in Greenville. The SFPS health system previously employed the physicians that worked at Milestone Family Medicine, leading the larger organization to launch an investigation. While there is currently no indication of information misuse, letters have been sent to patients alerting them of the breach.
correct severe gauge                                                Individual Risk: 2.142 = Severe: Patient health information including names, dates of birth, social security numbers, addresses, health insurance company details, and more were exposed. The company is offering credit monitoring and identity protection services to those whose social security numbers were included in the breach.
Customers Impacted: To be disclosed 
How it Could Affect Your Customers’ BusinessIn this scenario, SFPS was obligated to disclose the data breach even though Milestone Family Medicine was no longer a part of its network. Small businesses should be educated on data breach notification requirements that are becoming increasingly stringent. To avoid similar situations from arising, companies must shield themselves from third party or employee-related breaches..
ID Agent to the Rescue: Dark Web ID combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor customer data. Find out how you can work with us here: https://www.idagent.com/dark-web/
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Exploit: Third-party employee breach
Samsung Canada: Canadian arm of the Samsung Electronics company
correct severe gaugeRisk to Small Business: 1.777 = SevereOn November 29th, 2018, an intruder gained account credentials for a Glentel employee and was able to view personal details of shoppers on the Samsung Canada online store. Glentel is the independent wireless retailer that operates the Samsung website, and was able to address the vulnerability within the same day. The company was forced to disclose the breach to its customers but has offered assurances that no financial information was exposed.
correct severe gaugeIndividual Risk: 2.428 = Severe: Names, addresses, emails, phone numbers, and product purchase details were compromised. However, only customers that were making purchases during the time of exposure would have been affected.
Customers Impacted: To be determined
How it Could Affect Your Customers’ BusinessDisguising or diminishing the consequences of a data breach can be detrimental for any organization. A customer openly spoke out against the data breach notification on Twitter, sarcastically noting that “only my address, phone number, email was accessed... Thanks Samsung Canada”. In the event of a breach, it is important to communicate effectively with customers in order to restore trust and get back to business.
ID Agent to the Rescue: Dark Web ID can help you proactively monitor if customer data is being leaked on the Dark Web without interrupting business processes. See how you can benefit here:  https://www.idagent.com/dark-web/
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Exploit: Theft of government employee laptop NWT Department of Health and Social Services: Health department for the Northwest Territories of Canada
correct severe gaugeRisk to Small Business: 1.666 = SevereOn May 9th, 2018, an intruder broke into a car and stole a government employee’s laptop, resulting in a severe privacy breach. It is estimated that the device contained information on up to 40,000 Canadian citizens, and included sensitive health information. Officials are citing inadequate privacy training as the core issue, since managers are instructed to delete sensitive data immediately after using them. The department will now be required to conduct a list of privacy initiatives by 2020, resulting in expensive investments measured in time and money. 
correct severe gauge                                                Individual Risk: 2.428 = Severe: Although less than half of those affected were only identified by health card numbers, the remaining 53% could be at risk since their names, dates of birth, health card numbers, and diagnoses were stored on the exposed laptop. Such sensitive data can be sold on the Dark Web to the highest bidder or leveraged for harmful identity theft.
Customers Impacted: 40,000 Canadian residents
How it Could Affect Your Customers’ BusinessEmployees are identified as agents, or extensions, of the company they work for. When news breaks that an employee is responsible for a data compromise, the entire organization is put under a microscope. Businesses must ensure that their workforce acts as custodians of customer data, and this can be accomplished through privacy training and proper vetting
.

ID Agent to the Rescue: Dark Web ID allows MSPs to deliver actionable stolen credential data for clients’ employees and customers, ultimately safeguarding corporate systems. Get started herehttps://www.idagent.com/dark-web/.
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
United Kingdom - Kent County Council https://www.bbc.com/news/uk-england-kent-47390022
Exploit: Human error
Kent County Council: Adoption service for the British county of Kent
extreme gaugeRisk to Small Business: 1.888 = Severe: Contact details for hundreds of adoptive parents was disclosed in an accidental council email. A member of staff copied a mailing list into the carbon copy (CC) section instead of the blind carbon copy (BCC) area, exposing the sensitive information. The council is currently investigating if the breach needs to be reported to the ICO, and if any fines will surface.
correct severe gauge                                                Individual Risk: 2.714 = ModerateThe exposure of personal information for adoptive parents and support workers has serious implications, with the potential to affect birth families and vulnerable children.
Customers Impacted: Approximately 300 
How it Could Affect Your Customers’ Business:  Even innocent breaches come with significant repercussions. An honest mistake can spawn expensive fines and customer churn, and businesses should pay attention. By installing thresholds that protect employees from compromising sensitive data, security teams can save a company’s reputation and customer base.
ID Agent to the Rescue: Dark Web ID can monitor the Dark Web and find out if your customers’ data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/.
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Exploit: Ransomware attack
University of Madras: Public state university in Chennai 
correct severe gaugeRisk to Small Business: 1.777 = SevereLast week, the university database faced a ransomware attack in which a hacker encrypted all information and demanded a ransom of 1.8M Rupees (~25K USD). However, the university was able to sidestep the attack entirely by having back-up data stored on a system that was outside of its network. Nevertheless, the institution will do a security audit and augment their existing measures.
correct severe gaugeIndividual Risk: 2.522 = Moderate: Since the server was not hacked directly and only compromised by malware, none of the data was copied and is still completely secure.
Customers Impacted: None
How it Could Affect Your Customers’ BusinessSuch an incident is a perfect example of best practice in the event of a ransomware attack. When an organization is able to store backup data on a server that is outside of its network’s scope, it can quickly avert a hacker’s malware attack. Along with leaving a hacker powerless and less likely to attack again, such an event engenders trust between a business and its customers.
ID Agent to the RescueFind out why the largest private and public sector organizations globally rely on Dark Web ID to provide actionable stolen credential data and make informed decisions here: https://www.idagent.com/dark-web/.
1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Exploit: Ransomware attack
Melbourne Heart Group: Cardiology unit of Cabrini Hospital in Malvern
correct moderate gaugeRisk to Small Business: 2.333 = Severe: After infiltrating medical records of 15,000 patients at Cabrini Hospital, hackers demanded a cryptocurrency ransom to regain access. 3 weeks later, the Melbourne Heart Group issued a notice that the breach was resolved and patient privacy was not compromised. However, some believe that the organization ended up paying the ransom, and the data may have been inappropriately accessed by hackers.
correct severe gaugeIndividual Risk: 2.512 = ModerateIf hackers were able to gain access to the data, they would be able to sell patient health information on the Dark Web or orchestrate large-scale identity theft. What makes matters worse is that the investigation has not yet uncovered the culprits or motives behind the attack. In summary, this can pose moderately high risk to the patients affected
Customers Impacted: 15,000 records
How it Could Affect Your Customers’ BusinessRansomware attacks can bring crucial systems down for multiple weeks at a time, interrupting business processes and eliminating control. Without a detection tool to monitor for loss in customer or employee data, companies are left speculating the severity of consequences.

ID Agent to the Rescue:  Dark Web ID combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor customer data. Learn how you can partner with us here: https://www.idagent.com/dark-web/
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Exploit: Exposure of printed records
West Coast District Health Board: Health board based in New Zealand
correct moderate gaugeRisk to Small Business: 2.111 = Severe: An employee is under investigation after misplacing hundreds of patient records printed on pages, which were reportedly “blown away in a gust of wind”. Only 40 pages were lost, but 300 individuals may have been affected. Although the situation has been mostly contained, journalists from around the world are citing the incident as an example of safeguarding offline data.
correct moderate gaugeIndividual Risk: 2.428 = SevereOf the 40 pages that were lost, 6 have been recovered. However, the remaining records, which could amount to as many as 300, contained both names and health card numbers. Overall risk for patients is relatively low, but such data could become harmful if placed in the wrong hands.
Customers Impacted: Up to 300
How it Could Affect Your Customers’ Business: Once offline data is compromised, it can be difficult to understand how or when it is being used. Without a digital trace, internal security teams are left wondering whether or not a breach will occur. However, employing a detection tool that constantly monitors leaked customer data can give peace of mind to employees and customers.

ID Agent to the Rescue:  Find out why the largest private and public sector organizations globally rely on Dark Web ID to provide actionable stolen credential data and make informed decisions here: https://www.idagent.com/dark-web/
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

No comments:

Post a Comment

Breached