Wednesday, May 29, 2019

Breached!!

United States - Baltimore City Governmenthttp://www.baltimoresun.com/news/maryland/politics/bs-md-ci-ransomware-recovery-20190509-story.html
Exploit: RansomwareBaltimore City Government: City government serving Baltimore, Maryland
correct severe gaugeRisk to Small Business: 1.888 = Severe: A ransomware attack has disabled nearly all computerized functions for the Baltimore City Government, including email, online payment platforms, and more. Business operations have been interrupted for “almost every department,” and city officials have started using library computer labs to process payroll for employees. It’s entirely possible that paychecks for city employees will be delayed, which can ultimately cause staff members to leave.
correct severe gauge                                             
Individual Risk: 2.428 = Severe: Citing concerns about revealing the network vulnerability, city officials have not disclosed information about the breach. However, there is no indication that personal data was compromised as part of this breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: When adding up the costs of a data breach or ransomware attack, it’s important to consider the residual effects that take shape in the wake of a security incident. After factoring in the losses that result from customer and employee attrition, the ROI of security training and awareness solutions becomes irrefutable.

ID Agent to the Rescue:  With BullPhish ID™, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here https://www.idagent.com/bullphish-id.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
United States - Wyzanthttps://www.zdnet.com/article/wyzant-online-tutoring-platform-suffers-data-breach/

Exploit:
 Database infiltration 

Wyzant: Online education marketplace that matches tutors with students
correct severe gaugeRisk to Small Business: 1.777 = Severe: Hackers took advantage of a database anomaly to steal personally identifiable information (PII) from an undisclosed number of users on April 27, 2019. The tutoring company issued a patch to the database, and a more in-depth investigation is underway.
correct severe gauge                                               Individual Risk: 2.428 = Severe Although it’s unclear how many users were impacted by the breach, PII was definitely made available to hackers. This data includes names, email addresses, zip codes, and more. The company’s platform lets users sign in using their Facebook credentials, enabling hackers to siphon off .jpegs of Facebook profile pictures, which can be leveraged to facilitate phishing scams.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessFailing to understand the security vulnerabilities that impact your IT infrastructure can have significant consequences for your users. Especially for companies handling PII for minors, protecting customer information has to remain a top priority. In order to be vigilant and prepared at all times, every organization should partner with a security solution that can proactively monitor the Dark Web for customer and employee data.

ID Agent to the Rescue: Backed by ID Agent’s $1 million identity theft restoration policy, MSPs’ clients can proactively protect employees and customers while enhancing their overall cybersecurity awareness with Spotlight ID™: https://www.idagent.com/identity-monitoring-programs


Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States - Watertown Daily Timeshttps://www.cybersecurity-insiders.com/ransomware-attack-disrupts-sunday-newspaper-edition-of-the-watertown-daily-times/

Exploit: Ransomware
Watertown Daily Times: Daily newspaper published in Watertown, New York
correct severe gaugeRisk to Small Business: 2 = SevereA company employee discovered ransomware on the company’s network while working on computer systems that are responsible for ad design and newspaper production. In addition to disabling certain publication capabilities, the ransomware restricted access to the company’s email servers and internet-based phones. While the newspaper was able to publish its latest edition, some sections were inaccessible, and reporters were forced to work from home.
correct moderate gaugeIndividual Risk: 3 = Moderate Risk: There is no indication that individual data was compromised in this breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessRansomware attacks are on the rise in every industry. Companies should proactively assess their threat landscape while establishing protocols for restoring operations and protecting sensitive data. Meanwhile, understanding what happens to sensitive data after it’s accessed is a natural next step for repairing the product and reputation damage that frequently follows a data breach.

ID Agent to the Rescue: Dark Web ID™ monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at https://www.idagent.com/dark-web/

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach 

United States - Augustana Collegehttps://cyware.com/news/augustana-college-hit-with-ransomware-attack-0ff35671

Exploit: RansomwareAugustana College: Private liberal arts college in Rock Island, Illinois
correct severe gaugeRisk to Small Business: 2.111 = SevereA university server housing personal information of students was hijacked by a ransomware attack. Although the server was taken offline and existing data was migrated to a new server, the hackers were able to view student information before the breach was detected. A third-party forensic investigation team has been hired to review the incident, and the organization is undergoing new initiatives to prevent an attack like this in the future.
correct moderate gauge                                            Individual Risk: 2.571 = Moderate: Augustana did not reveal the exact nature of the personal information compromised in the attack, but university staff and students should enroll in credit and identity monitoring services to ensure that their information is not used for malicious purposes.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessWhen it comes to preventing malicious hacking attempts, the best offense is a strong defense. This means that all campus dwellers at a university should be enrolled in ongoing security training. Untrained employees are a significant security risk, but they can be transformed into an organization’s best defense against cybercrime.



ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.


Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Exploit: Server leak
Freedom Mobile: Canada-based telecommunications company
correct severe gaugeRisk to Small Business: 2 = Severe: Security researchers located an unencrypted company database that contained sensitive personal information for thousands of customers. Not only was the server without a password, the company took a week to secure the leaked data. So far, it is believed that the database is part of a logging system used to determine glitches and errors. However, all information was recorded in plain text, instead of being anonymized and encrypted.
correct severe gauge                                             Individual Risk: 2.285 = Severe: The compromised database included customers’ email addresses, phone numbers, home addresses, dates of birth, Freedom account numbers, and IP addresses. At the same time, unencrypted financial data was exposed, including credit card numbers, security codes, and credit score responses.
Customers Impacted: 15,500
How it Could Affect Your Customers’ Business:  Freedom Mobile is enduring harsh criticism for their delay in identifying and responding to the breach, which should cause small businesses to take notice. Protecting customer data is a top priority in today’s digital environment, and an unencrypted database is a self-inflicted and avoidable wound to any company.


ID Agent to the Rescue: Backed by ID Agent’s $1 million identity theft restoration policy, SpotLight ID allows MSPs’ clients to protect customers while enhancing their overall cybersecurity awareness. Learn more: https://www.idagent.com/identity-monitoring-programs

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Exploit: Account hacking
Airbnb: Global, online marketplace for hospitality services
correct severe gaugeRisk to Small Business: 2.111 = Severe Airbnb customers in the U.K. are taking to Twitter to report unauthorized account takeovers. Compromised users have noted everything from cancelled bookings and new appointments, to account lockouts and deletions.
correct moderate gaugeIndividual Risk: 2.571 = Moderate: Anyone with an Airbnb account should check their accounts for suspicious activity including booking cancellations, new bookings, or other changes. It’s likely that hackers accessed accounts by using previously stolen password information. Therefore, users should ensure that they are using unique, strong passwords for all accounts, and they should enable two-factor authentication whenever possible.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessEliminating password redundancies is a critical step in identifying the source of a breach. Without the help of an MSP or an MSSP that offers Dark Web monitoring solutions, it’s extremely difficult to understand how stolen data is being misused by hackers. Companies of all sizes need to help protect customer data by knowing what happens to their credentials in the event that they are lost or stolen.


ID Agent to the RescueMonitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id
1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Netherlands - Wolters Kluwerhttps://www.cnbc.com/2019/05/08/wolters-kluwer-accounting-giant-hit-by-malware-causing-quiet-panic.html

Exploit: Malware attack
Wolters Kluwer: Tax accounting and cloud services company

correct severe gaugeRisk to Small Business:  1.777 = Severe: Wolters Kluwer distributes tax and accounting software to the vast majority of global banks and Fortune 500 companies, and this malware attack has rendered its software and cloud storage services unusable. The firm’s clients have been unable to access services, an untimely delay given the May 15th deadline for business tax filings. In the wake of the attack, company officials took communications systems offline to prevent the malware from spreading further, making it challenging for the company's clients to gain clarity on the issue. In addition to the service delays, the scope of the attack on the company’s expansive database makes data loss a top concer.
correct severe gaugeIndividual Risk: 2.428 = Severe:: Although company officials don’t believe that any account information was accessed during the attack, accountants and financial firms store people’s most sensitive information in their digital files. Therefore, those impacted by the malware attack should immediately sign up for credit monitoring services while being mindful of other data misuses.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessNot only is a data breach a practical disruption, but it can be a veritable PR nightmare as well. Ensuring that your organization is protected against the most prominent threats is only the first step to navigating today’s dangerous digital environment. Every organization needs a plan for navigating the threat landscape, especially those who serve B2B clients that depend on their systems.

ID Agent to the Rescue:  SpotLight ID allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

France - Burger Kinghttps://www.bleepingcomputer.com/news/security/burger-kings-online-store-for-kids-exposes-customers-info/

Exploit: Unprotected Elasticsearch cluster
Burger King: Global fast food chain

correct moderate gauge
Risk to Small Business: 1.888 = Severe: A database for Burger King’s France-based online store for kids was left unprotected, allowing anyone to access sensitive personal information from thousands of shoppers. Those with access to the database were able to edit, download, or delete any of the database details, which were stored in plain text. Although the company immediately disabled controls, it’s entirely possible that data was compromised during the breach window.
correct severe gaugeIndividual Risk: 2.285 = Severe The data in question included personally identifiable information including names, emails, passwords, phone numbers, dates of birth, and voucher codes. Since the Kool King Shop caters to kids who bought Burger King menus, it’s probable that at least some of the exposed information belongs to minors, something that is especially noteworthy in any data breach. Although there is no indication that data was stolen, customers who participated in this program should assume that their data may have been accessed, and they should enroll in identity monitoring services.
Customers Impacted: 37,900
How it Could Affect Your Customers’ Business: Security researchers did not find any ransom notes in the database, something that is more attributable to luck than cybersecurity prowess. As companies around the world grapple with the aftermath of a ransomware attack, security providers at every level must understand the importance of addressing cybersecurity vulnerabilities and updating infrastructure accordingly. In many cases, partnering with a third-party can help companies identify their greatest risks before hackers can exploit them.

ID Agent to the Rescue:  Designed to protect against human error, Bullphish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

No comments:

Post a Comment

Breached!!