Thursday, September 5, 2019

Breached!! 08/07/19 - 08/13/19

United States - City of Napleshttps://www.naplesnews.com/story/news/local/2019/08/02/scammers-trick-naples-out-700-000-spear-phishing-cyber-attack/1902321001/

Exploit: Phishing attackCity of Naples: Local government serving residents in Naples, Florida
twib-severeRisk to Small Business: 2 = Severe: Spear phishing campaigns have evolved in sophistication, often relying on previously stolen credentials and inflicting greater damage than ever before. Therefore, awareness training is a critical element of any organization’s cybersecurity defense, since it can equip employees to successfully defend against all types of phishing campaigns that threaten company data and resources.
whitebox
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The cost of a data breach is higher now than ever before, which makes a preventable data breach even more egregious. Consequently, awareness training should be a top priority for every company. The expense of credit and identity monitoring services, reputational damage, and IT upgrades far exceeds the awareness training that can prevent phishing scams from compromising customer data.

ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

United States - Broken Arrow Public Schools https://www.newson6.com/story/40870728/broken-arrow-schools-victim-of-ransomware-attack

Exploit: Ransomware
Broken Arrow Public Schools: Public school district in Broken Arrow, Oklahoma
correct severe gaugeRisk to Small Business: 2.555 = Moderate Risk: A ransomware attack compromised the school district’s network, making it briefly inaccessible to all personnel. Fortunately, the school district maintained comprehensive backups that were not impacted by the data breach, and they were able to restore normal operations without paying a ransom. The attack came as school was preparing to begin, and it temporarily put critical services like scheduling, bus routes, and even the first day of school at risk
whiteboxIndividual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: A ransomware attack can come at any time, which means that a comprehensive response plan is an immediate and necessary element of every business or organization’s cybersecurity strategy. By planning for a ransomware attack, which could include everything from data backups to ransomware insurance, every business can put its best foot forward to thwart these increasingly common attacks.

ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

United States - Presbyterian Health Services https://healthitsecurity.com/news/phishing-attack-breaches-data-of-183000-presbyterian-healthcare-patients

Exploit: Phishing attack
Presbyterian Health Services: Private, not-for-profit healthcare system and provider
extreme gaugeRisk to Small Business:  1.777 = Severe: Beginning on May 9th, hackers gained access to employee email accounts that contained copious amounts of patient data. The employees fell for a phishing scam that compromised their accounts, which criminals accessed for nearly a month before the healthcare provider discovered the breach. While Presbyterian Health Services secured their employee accounts after discovering the unauthorized access, cybercriminals had plenty of time to exploit this vulnerability. Healthcare data breaches are incredibly expensive, and Presbyterian Health Services will incur the immediate cost of identity and credit monitoring services as well as increased regulatory scrutiny because patient data was involved.
extreme gaugeIndividual Risk: 2.142 = Severe: Hackers accessed patients’ names, dates of birth, Social Security numbers, and other healthcare related data. This information can quickly spread on the Dark Web, and those impacted by the breach need to attain the services necessary to protect this information.
Customers Impacted: 183,000
How it Could Affect Your Customers’ Business: Every organization wants to avoid the high cost of a data breach, so succumbing to defensible attacks like a phishing scam is uniquely frustrating. Phishing scams are cheap and easy to execute, and they are frequently making their way into employees’ inboxes. Therefore, comprehensive awareness training is a must-have element for every organization’s cybersecurity initiatives.

ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id.

United States - Earninhttps://nypost.com/2019/08/07/online-lender-backed-by-nas-says-it-was-hit-by-security-breach/

Exploit: Malware attackEarnin: Mobile finance app offering cash advances on paycheck deposits
twib-severeRisk to Small Business: 1.555 = Severe: A group of white hat hackers accessed Earnin’s network and discovered significant security vulnerabilities, including customers’ financial information stored in plain text. Although the data breach was limited to the white hat hackers, the company’s subpar security standards are producing significant bad press that could hinder their development moving forward.
twib-severeIndividual Risk: 2 = Severe: There is no indication that personal information was misused in this data breach, but significant amounts of user data was accessed, including names, bank account numbers, routing numbers, and payment statements. Because of Earnin’s poor security standards, users should closely monitor their accounts for unusual activity, and they should carefully consider their participation in platforms that don’t prioritize data security.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: In the past, tech startups operated with near impunity as they developed new platforms and services to meet our modern moment. Today, shifting consumer sentiments toward data privacy and a cadre of new privacy laws make this proposition more perilous. Instead, startups need to make cybersecurity a top priority from day one because failing to protect customer information can undercut their financial, regulatory, and customer-facing viability.


ID Agent to the Rescue: SpotLight ID™ allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started herehttps://www.idagent.com/identity-monitoring-programs.

United States - Indian Prairie School District 204 
https://www.chicagotribune.com/suburbs/naperville-sun/ct-nvs-203-204-data-breach-naperville-st-0807-20190806-3svhdhogwvgwdlne4iqhhfus6q-story.html

Exploit: Unauthorized database access
Indian Prairie School District 204: Public school district providing educational services in Aurora, Illinois
twib-severeRisk to Small Business: 2 = Severe Risk: A data breach at Pearson Clinical Assessments has trickled down to Indian Prairie School District, compromising the personal information of tens of thousands of staff and students. The district believes the information was put up for sale the Dark Web, and they are offering free credit monitoring services for everyone impacted by the breach. In this case, a security vulnerability at a third-party contractor requires the district to pick up the heavy cost of credit monitoring services for thousands of former students. In a sector already strapped for cash, this expense alone is reason enough to prioritize cybersecurity initiatives pertaining to the contract work and beyond.
extreme gaugeIndividual Risk: 2.428 = Severe Risk: The data breach includes data from staff and students from the years 2001 - 2016, and it includes first and last names, school email addresses, and birth dates. Personal data can travel quickly on the Dark Web, and those impacted by the breach should enroll in the credit monitoring services offered by the district.
Customers Impacted: 49,000
How it Could Affect Your Customers’ Business: Data breaches that compromise people’s personally identifiable information are always concerning, especially when they involve minors. Providing the supportive services necessary to recover from a data breach is the most important, and identity and credit monitoring services is the first place to start. These programs provide people the peace-of-mind necessary to successfully navigate the recovery process.


ID Agent to the Rescue: Backed by ID Agent’s $1 million identity theft restoration policy, SpotLight ID allows MSPs’ clients to protect customers while enhancing their overall cybersecurity awareness. Learn more: https://www.idagent.com/identity-monitoring-programs.

United Kingdom - Oyster https://www.theregister.co.uk/2019/08/08/tfl_oyster_card_outage_online_topup/

Exploit: Credential stuffing attack
Oyster: Travel smartcard system for UK public transportation
twib-severeRisk to Small Business: 2.111 = Severe Risk: Hackers accessed more than 1,000 Oyster user accounts by applying login credentials from other platforms to their Oyster login. This technique, known as a credential stuffing attack, uses stolen data from other websites and compounds the damage by applying that data logins across the internet. To prevent further access, the smartcard system was taken offline for two days, creating delays to the public transit system while damaging their reputation as users took to social media to voice their frustrations about the delays.
extreme gaugeIndividual Risk: 2.428 = Severe Risk: Oyster is notifying customers who had their accounts compromised, and those users should assume that all available information was compromised in the breach. Moreover, because their accounts were accessed using credential stuffing, users should ensure that they use strong, unique passwords across all accounts..
Customers Impacted: 1,200
How it Could Affect Your Customers’ BusinessWith credential stuffing attacks can be difficult to defend because they rely on users choosing strong, unique passwords across all of their accounts. However, businesses can get ahead of the threat by adopting the monitoring services necessary to know if their customers’ credentials might be compromised.


ID Agent to the RescueDark Web ID™ monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web.

New Zealand - Air New Zealand https://www.stuff.co.nz/business/114881753/a-data-breach-at-air-nz-affects-airpoints-members

Exploit: Phishing attack
Air New Zealand: Flag carrier airline of New Zealand

twib-severeRisk to Small Business: 1.666 = Severe Risk: Two Air New Zealand employees fell for a phishing attack that compromised customer data. The company is enduring significant online criticism for their management of the data breach, meaning that they are now responsible for improving their cybersecurity standards while they also work to restore their customers’ confidence.
twib-severeIndividual Risk: 2.285 = Severe Risk: In total, the breach compromised the personal information for 3.5% of the airline’s customers. The company notified customers their account passwords and payment details were not compromised. However, other sensitive information, including passport numbers, names, addresses, phone numbers, job titles, employer details could be compromised. Therefore, victims should closely monitor their personal accounts for unusual activity, and credit and identity monitoring services can provide long-term oversight of personally identifiable information.
Customers Impacted: 112,000
How it Could Affect Your Customers’ BusinessPhishing attacks can give hackers unprecedented access to a company’s IT infrastructure. They are cheap to deploy, and they can frequently avoid detection by screening software. Fortunately, phishing attacks are also entirely defensible. Comprehensive awareness training can equip employees to detect phishing attacks, effectively rendering them useless. The increasing, holistic cost of a data breach makes deploying these services an obvious priority for every company.

ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id.

New Zealand - New Zealand Institute of Directors https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=12255959

Exploit: Unauthorized database access
New Zealand - New Zealand Institute of Directors: Professional organization supporting company directors in New Zealand

twib-severe
Risk to Small Business: 1.666 = Severe: Hackers exposed a vulnerability in the organization’s website, defacing the homepage with anti-government propaganda. In response, the website was brought offline until the security incident could be contained and repaired. Furthermore, all employees were asked to change their passwords to further protect their data integrity.
 twib-severeIndividual Risk: 2.428 = Severe: While the institute described the possibility that employee data was compromised as “highly unlikely,” it’s possible that employee email addresses and passwords were compromised. All employees should reset their passwords, and they should avoid using these credentials on other accounts.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Cybercriminals are continually looking for vulnerabilities, which can result in embarrassing or highly destructive data breaches. Therefore, businesses should prioritize security awareness to identify and repair cybersecurity vulnerabilities before they are exploited by bad actors.

ID Agent to the Rescue: Dark Web ID alerts MSPs when their customers’ employee emails and passwords have been compromised and are for sale to the highest bidder, before a breach occurs. Learn how you can partner up with us here: https://www.idagent.com/dark-web.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

No comments:

Post a Comment

Week In Breach