Week in Breach

October 20th, 2020 by Kevin Lancaster

This Week in Breach News: Mystery cyberattacks do massive damage to Barnes & Noble, Robinhood, and the Hackney Borough Council, Dickie’s Barbecue gets served some skimming trouble, and ransomware puts a beloved Indian snack food brand in danger – plus a deep dive into the Dark Web to jumpstart your 2021 planning.


The Week in Breach News: Dark Web ID’s Top Threats This Week


  • Top Source Hits: ID Theft Forum
  • Top Compromise Type: Domain
  • Top Industry: Education & Research
  • Top Employee Count: 501+

The Week in Breach News – United States


United States –  Barnes & Noble

https://boston.cbslocal.com/2020/10/15/barnes-noble-cyberattack-hack-data-breach-personal-info/

Exploit: Malware

Barnes & Noble: Bookseller

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.411 = Extreme

Barnes & Noble has been starring in its own horror story in the last week, as a massive network outage for its Nook customers rolled into the discovery of a massive cyberattack. The bookseller informed customers on Monday that it had experienced a data breach that exposed customers’ transaction histories and PII. Recovery and restoration efforts are underway. It’s unknown if the Nook outage was a facet of the data breach or unrelated.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.206 = Severe

Barnes & Noble says that the only data stolen was transaction history information, names, and email addresses. The company doesn’t anticipate that any financial information was stolen, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: No one can afford a data breach right now, not even a corporate giant. incidents that impact online sales are especially problematic as online sales remain a focus area during the pandemic.

ID Agent to the Rescue: Strengthening gateway security is a good data loss prevention strategy. Passly guards against intrusion with cracked, stolen or compromised passwords by adding simple but effective secure identity and access management protection. LEARN MORE>>


United States – Intcomex

https://channeldailynews.com/news/miami-based-channel-partner-slammed-by-1tb-customer-and-business-data-leak/72273

Exploit: Ransomware

Intcomex: Managed Services Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.772 = Severe

The Miami-based managed services provider suffered a huge data breach, exposing nearly 1Tb of very sensitive data. The leaked data contains a collection called “Internal Audit” at 16.6GB, and “Finance_ER” totaling 18GB. The most recent data was from July 2020. The data included credit cards, license scans, payroll, customer databases, and more. The company serves more than 50,000 resellers in over 41 countries.

Individual Risk: No individual information was reported as compromised in this incident, although the potential is there. No details about the uncovered data are available.

Customers Impacted: up to 50,000

How it Could Affect Your Customers’ Business Third party data breaches are a big risk to every business these days. Even if you’re keeping your company’s sensitive data secure, your vendors might not be.

ID Agent to the Rescue: Dark Web ID keeps your business credentials safe by monitoring the Dark Web 24/7/365 to alert you right away if your protected credentials show up in a Dark Web data dump. LEARN MORE>>


United States – Robinhood 

https://nypost.com/2020/10/16/hackers-broke-into-nearly-2000-robinhood-trading-accounts/

Exploit: Hacking/Database Intrusion

Robinhood: Investment App

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.552 = Extreme

Robinhood informed its users last week that hackers had obtained access to funds and information in some of its accounts. The firm claims that there was no intrusion and that customer email addresses were compromised outside of the app, giving cybercriminals the ability to steal money and data, but investigators and clients say that’s not possible, citing the fact that most accounts were protected with MFA.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.412 = Extreme

Personal and financial information about users was accessible and potentially stolen by hackers, and some users had money stolen directly from their accounts. Users should assume that their accounts have been compromised and act accordingly.

Customers Impacted: 2,000

How it Could Affect Your Customers’ Business: Providing services that use highly sensitive information implies that you’re using the best technology to keep that data safe – especially at a fintech startup.

ID Agent to the Rescue: Keep data safer by reducing the ways that thieves can get to it. With single sign-on through passly, each employee has their own personalized LaunchPad, making it easy for IT staff to secure access points.  LEARN MORE>>


United States – Dickie’s Barbecue Pit

https://www.zdnet.com/article/card-details-for-3-million-dickeys-customers-posted-on-carding-forum/

Exploit: Malware/Skimming

Dickie’s Barbecue Pit: Restaurant Chain

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 1.691 = Severe

Dickie’s Barbecue Pit has been serving up a side of skimming to every customer. Between August 2019 and July 2020, cybercriminals were operating skimmers at 156 of Dickey’s 469 locations in 30 states, with the highest exposure in California and Arizona. The breach was discovered by cybersecurity monitors after hackers began advertising the data stash for sale as “Blazingsun”.

cybersecurity news represented by agauge showing severe risk

 

Individual Business: 1.771 = Severe

Customers who made purchases at Dickie’s Barbecue Pit during that window have likely experienced a credit card compromise and should contact their card issuer for guidance.

Customers Impacted: 3 million

How it Could Affect Your Customers’ Business: The number one cause of a data breach is human error. Failing to keep up with security awareness and phishing resistance training leads to expensive cybersecurity disasters.

ID Agent to the Rescue: The ID Agent digital risk protection platform enables organizations of any size to implement security awareness training painlessly at a great price. LEARN MORE>>


United States – Nez Pierce Tribal Casinos

https://lmtribune.com/external-cyber-attack-blamed-for-computer-trouble-at-nez-perce-tribes-casinos/article_091b0264-1000-11eb-a3ed-0f2500bec470.html

Exploit: Ransomware

Nez Pierce Tribal Casinos: Gambling Parlors

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 2.002 = Severe

Two popular casinos owned and operated by the Nez Peirce Native American tribe were hit with ransomware, resulting in a complete shutdown for at least a week. Systems were frozen at both the tribe’s Clearwater River Casino near Lewiston and the Ye-Ye Casino at Kamiah in Idaho. Restoration efforts and investigations are underway, but the casinos are expected to reopen imminently.

Individual Risk: No personal data has been reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Attacks aren’t always about stealing data. Ransomware is a devastating weapon that bad actors are using to shut down businesses too., and that can sometimes be even worse.

ID Agent to the Rescue: Learn how to protect systems and data from ransomware in our eBook “Ransomware 101“. DOWNLOAD IT NOW>>


The Week in Breach News – Canada


Canada – Municipality of Westlake-Gladstone 

https://winnipeg.ctvnews.ca/nearly-450k-stolen-from-manitoba-municipality-in-cyber-attack-1.5146916

Exploit: Hacking/Intrusion

Municipality of Westlake-Gladstone: Local Government

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.309 = Severe

Nearly $450K was snatched from the operating account of this Manitoba municipality in a hacking incident that could be the result of an insider threat. The money was stolen in a series of withdrawals or transfers beginning in November 2019 and continuing until at least January 2020.

Individual Risk: No individual information has been reported as compromised in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Schemes like this are often the result of a business email compromise scam. It’s a devastating variant of phishing that preys on business relationships- and it’s consequently more devastating.

ID Agent to the Rescue: Prevent business email compromise by boosting phishing resistance training for everyone, including executives who are frequently targeted in these scams. SEE BULLPHISH ID IN ACTION>>


The Week in Breach News – United Kingdom & European Union


United Kingdom – Hackney Borough Council

https://www.zdnet.com/article/serious-cyberattack-hits-london-council/

Exploit: Ransomware

Hackney Borough Council: Municipal Government

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.334 = Extreme

A devastating cyberattack shut down operations at websites for the Hackney Borough Council, bringing everything from bill payments to services for the elderly and vulnerable to a halt briefly. Many functions have been restored, but some business is still impacted. The incident has also been reported to the Information Commissioner’s Office (ICO). Experts from theNational Cyber Security Centre (NCSC), the National Crime Agency (NCA), external security experts, and the Ministry of Housing, Communities and Local Government are also assisting with investigation and recovery. The incident shows hallmarks of ransomware.

Individual Risk: No personal or financial data is reported as stolen or compromised in this incident

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Attacks on municipalities and municipal service providers have become more rare- and more damaging, especially from nation-state hackers and other highly organized cybercrime gangs.

ID Agent to the Rescue: When ransomware comes calling, it’s usually part of a phishing attack. BullPhish ID is key to preventing these incidents, with 4 new plug-and-play phishing kits added every month to keep you up to date on the latest threats. LEARN MORE>>


Sweden – Panion

https://cybernews.com/security/social-media-app-leaking-data-of-172000-users/

Exploit: Unsecured Database

Panion: Social Media App

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Risk to Business: 2.337 = Severe

Swedish social media app Panion committed an unfriendly blunder by failing to secure an AWS bucket, leaving personal information for its users exposed. All told, about 2.5 million user records were exposed. The data included full names, email addresses, genders, interests, location coordinates, and last login dates, as well as selfies and document photos.

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Individual Risk: 2.227 = Severe

Users should be aware that their location data has been exposed, as well as personal information that can empower spear phishing attacks or other crimes.

Customers Impacted: 2 Million

How it Could Affect Your Customers’ Business: Don’t make rookie mistakes. Companies that leave databases open tell their clients that they’re not committed to using cybersecurity best practices, making clients less likely to do business with them.

ID Agent to the Rescue: Start using Passly for staff access to databases and files. If everyone who needs access can be given it quickly, it eliminates the chance of people taking shortcuts like not locking a database. . SEE PASSLY AT WORK>>


The Week in Breach News – Australia & New Zealand


Australia – Kleenheat

https://www.zdnet.com/article/kleenheat-customer-names-and-addresses-exposed-in-system-breach/

Exploit: Unsecured Database

Kleenheat: Energy Company

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.894 = Moderate

Australia’s Kleenheat is warning customers that they may have had data exposed in a breach at a third party vendor. The data was collected and stored in 2014, and in a system that is no longer in use at a former data storage partner.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.822 = Moderate

Clients impacted in the breach had what the company characterizes as general information exposed including names, residential addresses, and email addresses.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Third party exposures aren’t just a risk for your business, they’re also a risk for your customers. Failing to provide quality security on data storage can expose you and your clients to unwanted consequences.

ID Agent to the Rescue: Data like the kind stolen in this breach lives forever on the Dark Web. Be certain that your staff’s credentials aren’t hanging around on the Dark Web from a past exposure with Dark Web ID. SEE DARK WEB ID AT WORK>>


Australia – Containerchain

https://www.fullyloaded.com.au/logistics-news/2010/containerchain-wards-off-ransomware-attack-over-weekend

Exploit: Ransomware

Containerchain: Logistics Platform

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.921 = Severe

In yet another attack on freight and transport, Containerchain was hit with a ransomware attack. Systems for its shipping customers were briefly shut down entirely but were restored quickly. The company does not believe that significant data was lost and noted that impacted customers (if any) would be in AU, NZ, SG, and MY. The investigation is ongoing.

Individual Impact: No personal data was exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: A spate of recent attacks against shipping, transportation, and logistics targets has raised fears of potential cyberwarfare targets and put these essential parts of our infrastructure on notice that their cybersecurity is vital to operations.

ID Agent to the Rescue: Our digital risk protection platform offers businesses multiple tools for securing their systems and data, even from unexpected dangers. LEARN MORE>>


The Week in Breach – Asia


India – Haldiram’s Snacks

https://www.thehindu.com/sci-tech/technology/haldirams-crucial-data-stolen-hackers-demand-75-lakh-to-release-information/article32880074.ece

Exploit: Ransomware

Haldiram’s Snacks: Snack Food Manufacturer

cybersecurity news gauge indicating extreme risk

 

Risk to Business: 1.451 = Extreme

Beloved Indian snack food maker Halidram’s has been hit with a ransomware attack that has brought chaos to its business and manufacturing arms. Bad actors encrypted much of the company’s essential data between October 12 and October 13, demanding a ransom payment for release. The negotiation, recovery, and investigation is ongoing.

Individual Risk: No individual information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware typically arrives as the nasty cargo of a phishing email. Phishing is today’s biggest cybersecurity risk, and this kind of damage is exactly what makes it every IT professional’s nightmare

ID Agent to the Rescue: Staffers only retain what they learned from security awareness training for approximately 4 months. Refresh that regularly with BullPhish ID to reduce the chance of your business falling prey to a ransomware gang. SEE A DEMO>>


The Week in Breach News Guide to Our Risk Scores


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.