Week in Breach
Breach News This Week: This week: Warner Music sings the blues after a skimming attack surfaces, data breach costs (and risks) are soaring for businesses in every sector, and our new eBook on the state of phishing in 2020 shows you why it’s today’s biggest risk.
Dark Web ID’s Top Threats
- Top Source Hits: ID Theft Forum
- Top Compromise Type: Domain
- Top Industry: Education & Research
- Top Employee Count: 1 – 10
Breach News This Week – United States
United States – Telmate
Exploit: Unsecured Database
Telmate: Correctional Facility Communications
Risk to Business: 2.014 = Severe
An a misconfigured Amazon S3 Bucket is to blame for a nasty data breach involving Telnet, makers of the Getting Out app used for inmate communications. The app, (which charges an exorbitant fee of up to $0.50 per minute for families to communicate with their incarcerated loved ones), is commonly monitored by prison officials, but the data that has been leaked is the kind of highly sensitive personal information like whether an inmate identifies as transgender, their relationship status, prescription medication they take, and their religion. The company, part of the Global Tel Link family, blames a third party vendor for the incident. Experts say that 11,210,948 inmate records and 227,770,157 messages were exposed.
Individual Risk: 2.314 = Severe
While Telnet maintains that no medical data, passwords, or consumer payment information were affected, the information that has been widely available through this unsecured bucket is potentially personally damaging and opens prisoners and their families up to identity theft and blackmail risks, as well as targeting for hate crime.
Customers Impacted: 2.3 million inmates and their families
How it Could Affect Your Customers’ Business: Failing to secure simple data storage tools like this is indicative of a lax attitude toward security throughout a company, and can turn off customers and potential partners. This is Telnet’s second security incident this year.
ID Agent to the Rescue: Simple, effective secure identity and access management for any company is just a step away – Passly packs essential features like single sign-on, multifactor authentication, and shared password storage vaults into one affordable package. LEARN MORE>>
United States – Cygilant
https://techcrunch.com/2020/09/03/cygilant-ransomware/?web_view=true
Exploit: Ransomware
Cygilant: Information Security Firm
Risk to Business: 1.337 = Extreme
Cybersecurity startup Cygilant finds itself in hot water after falling victim to a ranasomware attack. Cygilant is believed to be the latest victim of NetWalker ransomware. A site on the Dark Web associated with the NetWalker ransomware group posted screenshots of internal network files and directories believed to be associated with Cygilant. It is unknown if they paid the ransom, but the Dark Web listing has disappeared.
Individual Risk: No personal information was disclosed as compromised in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Ransomware is most commonly delivered through a phishing email, today’s most common vector for cyberattacks. Preventing phishing email from landing in employee inboxes is a strong defense against ransomware.
ID Agent to the Rescue: Get Graphus. Our smart AI-driven automated phishing defense solution uses a patented algorithm to learn how businesses communicate, putting 3 layers of defense between a phishing email and an employee inbox. LEARN MORE>>
United States – Roper St. Francis Hospital
Exploit: Unauthorized Database Access (Phishing)
Roper St. Francis Hospital: Medical Center
Risk to Business: 2.354 = Severe
A newly-announced security breach occurred at Roper St. Francis Hospital between June 13 and June 17. An attacker was able to gain access to a treasure trove of healthcare data by compromising an an employee’s email in a suspected phishing incident at the Charleston, SC hospital. The patient information that was compromised contained names, birth dates, detailed medical records, insurance information, and Social Security numbers.
Individual Risk: 2.004 = Severe
Patients and former patients can determine if attackers got their data by calling a toll-free call center for more information at 1-888-498-0916
Customers Impacted: 6,000
How it Could Affect Your Customers’ Business: Health care information is at a premium right now because it is a hot seller on the Dark Web – and with an exponential increase in phishing, every healthcare sector organization is high on the hit list for bad actors.
ID Agent to the Rescue: This information will likely end up in a Dark Web data dump, serving as ammunition for future spear phishing attempts. BullPhish ID helps train staffers to spot and stop spear phishing . SEE A DEMO>>
United States – The Jewish Federation of Greater Washington
Exploit: Hacking Instrusion
The Jewish Federation of Greater Washington: Non-Profit
Risk to Business: 1.211 = Extreme
A cyberattack at The Jewish Federation of Greater Washington gave cybercriminals a solid payday. Bad actors were able to hack in through an employee’s home WiFi to a privileged user account and snatch an estimated $7.5 million.The hack was discovered on August 4 by a security contractor who noticed unusual activity in an employee’s email account. That assessment indicates that the hacker had access to the system long before stealing the money, as early as the first months of summer. The organization has 52 employees.
Individual Risk: No personal information or donor financial data was reported as compromised in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This is an enormous blow to any business, but especially a non-profit that needs funding to continue doing good work in hard times. Notoriously unsafe home WiFi and device or network sharing between parents and children creates opportunities for hackers to slip through.
ID Agent to the Rescue: Passly is the solution to prevent unauthorized access to important things. Our affordable secure identity and access management tool includes single sign on launchpads for every user, making it easy for IT staff to remove privileged access if a user account is compromised. LEARN MORE>>
USA – View Media
Exploit: Unsecured Database
View Media: Online Marketing Firm
Risk to Business: 2.201 = Severe
A publicly accessible Amazon Web Services (AWS) server that belongs to View Media was discovered by cybersecurity researchers, overflowing with more than 38 million US user records, including their full names, email and street addresses, phone numbers, and ZIP codes. The data included 700 statement of work documents for targeted email and direct mail advertising campaigns stored in PDF files, and 59 CSV and XLS files that contained 38,765,297 records of US citizens in total, of which 23,511,441 records were unique. The bucket also contained thousands of files for various marketing materials, such as banner advertisements, newsletters, and promotional flyers sorted by locations and ZIP codes that the marketing company’s campaigns targeted.
Individual Risk: 2.919 = Moderate
While this is a huge trove of information, no financial or protected personal information was involved, although this information will make its way into Dark Web data dumps.
Customers Impacted: 38 million +
How it Could Affect Your Customers’ Business: Failing to undertake a simple bit of maintenance like this doesn’t look good in front of potential partners, who may become concerned that your business is a third party security risk and reconsider hiring you.
ID Agent to the Rescue: Data like this lives on in Dark Web markets, providing fuel for cyberattacks like phishing and credential stuffing. By choosing a strong digital risk protection platform, you can reduce your risk of cyberattacks. SEE HOW IT WORKS>>
United States – Warner Music
Exploit: Malware (Magecart)
Warner Music: Entertainment Company
Risk to Business: 2.307 = Severe
In a just disclosed breach, Magecart skimming was in action at Warner Music from April 25 and August 5. Warner Music said hackers compromised “a number of US-based e-commerce sites” that were “hosted and supported by an external service provider.” The details that the cybercriminals checked out with include names, email addresses, telephone numbers, billing addresses, shipping addresses, and payment card details (card number, CVC/CVV and expiration date) for account holders and guests who placed items into shopping carts or made purchases in that timeframe.
Individual Risk: 2.297 = Severe
The company did not specify in it’s filing exactly which parts of it’s retail operations were impacted. Warner Music is offering free credit monitoring through Kroll for victims.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Skimmers like Magecart are a result of hackers gaining access to parts of a website, often by compromising the weak credentials of a privileged account. Improving credential security is a must for strong cybersecurity.
ID Agent to the Rescue:Dark Web ID provides 24/7/365 protection to user credentials including especially privileged accounts, alerting you if their credentials appear in Dark Web markets to allow you to take action before cybercriminals do. SEE DARK WEB ID IN ACTION>>
Breach News This Week – United Kingdom & European Union
United Kingdom – Northumbria University
https://www.infosecurity-magazine.com/news/northumbria-uni-campus-closed/?&web_view=true
Exploit: Ransomware
Northumbria University: Institution of Higher Learning
Risk to Business: 2.717 = Severe
Northumbria University was sent reeling by a suspected ransomware attack which forced it to reschedule exams and close its entire campus. The college announced that it is undertaking a restoration and recovery operation, but that students would not have access to the student portal, blackboard and potentially other university platforms for some time during a particularly important part of the educational year.
Individual Risk: No information has been released about the type of data that may have been impacted, if any.
Customers Impacted: 26,675 students
How it Could Affect Your Customers’ Business: Ransomware typically comes calling as part of a phishing attack. Adding strong protection from phishing attacks and improving phishing resistance training for every user can lower ransomware risks.
ID Agent to the Rescue:. Graphus and BullPhish ID are a 1-2 punch in the fight against ransomware and cybercrime. Graphus features seamless integration with O365 and G Suite. BullPhish ID trains staffers to be aware of today’s constantly changing phishing threats, including COVID-19 threats. LEARN MORE>>
Breach News This Week – Australia & New Zealand
Australia – Service New South Wales
Exploit: Unauthorized Database Access (Phishing)
Service New South Wales: Government Entity
Risk to Business: 2.077 = Severe
Australian government agency Service New South Wales (NSW) confirmed that a recent attack resulted in the personal details of 186,000 customers being compromised. Hackers were able to gain access to 47 staff email accounts, giving them a pass into a huge amount of information. 738GB of data comprised of 3.8 million documents was stolen from the email accounts in April 2020.
Individual Risk: 2.776 = Moderate
Service New South Wales says that the stolen data is made up of internal documents such as handwritten notes and forms, scans, and records of transaction applications. There was no evidence that individual MyServiceNSW account data or Service NSW databases were compromised during the cyber attack.
Customers Impacted: 186,000
How it Could Affect Your Customers’ Business: Tricking a staffer into giving up a password can be easy, especially at large companies like Twitter. That password can be the key to the kingdom for cybercriminals, giving them access to all sorts of systems and data – and you a new headache.
ID Agent to the Rescue: Take the power out of a filched password by adding multifactor authentication to your cybersecurity tool belt with Passly, with a multiple options for identifier code delivery. SEE A DEMO>>
Breached This Week – South America
Argentina – Dirección Nacional de Migraciones
Exploit: Ransomware
Dirección Nacional de Migraciones: Government Agency
Risk to Business: 2.341 = Severe
Dirección Nacional de Migraciones, Argentina’s border control agency, was hit by a Netwalker ransomware attack that caused the interruption of the border crossing into and out of the country for four hours on August 27th. Systems were shut down after the agency’s tech support began receiving a suspiciously large amount of requests for assistance with irretrievable Office files. Government officials indicated that they will not pay the ransom and will not negotiate with Netwalker ransomware operators, who are currently demanding a $4 million ransom (up from $2 million after the expiration of the cybercriminals’ first deadline).
Individual Risk: No individual data has been reported as compromised in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware has a devastating impact on any organization, causing service disruptions and lost business plus an expensive recovery even if no information is stolen or it can be retrieved from backups.
ID Agent to the Rescue: Stop ransomware from shutting you down by adding a new team member just to stop phishing attacks from reaching your staff – Graphus. SEE A DEMO>>
The Week in Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
