The Week in Breach: Data Breach News 09/23/20 – 09/29/20
The Week in Breach: Ransomware sails a major shipping company into trouble, Microsoft makes a rare flub, Luxottica fails to see a threat, malicious insiders shop for data at Shopify, details about our sponsorship of REBOUND from SKOUT, and a sneak peek at our first product update event!
Dark Web ID’s Top Threats
- Top Source Hits: ID Theft Forum
- Top Compromise Type: Domain
- Top Industry: Education & Research
- Top Employee Count: 1 – 10
The Week in Breach – United States
United States – Arbiter Sports
Exploit: Ransomware
Arbiter Sports: Sports Software and Services Provider
Risk to Business: 1.301 = Extreme
Arbiter Sports, a software provider for many athletic associations including the NCAA (National Collegiate Athletic Association) experienced a ransomware attack that led to significant data loss. The shifting story ultimately crystallized into the company paying the ransom to have data freed from what it classifies as a backup server containing a database of more than 540,000 540,000 of its registered members — consisting of referees, league officials, and school representatives. The data was from several applications and records including ArbiterOne, ArbiterGame, and even ArbiterWorks.
Individual Risk: 1.816 = Severe
Arbiter Sports said the backups contained sensitive information about users who registered on these web apps, such as account usernames, passwords, real names, addresses, dates of birth, email addresses, and Social Security numbers. Social Security numbers and passwords were encrypted. The company paid the ransom, but the data could have still been copied. Users should be aware of the potential for identity theft or spear phishing using this information.
Customers Impacted: 540,000+
How it Could Affect Your Customers’ Business: Ransomware is every company’s worst nightmare. Even when a company pays the ransom, there’s no guarantee that the encrypted data wasn’t copied or resold before it was released by the cybercriminals.
ID Agent to the Rescue: If you’ve been hit with ransomware, it probably started as a phishing attack. You need Graphus, the powerful automatic phishing defender that evolves with your business. LEARN MORE>>
United States – IPG Photonics
Exploit: Ransomware
IP Photonics: Laser Developer
Risk to Business: 2.305 = Severe
Defense contractor and laser developer IP Photonics was hit with a nasty ransomware attack using the RansomExx strain of ransomware, sometimes also dubbed Ransom X. IPG Photonics IT operations were affected worldwide, including internal IT, phones, manufacturing, parts, and shipping.
Individual Risk: No individual information was reported as compromised in this incident
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Manufacturers that get shut down from ransomware don’t just lose data – they also lose production time, fulfillment capability, access to maintenance or operations technology, and other business essentials that can be hard to quantify yet devastating.
ID Agent to the Rescue: BullPhish ID helps companies fight back against ransomware and other phishing-related attacks with easy to deploy phishing resistance training featuring “set it and forget it” campaign management and plug-and-play training kits. LEARN MORE>>
United States – Microsoft
https://www.zdnet.com/article/microsoft-secures-backend-server-that-leaked-bing-data/
Exploit: Unsecured Database
Microsoft: Technology Conglomerate
Risk to Business: 2.781 = Moderate
In a rare security blunder, Microsoft failed to secure a backend server for Bing. The server is estimated to have leaked more than 6.5TB of log files containing 13 billion records originating from the Bing search engine. The leak included the server exposed technical details, such as search queries, details about the user’s system (device, OS, browser, etc.), geo-location details (where available), and various tokens, hashes, and coupon codes.
Individual Risk: No individual data is believed to have been impacted in this breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Elementary security failures are embarrassing, and may lead your company’s customers to take their business elsewhere because if you’re forgetting the basics, how are you handling the more serious stuff?
ID Agent to the Rescue: Make sure that staffers are dotting the Is and crossing the Ts when it comes to basic security best practices with security awareness training from ID Agent, including phishing resistance with BullPhish ID LEARN MORE>>
United States – Town Sports International
Exploit: Unsecured Database
Town Sports International: Sports Club Operator
Risk to Business: 1.753 = Severe
Cybersecurity researchers discovered an unsecured database owned by Town Sports International that was unprotected for nearly one year, leaving room for unauthorized individuals to browse and steal customer information. The Amazon S3 bucket contained full names, addresses, contact information, credit card last 4 digits and expiry dates, billing histories, and other sensitive information for 60,000 members of health clubs along the East Coast, including clubs in Boston and New York. Employee records were also stored in this database, and their personal information was also likely exposed.
Individual Risk: 1.601 = Severe
This database was left wide open for at least a year, giving cybercriminals and databrokers ample time to harvest it for fuel to empower phishing attacks, identity theft, and other cybercrime.
Customers Impacted: 600,000
How it Could Affect Your Customers’ Business: Minor security errors happen, but colossal blunders like this speak to a culture of sloppy security and lack of regard for data privacy across an organization.
ID Agent to the Rescue: Password reuse is an epidemic, and incidents like this are how huge lists of passwords end up on the Dark Web. Make sure yours aren’t there with 24/7/365 Dark Web monitoring. LEARN MORE>>
United States – Universal Health Services
Exploit: Ransomware
Universal Health Services: Healthcare System Operator
Risk to Business: 1.442 = Extreme
Ryuk Ransomware did massive damage at Universal Health Services (UHS), resulting in damage that left UHS hospitals in the US including those from California, Florida, Texas, Arizona, and Washington D.C. without access to computers and phone systems. The healthcare giant operates over 400 healthcare facilities in the US and the UK, has more than 90,000 employees, and provides healthcare to approximately 3.5 million patients each year. The affected systems are still not fully restored, but patient care impacts are reported as minimal.
Individual Risk: No personal data has been reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a devastating weapon that bad actors are using to shut down essential services – and attacks are escalating.
ID Agent to the Rescue: Ransomware typically arrives with a phishing email. Automate your company’s defense against phishing with Graphus to put three layers of protection between a phishing email and your data fast. SEE HOW IT WORKS>>
United States – Tyler Technologies
https://dfw.cbslocal.com/2020/09/23/texas-company-software-local-governments-schools-data-breach/
Exploit: Ransomware
Tyler Technologies – Public and Defense Sector Software Provider
Risk to Business: 1.779 = Severe
North Texas company Tyler Technologies, provider of software services for everything from jail and court management systems to payroll, human resources, tax, and bill collection and land records, experienced a devastating ransomware attack. The company says that the impact of the incident is limited to internal corporate network and phone systems and that there has been no impact on hosted client environments, including its election results reporting software, although some clients are reporting escalating login problems since the attack.
Individual Risk: No personal data was reported as part of this incident.
How it Could Affect Your Customers’ Business: An event like this at a technology provider is not a good look, especially for a contractor that handles both defense sector jobs and election reporting software.
ID Agent to the Rescue: Security awareness training with cutting-edge solutions like BullPhish ID reduces a company’s chance of suffering a cybersecurity incident by up to 70%. SEE BULLPHISH ID IN ACTION>>
The Week in Breach – Canada
Canada – Shopify
Exploit: Malicious Insider
Shopify: e -Commerce Platform
Risk to Business: 2.314 = Severe
The data of customers for an estimated 200 merchants on Shopify was exposed in an insider incident at the e-commerce giant. Two employees who were working a scheme to steal transaction data are to blame. The data exposed includes client details like email, name, and street address, as well as order details, but does not involve complete payment card numbers or financial information. The company hosts over one million businesses across more than 175 countries on its platform.
Individual Risk: 2.603 = Moderate
The rogue staffers were only able to expose a small amount of information from a few businesses. Merchants on the platform are being informed by Shopify as the investigation continues. Users who think they may be at risk should be alert for spear phishing attempts.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The economy in the rest of the world may be challenged, but the Dark Web data markets are thriving, and staffers who need a little extra cash can be tempted to expose company data, sell their logins, or dip their feet into the cybercrime as-a-service market.
ID Agent to the Rescue: Are your staffers selling their credentials on the Dark Web – or even worse, your customers’ credentials? Find out fast with human and machine powered always on credential monitoring from Dark Web ID. SEE DARK WEB ID IN ACTION>>
The Week in Breach – United Kingdom & European Union
France – CMA CGM
https://gcaptain.com/shipping-giant-cma-cgm-hit-by-cyber-attack/
Exploit: Ransomware
CMA CGM: Maritime Shipping and Logistics
Risk to Business: 1.702 = Severe
Ragnar Locker ransomware sailed into the systems of French cargo giant CMA CGM, leaving havoc in its wake. The company’s website and external access to all applications was taken offline. This is the latest in a series of attacks against logistics targets, including major shipping and trucking companies. No ransom has been named in the attack, and CMA CGMis still experiencing outages.
Individual Risk: No personal information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The number one cause of ransomware flooding your systems is a phishing email. Increasing security awareness training including phishing resistance training with BullPhish ID can prevent these types of cybersecurity disasters.
ID Agent to the Rescue: BullPhish ID makes your staffers more wary of suspicious messages. Combine that increased awareness with Graphus’ Phish 911 a feature that enables employees to report dodgy messages to give phishing a knockout blow. SEE OUR SOLUTIONS IN ACTION>>
Italy- Luxottica
Exploit: Ransomware
University Hospital Dusseldorf: Healthcare Provider
Risk to Business: 1.752 = Severe
Ransomware definitely blindsided Italian eyewear giant Luxottica, producer of popular brands including Ray-Ban, Oakley, Armani, Bulgari, Chanel, Prada, Ferrari, Giorgio Armani, Michael Kors, Burberry, Versace, Dolce and Gabbana, Miu Miu, and Tory Burch. The company’s brand websites and service provider websites for Ray-Ban, EyeMed, Pearle Vision, and Sunglass Hut went down after a ransomware attack disrupted operations worldwide. Investigation and restoration is ongoing.
Individual Risk: No individual information has been reported as compromised in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware can shut an organization down entirely, and these days bad actors are just as interested in disrupting business and manufacturing operations as stealing data.
ID Agent to the Rescue: Add 3 layers of protection against email threats like ransomware that can devastate your business with Graphus, the automated phishing guardian that’s on duty 24/7/365. LEARN MORE>>
Poland – BrandBQ
https://www.infosecurity-magazine.com/news/fashion-retailer-brandbq-seven/
Exploit: Unsecured Database
BrandBQ – Fashion Retailer
Risk to Business: 1.667 = Severe
An unsecured Elasticsearch database spelled trouble for Krakow-based fashion retailer BrandBQ. Security researchers uncovered the unencrypted Elasticsearch server on June 28 and BrandBQ finally secured it around a month later, but not before records for millions of clients were exposed. Observers reported one billion entries in the exposed database including 6.7 million records related to online customers, with each entry featuring personally identifiable information (PII) including full names, email and home addresses, dates of birth, phone numbers, and payment records (although not card details). Also available on the server were 50,000 records relating to local contractors in certain jurisdictions including VAT numbers and purchase information
Individual Risk: 2.863 = Severe
Information contained in this database sat unguarded and available to cybercriminals for at least a month. Clients of BrandBQ or any of its retail stores including online stores and operations in Poland, Romania, Hungary, Bulgaria, Slovakia, Ukraine, and the Czech Republic should be wary of spear phishing attempts using this data.
Customers Impacted: 7,000,000
How it Could Affect Your Customers’ Business: An exposed database of this magnitude is shocking, and it definitely indicates that your company isn’t following cybersecurity best practices like securing sensitive customer data with multifactor authentication.
ID Agent to the Rescue: Put Passly to work for you. This secure identity and access management solution includes all of the features that your business needs, like multifactor authentication and shared secured password vaults at a price that you’ll love. LEARN MORE>>
The Week in Breach – Australia & New Zealand
Australia – Trading Reference Australia
Exploit: Unauthorized Database Access
Trading References Australia: Digital Real Estate Services
Risk to Business: 2.077 = Severe
The Office of the Australian Information Commissioner is investigating a data breach at the keeper of one of Australia’s largest tenant information databases, Trading Reference Australia. In addition to real estate services, the company also maintains a legendary blacklist of tenants. No word yet on what data was stolen and the matter is in current litigation.
Individual Risk: No personal or financial data has been reported as compromised in this breach so far, but it remains under investigation.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Failing to keep information secure, especially damaging information like a tenant blacklist has the potential to be very messy as both a recovery operation and a regulatory headache. Data like this sells fast in the Dark Web data markets.
ID Agent to the Rescue: Reduce your risk of a cyberattack using credentials that have been compromised in a data breach like this one with 24/7/365 credential monitoring using Dark Web ID. SEE A DEMO>>
The Week in Breach – Asia & Pacific
Singapore – ShopBack
https://www.marketing-interactive.com/shopback-says-consumer-cashback-is-safe-despite-data-breach
Exploit: Unauthorized Database Access
ShopBack: Digital Coupon Company
Risk to Business: 2.203= Moderate
Cashback reward app ShopBack has reported a data breach as a result of unauthorized access to company systems that contained customers’ personal data. Investigation of the incident is ongoing, but the company says that the damage included an extensive amount of exposed customer records that contained data such as users’ names, contact information, gender, date of birth, and bank account numbers. Singapore’s Personal Data Protection Commission is investigating.
Individual Risk: 2.419 = Severe
The possibility of bank account information becoming compromised as well as PII opens consumers up to a variety of nasty potential consequences including identity theft, fraud, and dangerous spear phishing attacks.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Unauthorized access to systems containing consumer financial data like bank information is not just a PR disaster, it’s also a potential fine and compliance nightmare that can cost a fortune to clean up.
ID Agent to the Rescue: Secure access to your data and systems with the multifunctional capability of Passly, the cost-effective, efficient secure identity and access management tool that is ideal for making sure that the right people have access to the right things – and only the right people. SEE A DEMO>>
The Week in Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
The Week in Breach: Added Intelligence
Go Inside the Ink to Get the Inside Scoop
Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!
Catch Up on What You Need to Know Right Now to Protect Your Business.
- Bad News for Businesses: Maladvertising Threats Ramp Up
- 3 Unexpected Phishing Threats Graphus Defends Against
- The Week in Breach: 9/16 – 9/22/20
- Cybersecurity and COVID-19: 4 Lessons Learned
- The Ink This Week: 9/25/20
- Get Ready to REBOUND with SKOUT Exclusively Sponsored by ID Agent
- 3 Crash Courses in Cybersecurity for MSPs
- 10 Facts About Supply Chain Risk You Need to See
The Week in Breach: New Resources
Get Ready to REBOUND in 2021 With This Event by SKOUT, Exclusively Sponsored by ID Agent
No one was ready for 2020. Did you have big plans to expand your business? Grow your client list? Expand your security menu? It’s disappointing that this year’s tumultuous events have upended your plans, but don’t get down about it – REBOUND!
Join us on October 28, 2020, for an unbeatable opportunity to connect with marketing, sales, and business experts in the MSP space to learn how you can use this year’s challenges to fuel an epic 2021 for your business.
Gain insight and inspiration from ID Agent CEO Kevin Lancaster and other luminaries. Featuring transformative sessions, rare networking opportunities, and thousands of dollars in prizes and treats, this is an event you should add to your calendar today. Don’t let business conditions get you down – REBOUND!
Join us on October 8, 2020 to start planning your rebound!
Want to Know a Secret? We’ve Got Great Things Planned in Q4!
Join us on October 11, 2020, at 11 am ET for our first ever Quarterly Product Update event! We’ll fill you in on all of the updates and upgrades that we’ve made to our cost-effective solutions including Dark Web ID, BullPhish ID, and Passly.
Plus, get an exclusive introduction to the newest member of our digital risk protection platform, Graphus, a powerful, unique automated phishing defender. We’ll show you how this unique solution can secure your clients and secure your peace of mind at an excellent value. See a video of Graphus in action or learn more about the features of Graphus now.
You’ll definitely want to hear about the innovations and exciting developments that we have on tap for Q$ 2020 too. We’re definitely planning to close out 2020 with a bang – and we’re already brewing up awesome things for 2021. Don’t miss this crucial update that can help you grow your business and boost your MRR in a flash.
Join us on October 11, 2020, at 11 am ET for our inaugural Quarterly Product Update session and get all the details!
In case you missed it last week: Our new eBook gives you a crash course on today’s nastiest cybersecurity nightmare, ransomware. See how Dark Web information and the economic challenges that have spread in the wake of COVID-19 has made it even more devastating, and learn what you can do to secure your business and your clients against it quickly and affordably!
This is the ransomware crib sheet you need to go to the head of the class.
The Week in Breach: Featured Threat
Business Email Compromise is a Messy, Expensive, Preventable Disaster
Securing highly privleged executive and administrator accounts has to be a high priority for every business
Business email compromise is a nightmare proposition for any company. Trading firm Virtu Financial learned that lesson the hard way in May 2020 when it lost it lost $6.9 million in a nasty incident.
The scam took off when a hacker accessed the email account of one of its executives, reading and analyzing that account’s email for at least two weeks. In phase two, the hacker altered the account’s settings and started sensing out their own fraudulent emails.
The cybercriminals involved then moved into phase 3 of the scam. After monkeying with the inbox rules to hide certain messages from being seen by the account owner they sprung the most important phase of their plan: sending a series of emails to the company’s accounting department asking it to issue two wire transfers to banks in China.
The accounting department didn’t see any red flags, and the two transfers, totaling about $10.8 million, were sent in due course in late May 2020. Shortly after the transfers were made, a routine audit clued accounting staffers into possible trouble but the damage was done, and Virtu Financial was only able to freeze $3.8 million of the money.
This whole nightmare stemmed from a single compromised executive email account. While the integrity of every credential is important to maintain security, executive and administrator credentials can cause the most damage to a company, as Virtu Financial learned to their peril.
It’s essential that every account for every user is under the umbrella of a strong secure identity and access management solution to prevent these incidents. Account compromise like this is frequently the result of a password compromise.
No matter how it’s obtained, whether it’s through spear phishing or it’s a lucky break from a credential stuffing attack, that compromised executive password can be neutralized when a second credential is needed to login to the endangered account. Plus, secure shared password vaults enable companies and IT teams to keep passwords for essential systems and access points especially protected.
Secure identity and access management was cited as the top priority of CISOs in a recent study on 2021 cybersecurity planning, and one reason it tops the list is that it goes a long way toward preventing disasters like this. Add Passly to your security offerings now to be ahead of the curve when it comes to securing your clients against business email compromise.
The Week in Breach: A note for your customers
Malicious Insiders Could Be Just Around the Corner
Cybersecurity risks don’t just come from outside your business. Sometimes, it’s the new staffer in payroll or the disgruntled clerk in receiving that pose your biggest cybersecurity threat and you may not even notice them until it’s too late, like Shopify this week.
But it’s not difficult or expensive to take sensible precautions against potentially malicious employees and you should do that right away – because it will happen to you. Insider threats like this are a never-ending source of worry for business owners, and that’s why secure identity and access management should be at the top of your list for solutions that help prevent malicious insiders from stealing sensitive information.
Using a dynamic secure identity and access management tool like Passly gives you more control over who has access to what, enabling tight controls on sensitive data. It also adds protection against your staffers selling their login credentials by adding multifactor authentication. And if you do have a malicious inside incident, single sign-on LauncPads for every user makes it easy for your security team to cut off access for a user and limit the damage.
Security experts at companies around the globe agree – secure identity and access management is a key component of a strong cybersecurity defense that acts as a major deterrent to malicious insiders. Adding a cost-effective solution like Passly to your security plan now can save you a fortune in incident recovery costs and heartache later.
Catch Up With Us at These Virtual Events
- OCT 7: ID Agent Q3 Product Update Webinar REGISTER>>
- OCT 14 -15: Robin Robins Recession Rescue Road Show (Philadelphia) REGISTER>>
- OCT 14: A Cybersecurity Trilogy: PROTECT – The Dark Side Strikes Back Webinar REGISTER>>
- OCT 19 – 22: nextgen + 2020 REGISTER>>
- OCT 20 – 22: Kaseya Connect IT Europe REGISTER>>
- OCT 28: REBOUND 2020 REGISTER>>
- NOV 10: A Cybersecurity Trilogy: PLAN – The Rise of Technology Webinar REGISTER>>
Get a closer look at what really goes on in Dark Web Markets!
Get high-quality marketing tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!.
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us know – we welcome your feedback and we love to hear about how our content works for you!
Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!