The Week in Breach News: 10/30/24 – 11/05/24
This week: 3M have data stolen from a Peruvian bank; a data breach at France’s second-largest ISP; a dozen new phishing simulations and a look at the cybersecurity challenges ahead for businesses from the findings of our Kaseya Cybersecurity Survey Report 2024.
Read this week’s feature story: How Are Businesses Preparing for Cyber Risk in 2025?
Give your clients the Cybersecurity Monster Hunter’s Checklist as a fun, Halloween-themed way to help them hunt down cybersecurity weaknesses. GET CHECKLIST>>
Landmark Admin
https://www.aol.com/massive-data-breach-exposes-800-130049819.html
Exploit: Ransomware
Industry: Business Services
Landmark Admin announced that a May cyberattack compromised the sensitive information of over 800,000 individuals. The breach affects policyholders from several of its major insurance partners, including American Monumental Life, Pellerin Life and American Benefit Life. Exposed data may include Social Security numbers, driver’s license and passport numbers, bank information, medical records and life policy details. Landmark Admin advises those affected to monitor accounts as investigations continue.
How It Could Affect Your Customers’ Business: A data breach like this is a fast way for an organization to get slapped with big fines that can impact a company’s financial health and future.
Kaseya to the Rescue: Learn to mitigate a company’s risk of damage from often email-based cyberattacks like ransomware in A Comprehensive Guide to Email-based Cyberattacks. GET THE GUIDE>>
The Housing Authority of the City of Los Angeles (HACLA)
https://therecord.media/hacla-los-angeles-second-ransomware-attack
Exploit: Hacking
Industry: Government
The Housing Authority of the City of Los Angeles (HACLA) has confirmed a cyberattack following claims of data theft by the Cactus ransomware gang. The group recently claimed it stole 861 GB of data, including personal information, backups and financial documents. This marks the second cyberattack HACLA has faced in recent years; the now-defunct LockBit ransomware gang breached the organization in 2023.
How It Could Affect Your Customers’ Business: Two data breaches in such a short period of time is not a good look for any organization.
Kaseya to the Rescue: Explore the biggest challenges professionals contended with in 2024 and the impact of AI on cybersecurity in the Kaseya Cybersecurity Survey 2024. GET THE REPORT>>
Metropolis Group
https://pressgazette.co.uk/publishers/b2b/emap-metropolis-cyberattack-news-industry
Exploit: Hacking
Industry: Media
A cyberattack has compromised the passports, bank details, and National Insurance numbers of current and former employees at Metropolis, which employs 500 staff across various B2B and specialist media brands, including Nursing Times and Property Week. Hackers accessed two servers containing shared folders with personal information, including payslips (with addresses, email addresses, and NI numbers), bank account details, passports, driving licenses, HR correspondence and CVs.
How It Could Affect Your Customers’ Business: Businesses have to protect both consumer data and employee data in today’s volatile world.
Kaseya to the Rescue: See how an antiphishing solution that leverages AI and automation can help businesses stop phishing economically. DOWNLOAD EBOOK>>
Peru – Interbank
https://therecord.media/interbank-peru-data-breach
Exploit: Hacking
Industry: Finance
Interbank confirmed a data breach Wednesday after researchers reported that a hacker, “kzoldyck,” had posted access to sensitive customer information for sale on the dark web. The bank took some services offline to investigate, later acknowledging that portions of the exposed data were legitimate. The hacker claims to have stolen the personal and financial details of over 3 million customers, including names, birthdates, account IDs and plaintext credentials. Interbank is advising customers to monitor accounts as it addresses the breach.
How It Could Affect Your Customers’ Business: The finance and financial services sector has been at the top of cybercriminals’ hit lists.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents phishing from hooking unsuspecting employees. DOWNLOAD IT>>
France – Free
https://www.darkreading.com/cyberattacks-data-breaches/french-isp-cyberattack-data-breach
Exploit: Hacking
Industry: Technology
Free, France’s second-largest ISP, confirmed a major data breach after attackers exploited a management tool to exfiltrate user data. The company, with over 20 million customers, notified France’s cyber agency and assured that no passwords, payment info or communications were affected, and its services remained fully operational. On October 21, a threat actor on an underground forum claimed to have two databases from Free, with one allegedly containing information on 19.2 million Free Mobile and Freebox customers, dating the access to October 17.
How it Could Affect Your Customers’ Business: Infrastructure isn’t just power and water internet service providers are an important part of infrastructure.
Kaseya to the Rescue: Are you taking advantage of the amazing benefits you get when you combine RocketCyber Managed SOC and Datto EDR? This product brief outlines them all! DOWNLOAD IT>>
Germany – AEP
https://www.darkreading.com/cyberattacks-data-breaches/french-isp-cyberattack-data-breach
Exploit: Ransomware
Industry: Healthcare
German pharmaceutical wholesaler AEP has reported a targeted cyberattack detected on October 28. The company immediately shut down affected IT systems and external connections and is working with cybersecurity experts to resolve the issue. AEP, which supplies over 6,000 pharmacies in Germany, warned of potential disruptions, though the Bavarian Pharmacists Association assured that alternative wholesalers could cover the supply gap. The attack is under investigation by the Bavarian State Criminal Police.
How it Could Affect Your Customers’ Business: A successful cyberattack on a critical manufacturer can have an unfortunate ripple effect that leads to shortages and uncertainty.
Kaseya to the Rescue: Learn about five ways that businesses may be in danger of trouble from the dark web in an infographic that’s also perfect for sharing on social media! DOWNLOAD IT>>
Australia – Australian Nursing Home Foundation
Exploit: Hacking
Industry: Healthcare
The Australian Nursing Home Foundation, which provides community care and accommodation for elderly Chinese and Southeast Asian residents, has been listed on the Abyss ransomware gang’s dark web leak site. The group claims to have stolen 1.5 terabytes of uncompressed data, with plans to publish the information on November 5. Abyss is believed to have connections to the notorious HelloKitty ransomware gang, utilizing some of its source code for its malware.
How it Could Affect Your Customers’ Business: Even a non-profit or community service-focused organization can fall victim to cybercrime.
Kaseya to the Rescue: Run more effective security awareness and phishing resistance campaigns with this infographic featuring 10 expert tips to maximize your training programs. DOWNLOAD IT>>
Australia – LEE
Exploit: Hacking
Industry: Retail
LEE, an Australian organization selling garage lighting and equipment, was reportedly targeted by a threat actor named “joonas,” who claimed to be selling a database with 210,000 records stolen from LEE. Although details about the data or the breach are scarce, a sample shared with the listing indicates that the stolen information includes names, mobile numbers, email addresses and residential addresses.
How it Could Affect Your Customers’ Business: Any business of any size in any industry could fall victim to a cyberattack at any time.
Kaseya to the Rescue: A bewildering array of acronyms are used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Read this week’s feature story: How Are Businesses Preparing for Cyber Risk in 2025?
We asked our survey respondents about their future risks, the investments they plan on making and the top cybersecurity challenges they expect to encounter in 2025. Take a look at what they had to say and what IT professionals think is next in cybersecurity. READ MORE>>
Learn how to identify and mitigate malicious and accidental insider threats before there’s trouble! GET EBOOK>>
A dozen new phishing simulations are here
It’s always a great time for a round of phishing resistance training, and we’ve got some fresh new phishing simulation kits to fuel your efforts.
- DHL – Your package is on hold
- DHL – Your package was not delivered
- DHL – Verify your delivery address
- GitLab – New commits to merge request
- GitLab – Your pipeline has been fixed
- GitLab – Your pipeline has been failed
- CEO – Appreciation letter
- HR offer – $125 Amazon gift card
- Discord – Verify your purchase
- Discord – Verify your Discord account
- Discord – Mention in a server
- Find My iPhone – Find my iPhone disabled V2 (updated kit)
Learn more in the BullPhish ID Release Notes. LEARN MORE>>
Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>
The Business Case for Graphus: Your AI-Powered Anti-phishing Solution
Phishing protection is essential for safeguarding businesses against cyberthreats, but with tight budgets, is an anti-phishing solution feasible? This eBook explores the benefits of incorporating an AI-powered anti-phishing solution into your security strategy. Explore:
- The financial advantages of mitigating phishing risks.
- Real stories that illustrate the high costs of phishing-related attacks.
- Why an AI-driven anti-phishing solution is the best option for businesses.
Download your eBook now! DOWNLOAD IT>>
Did you miss…the Kaseya Cybersecurity Survey Report 2024? DOWNLOAD IT>>
See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>
Boost MSP Profitability With Kaseya 365 User
November 7 | 2:00 PM
Kaseya 365 User is an innovative subscription designed to prevent, respond to and recover from user-targeted threats in a single, cost-effective package. In this webinar, Corey O’Donnell, Kaseya’s Senior Vice President of Strategy and Marketing, will outline the components and benefits of this solution. Key highlights include:
- Unlocking new revenue opportunities with a low-cost subscription model.
- Streamlining user threat management through consistent and automated solutions, reducing operational complexities and costs.
- Providing robust protection against threats to user data and overall security.
November 12 – 14: Kaseya DattoCon Asia-Pacific (Sydney) REGISTER NOW>>
Read our case studies and see how MSPs and businesses have benefitted from using our solutions. READ NOW>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!