Week in Breach 02/19/20 – 02/25/20

This week in data breaches:  small businesses fail to prevent phishing attacks, government admin compromises data, and a new study reveals the prominent role of human error in data breaches.
Spry Squared Cybersecurity Week in Breach

Dark Web ID Trends:


Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry:  Financial, medical, government
Top Employee Count: 251-500
United States – Idaho Central Credit Union

Exploit: Unauthorized data access
Idaho Central Credit Union:  Financial Institution

cybersecurity-warning-meterRisk to Small Business:  1.555 = Severe

The Idaho Central Credit Union has reported two data breaches that compromised personally identifiable customer information. The first incident occurred in November 2019 when a third-party mortgage portal was victimized by hackers. While investigating the first breach, cybersecurity experts identified a second incident stemming from several compromised employee email accounts. In today’s digital economy, a company’s competitive advantage is predicated on its ability to protect customer data. Two consecutive data breaches will have far-reaching repercussions for the credit union.

cybersecurity-warning-meterIndividual Risk:  2.142= Severe

In both incidents, the personally identifiable information of the bank’s customers was compromised. This included names, dates of birth, Social Security numbers, financial account information, tax identification numbers, and other sensitive financial details. Cybercriminals can redeploy this information in a host of harmful ways. Those impacted by the breach should enroll in identity and credit monitoring services as soon as possible.

Customers Impacted:  Unknown

What Can You Learn from Their Mistake?

Email accounts are serious vulnerabilities for every company, as there are many ways that cybercriminals can exploit social engineering and malware to find their way in. However, every company can lock down their email accounts by implementing two-factor authentication to prevent unauthorized access, even if login credentials are compromised.

How Can Spry Squared Help?

Spry Squared can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data.  Learn more here about Spry Squared Cybersecurity

United States – Monroe County Hospitals and Clinics

Exploit:  Phishing scam

Monroe County Hospital & ClinicsPublic medical practice

cybersecurity-warning-meterRisk to Small Business: 1.666 = Severe

Hackers gained access to the clinic’s email system, which contained patients’ protected health information. The breach, which was discovered in December 2019, spanned several months and gave bad actors plenty of time to misuse patient data. Now Monroe County Hospital and Clinics faces intense regulatory scrutiny due to the sensitive nature of the breach, and their reputation has been badly damaged in an industry that is especially sensitive to privacy concerns. In addition to other recovery expenses, they will bear the cost burden of providing credit and identity monitoring services for the thousands of patients impacted by the breach.

cybersecurity-warning-meterIndividual Risk:  2.428 = Severe

Personal data was compromised in the breach. This includes names, dates of birth, addresses, insurance information, and treatment information. In some cases, patients’ Social Security numbers were also exposed. Those impacted by the breach are encouraged to enroll in the credit monitoring service provided by the company and monitor their accounts and digital communications for potential instances of fraud.

Customers Impacted:  7,500

What Can You Learn from Their Mistake?

Despite incredible advancements in fraud detection technology, phishing scams will inevitably make their way into employees’ inboxes. When employees engage with malicious content, it can have enormous consequences for your organization. Nobody wants to endure the rising costs associated with a data breach, and comprehensive employee awareness training can ensure that those phishing scams don’t impact your bottom line.

How Can Spry Squared Help?

Designed to protect against human error, Spry Squared has tools that simulate phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Click this link to get started.

Canada – Public Services and Procurement Canada

Exploit:  Accidental data sharing
Public Services & Procurement Canada:  Government department for administration

cybersecurity-warning-meterRisk to Small Business:  1.666 = Severe

An administrative oversight compromised the personal information of thousands of Canadians. Unfortunately, the victims are public servants already impacted by the Phoenix pay systems problem, which resulted in employees being overpaid or receiving little income for months. As part of the department’s efforts to fix this mistake, employee information was inadvertently emailed to the wrong recipients.

cybersecurity-warning-meterIndividual Risk:  2.142 = Severe

The email contained employees’ personally identifiable information, including their names, addresses, personal record identifiers, and overpayment amounts. This information could make victims especially susceptible to phishing scams that could extract even more damaging information. Those impacted by the breach should carefully evaluate online communications to ensure their veracity, while also monitoring their other accounts for unusual or suspicious activity.

Customers Impacted:  69,000

What Can You Learn from Their Mistake?

An external data breach is a priority risk for any company handling sensitive data – making a preventable internal data breach especially egregious. Employee errors are bound to happen but those errors can have far-reaching negative consequences for any business. In this case, one missent email led to financial, reputational, and practical damage.

How Can Spry Squared Help?

We go into the Dark Web to keep you out of it. Dark Web IDTM monitors the Dark Web to find out if your employee or customer data has been compromised. We work with businesses to strengthen their security by identifing, analyzing and proactively monitoring for an organization’s compromised or stolen employee and customer data.  Schedule a demo today.

In Other News:

Human Error is a Top Cause of Data Breaches 

Companies face cybersecurity threats on many fronts every day, but human error may be the most pervasive – and the most preventable. A 2019 study analyzing data from the UK’s Information Commissioner’s Office found that human error played a role in 90% of data breaches last year. This represents a significant increase from just two years ago, when only 61% of breaches were attributed to human error.

The study concluded that phishing scams were the primary cause of breaches with unauthorized access to systems ranking a close second. However, the study’s authors were also quick to point out that while employees represent a noteworthy data privacy risk, they can also serve as a critical defense against cybercriminals. When equipped with the right tools, like phishing scam awareness training, employees can be transformed from a potential weak point into a crucial asset in the fight against cybercriminals and fraud.

Not sure how safe your data is OR is your company data already on the Dark Web?

Contact the cybersecurity experts at Spry Squared for your complimentary Dark Web scan.

Thanks to our cybersecurity partner ID agent for this Week in Breach report!