Week in Breach 03/12/20 – 03/18/20

This week, a ransomware attack impacts COVID-19 care, what happens when a company ignores basic security protocols, and mitigating cybersecurity risks during the Coronavirus pandemic.
week in breach cybersecurity

Dark Web ID Trends:


Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry:  Finance and Insurance
Top Employee Count: 1-10
United States – Whisper

Exploit: Unsecured database
Whisper: Privacy-focused messaging app

cybersecurity-warning-meterRisk to Small Business:  2.111 = Severe

Developers overlooked basic security protocols when they left a database containing customer information unprotected by even a password, and hackers pounced. As a result, 900 million files dating back to the company’s launch in 2012 were made available online. Although the company was quick to secure the database, its reactive efforts will do little to assuage the doubts and concerns of its privacy-minded customer base.

cybersecurity-warning-meterIndividual Risk: 2.571 = Moderate

Customers Impacted:  Unknown

What Can You Learn from Their Mistake?

Data breaches are fairly common in sites that are supposedly private, so it’s always wise to never assume that anything you post will remain private. Hackers delight in taking advantage of weaknesses in any app and by compiling data and using social profiling, consumers compromised data is all just a piece of the bigger picture the cybersecurity world.

How Can Spry Squared Help?

Spry Squared is an expert in cybersecurity and helping our SMB customers understand the importance of security. We offer a free intial Dark Web scan and you can see if your business credentials have been compromised. From Dark Web monitoring to ransomeware protection and training to a recovery plan, our cybersecurity package will help with all aspects of your comany’s cybersecurity. Learn more about  Spry Squared Cybersecurity here.

United States – Champaign-Urbana Public Health District

Exploit: Ransomware

Champaign-Urbana Public Health District: Healthcare service provider

cybersecurity-warning-meter

Risk to Small Business: 2.111 = Severe:

A ransomware attack disabled the healthcare provider’s website as concerns over Coronavirus are reaching a fever pitch. While the incident spared the provider’s email accounts, health records, and patient records, it limited the agency’s ability to communicate with patients. The Champaign-Urbana Public Health District has begun using its social media accounts to communicate with the public, and they’ve launched a backup website to replace the disabled page. This is an expensive and potentially harmful incident at a time when quickly communicating information can be a matter of life and death.

cybersecurity-warning-meterIndividual Risk:  2.714 = At this time, no personal information was compromised in the breach

Customers Impacted:  Unknown

What Can You Learn from Their Mistake?

The particular malware strain that infected the Champaign-Urbana Health District targets enterprises running Windows 10. It’s a reminder that ransomware is on the rise and companies can take simple steps to ensure that malware doesn’t enter their system through outdated software, phishing attacks, or other vulnerabilities

How Can Spry Squared Help?

We have tools that simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime.  Click this link to get started.

United Kingdom – Anteus Tecnologia

Exploit: Exposed database

Anteus Tecnologia: Developer and distributor of fingerprint identifcation systems

cybersecurity-warning-meter

Risk to Small Business:  1.888 = Severe

A cyberattack on February 20, 2020, compromised customers’ personal data and payment information but didn’t impact customer funds. The company admitted that the breach occurred because of a known vulnerability, raising questions about the priority of data security at the fintech startup. Now Loqbox is poised to experience significant customer blowback and regulatory scrutiny as it falls under the purview of Europe’s GDPR.

cybersecurity-warning-meterIndividual Risk:  2.142 = Severe

In addition to precise fingerprint data, the database also contained the email addresses and phone numbers of employees who store their information with the company. Those impacted by the breach should take every precaution to secure their data and beware of potential instances of fraud resulting from this compromised information.

Customers Impacted:  76,000

What Can You Learn from Their Mistake?

Today’s regulatory landscape promises steep penalties for companies that fail to protect customer information. In this environment careless errors, like failing to password protect a database, are especially egregious to regulators and customers – and all companies need to ensure that data security is a day-one, top-down priority.

How Can Spry Squared Help?

Spry Squared has tools that can automate regulatory compliance in maintaining required data privacy standards, eliminating guesswork, and ensuring efficiency at every stage.  Learn more now.

In Other News:

Hackers Collect Millions from Stolen Payment Card Records 

In an increasingly digital-first world, payment card skimming malware has been a growing threat to both customers and retailers – and a profitable business for the bad guys. Unfortunately, that trend is unlikely to abate anytime soon. According to cybersecurity researchers, hackers recently hauled in $1.6 million from selling 239,000 stolen payment cards on the Dark Web.

The card information was stolen throughout 2019 from as thousands of retailers fell victim to malware. In this web-skimming incident, attackers used malicious JavaScript to steal payment data at checkout from stores hosted on the Volusion cloud platform. Unfortunately, the high yield is likely to incentivize other cybercriminals to pursue payment card skimming, creating a serious liability for companies and customers processing payments online.

Customers routinely demonstrate an unwillingness to shop at online retailers after a data breach. Making cybersecurity at the point of sale a top priority could be the difference between a flourishing online store and a floundering operation. Any business planning to implement online sales needs to have a strong cybersecurity strategy that works mitigate some of the risk of this means of attack including regular malware assessments and Dark Web monitoring.

Not sure how safe your data is OR is your company data already on the Dark Web?

Contact the cybersecurity experts at Spry Squared for your complimentary Dark Web scan.

Thanks to our cybersecurity partner ID agent for this Week in Breach report!