Welcome to the Business Email Compromise special edition! This week, take a look at some recent BEC attacks and learn more about how to protect your clients from phishing-related disasters like BEC.
Klaviyo
Exploit: BEC
Klaviyo: Email Marketing Firm
Risk to Business: 1.706 = Severe
In an interesting twist on the usual data breach incident, email marketing firm Klaviyo suffered a concentrated and specific data breach on August 3, 2022. After gaining access to an employee’s account thanks to a successful phishing attack, bad actors then downloaded marketing lists used by cryptocurrency-related clients for outreach efforts and for Klaviyo product and marketing updates.
The threat actor used the internal customer support tools to search for primarily crypto-related accounts and viewed list and segment information for 44 Klaviyo accounts, downloading data from at least 38 accounts.
Stolen data includes customers’ names, addresses, email addresses, account profile information and phone numbers. The hackers also downloaded two internal lists used by Klaviyo for product and marketing updates that contain names, addresses, email addresses, and phone numbers.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Business: Phishing is the most likely way for any organization to open the door to a data breach.
Atrium Health
Exploit: BEC
Atrium Health: Medical System
Risk to Business: 1.907 = Severe
North Carolina-based Atrium Health has announced a data breach impacting 7,000 patients. The healthcare provider says that an employee at Atrium Health at Home fell victim to a phishing attack, resulting in bad actors accessing that employee’s email and messaging account in April 2021. Atrium is mailing letters to the affected patients and hasn’t determined whether the unauthorized user accessed the protected health information in the accounts.
North Carolina-based Atrium Health has announced a data breach impacting 7,000 patients. The healthcare provider says that an employee at Atrium Health at Home fell victim to a phishing attack, resulting in bad actors accessing that employee’s email and messaging account in April 2021. Atrium is mailing letters to the affected patients and hasn’t determined whether the unauthorized user accessed the protected health information in the accounts.
How It Could Affect Your Business: Healthcare data is always a desirable commodity for bad actors and letting them get their hands on it is always an expensive mistake for healthcare providers.
Spirit Super
Exploit: BEC
Spirit Super: Financial Services
Risk to Business: 1.836 = Severe
Spirit Super has announced that a cyberattack caused by an employee falling for a phishing message is the cause of a cyberattack that has led to data exposure for an estimated approximately 50,000 member records from 2019/2020. The company said that the incident was quickly mitigated, and the damage contained, with new security measures added.
Spirit Super says that the information potentially exposed includes client names, addresses, ages, email addresses, telephone numbers, member account numbers and member balances. The company was quick to assure members that the exposed data doesn’t include dates of birth, government identification numbers or any bank details.
How It Could Affect Your Business: Phishing is the first step in more than 90% of data breaches, making stopping it a top security priority.
Chester Upland School District
Exploit: BEC
Chester Upland School District: Regional Education Authority
Risk to Business: 1.337 = Severe
A recent business email compromise attack on a Pennsylvania school district resulted in bad actors making off with more than $13 million. Authorities say hackers used a stolen district employee email account to snatch the money by sending official-looking messages from that account and then diverting payments to themselves. After diverting the payments, the cybercriminals then used a romance scam conducted through the dating site eHarmony to entice a Florida woman to launder the money unwittingly. The scheme came to light after the Pennsylvania Department of the Treasury flagged a large transfer, unraveling the whole mess. $10 million of the money has since been recovered.
How it Could Affect Your Business: Business email compromise is hard to detect but causes the most financial damage. This school district got lucky recovering money.
AllOne Health Resources, INC.
Exploit: BEC
AllOne Health Resources: Insurance Company
Risk to Business: 1.809 = Severe
AllOne Health Resources, Inc. Has experienced a data breach as the result of a business email compromise attack. The company says that an unauthorized party gained access to sensitive consumer data contained on its network after landing the BEC attack. According to AllOne Health, the company discovered the breach after it realized that the company’s finance department had sent several wire transfers to a fraudulently created bank account. That prompted an investigation that revealed that bad actors had gained access to an employee’s email account and snatched sensitive data.
Exposed information includes the names, addresses, dates of birth, driver’s license numbers, Social Security numbers and health information of 13,669 individuals.
How it Could Affect Your Business: A data security disaster in the healthcare sector is extra expensive and damaging after regulators weigh in.
City of Portland, OR
Exploit: BEC
City of Portland, OR: Municipal Government
Risk to Business: 1.723 = Severe
Bad actors struck the city of Portland, Oregon in an audacious business email compromise attack that resulted in a $1.4 million fraudulent transaction with city funds in April. City officials say that cybercriminals obtained the money after gaining access to a city email account illegally. The compromise was detected in May when the same account attempted another transfer of funds. The incident is under investigation by the FBI, U.S. Secret Service and the Portland Police Bureau.
How it Could Affect Your Business: Governments have been popular targets for cybercriminals even when they’re not nation-state aligned.
Christie Clinic
Exploit: BEC
Christie Clinic: Healthcare Provider
Risk to Business: 1.801 = Severe
Illinois medical services provider Christie Clinic has informed an estimated 500,000 individuals that their personal information was potentially compromised in a data breach that occurred last year. In the incident, a bad actor gained unauthorized access to one of the practice’s email accounts in a suspected business email compromise operation with the intent of interrupting financial communications between July 14 and August 19, 2021. The practice assured patients that the bad actor did not compromise other systems, electronic medical records, or the firm’s patient portal.
Christie Clinic is unsure of the scope of the breach but says that the bad actor may have gained access to patient names, addresses, medical and health insurance information and Social Security numbers through the compromised account.
How it Could Affect Your Business: Business email compromise is the most expensive cyberattack businesses face and in this case, that price will come with regulatory trouble.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident