The Week in Breach News: 17/11/21 – 23/11/21

Post author By MSnet
Post date 6 December 2021
No Comments on The Week in Breach News: 17/11/21 – 23/11/21

GoDaddy is back in the hot seat after another massive breach exposes data for more than 1 million users, an insider incident in Ohio raises election security concerns & a data breach at Australia’s copyright authority.

GoDaddy

Exploit: Credential Compromise

GoDaddy: Web Hosting Provider

Risk to Business: 1.527= Severe

GoDaddy has reported a data breach that may impact more than 1 million customers who use the service for WordPress hosting. The company detailed the incident in an SEC filing, declaring that it had detected unauthorized access to its systems where it hosts and manages its customers’ WordPress servers when someone used a compromised password for access around September 6. GoDaddy said it discovered the breach last week on November 17. The company warned that active customers had their sFTP credentials (for file transfers), and the usernames and passwords for their WordPress databases, which store all the user’s content, exposed in the breach. In some cases, the customer’s SSL (HTTPS) private key was exposed, which if abused could allow an attacker to impersonate a customer’s website or services. 1.2 million active and inactive managed WordPress users had their email addresses and customer numbers exposed in this incident.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: 1.2 million

California Pizza Kitchen

Exploit: Hacking

California Pizza Kitchen: Fast Casual Restaurant Chain

Risk to Business: 2.212=Severe

US casual dining chain California Pizza Kitchen has had a data security breach that impacts current and past employees. In a statement, the company disclosed that its systems were infiltrated by an unauthorized user on September 15. Those cybercriminals gained access to an undisclosed amount of data including employee records that contained at least employee names and SSNs.

Individual Risk: 1.907=Severe

In a filing with the Maine attorney general’s office, the company reported that 103,767 current and former employees had their names and Social Security numbers exposed.

Customers Impacted: 103,767

Lake County Board of Commissioners

Exploit: Insider Incident

Lake County Board of Commissioners: Election Regulator

Risk to Business: 1.502=Severe

The Washington Post is reporting that a data security incident occurred at the Lake County, Ohio Board of Elections. The attempted breach occurred on May 4 inside the county office of John Hamercheck (R), president of the Lake County Board of Commissioners. In this incident, a private laptop was plugged into the county network in Hamercheck’s office, capturing routine network traffic. That information was then distributed at an August “cyber symposium” on election fraud hosted by MyPillow executive Mike Lindell. Officials say that no sensitive data was obtained. This is substantially similar to an incident in Colorado earlier this year. Data from the Colorado incident was circulated at the same event. The FBI is investigating the incident.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

Cyprus – StripChat

Exploit: Misconfiguration

StripChat: Adult Content Platform

Risk to Business: 1.615= Severe

StripChat, one of the world’s top 5 adult cam sites, has suffered a data breach that exposed more than its usual fare, including the personal data of millions of users and adult models. In a blunder discovered by security researchers, StripChat failed to properly configure an ElasticSearch database cluster, leaving data exposed for at least 3 days.

Individual Risk 1.802= Severe

Researchers listed the exposed data pertaining to 65 million users registered on the site including their username, email, IP address, ISP details, tip balance, account creation date, last login date and account status. Data for 421,000 models broadcasting on the site was also exposed including username, gender, studio ID, live status, tip menus/prices and strip scores. Other transaction data was also exposed.

Customers Impacted: Unknown

Denmark – Vestas

Exploit: Ransomware

Vestas: Wind Turbine Manufacturer

Risk to Business: 1.512= Severe

The world’s largest supplier of wind turbines Vestas has announced that it has experienced a suspected ransomware incident. The company says that its initial investigation has determined that data has been compromised, although no specifics about that data were given. The company says that the incident forced the shutdown of IT systems and has damaged parts of Vestas’ internal IT infrastructure. Recovery has begun, and the company has stressed that the impact on its manufacturing, construction and service arms has been minimal.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

Australia – Copyright Agency

Exploit: Hacking

Risk to Business: 1.595 = Extreme

Australia’s Copyright Agency has suffered a data breach The agency which distributes royalties to authors, photographers and other creators for the reuse of their text and images, notified members of the incident last Friday. No information is yet available about what data may have been impacted, but there’s a possibility that extensive personal and financial data may have been exposed for the 37,000 creators that it services.

Customers Impacted: 37,000

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Cyber Security Education

Improve your Business IT Security

Post author By MSnet
Post date 19 November 2021
No Comments on Improve your Business IT Security

3 Ways to Improve business IT Security

Computers, devices and the internet are woven into the fabric of our daily lives, making it easy for us to forget that online interactions and email messages aren’t always benign.

The unfortunate results of a barrage of cyberattacks in the past year alone has clearly demonstrated that cybercriminals are putting in work to expand their operations. In fact, recent cyberattacks have illustrated just how many aspects of our daily lives are impacted by cybersecurity from shopping to seeing the doctor.

Protecting your business from cyberattacks may seem like a daunting prospect – in an IBM blog post, 25% of SME business owners said that they didn’t even know where to start with cybersecurity. However, no one has extra budget these days – a third of those SME IT decision-makers pointed to a lack of budget or resources as their biggest blocker to cybersecurity success. But businesses don’t have to blow their budgets to make security improvements.

These three tips can help every business be Cybersmart and stand tall in the face of surging cybercrime for less.

1. Build Better Passwords

The first action that businesses can take doesn’t cost a penny: improve password security.

Cybercriminals know that the easiest, fastest way for them to gain entry to your systems and data is with a legitimate password and they’re doing everything possible to snag one – the more privileged that password is, the better. That’s why it’s paramount that you establish and enforce strict rules about generating passwords in your business. The Verizon/Ponemon Institute Data Breach Investigations Report 2021 revealed that bad, cracked, stolen and recycled passwords were the biggest data breach menace that businesses of every size face. More than 60% of the businesses that they analysed had suffered a cyberattack that began with a compromised credential and ended in a data breach.

3 Fast Facts About Password Danger

Credentials were the top type of information stolen in data breaches worldwide in 2020.

About 60% of passwords that appeared in more than one breach in 2020 were recycled or reused.

An estimated 65% of employees use the same password across multiple work and home applications.

It’s not hard for cybercriminals to find a company’s legitimate passwords through password cracking software or even just outright guessing. How does that work? People love to talk about themselves and their interests online. Does your LinkedIn profile talk about how devoted you are to your favourite football team? Is your Facebook full of Baby Yoda memes? Do you share makeup tips from Instagram influencers every day? All of these things give cybercriminals clues that help them figure out your password.

Simple, common, recycled passwords make a cybercriminal’s job easy if they’re using password cracking or credential stuffing too. Why? Based on an analysis of the data that was collected in 2020, an overwhelming majority of passwords fit into one of 20 common categories. That fact allows cybercriminals to use huge lists of passwords stolen in earlier breaches to conduct future cybercrime operations.

Almost 60% of employees use a person’s name or family birthday in their passwords, 33% include a pet’s name and 22% use their own name. On top of that, 49% of users will only change one letter or digit in one of their preferred passwords when required to make a new password. Don’t make it that easy for the bad guys.

Password Dos & Don’ts

Don’t reuse or recycle a password anywhere for any reason.

Do build strong unique passwords for every online account

Don’t make passwords that fall into a common category

Do make sure your password isn’t easy to guess

Do consider using a password manager to maintain your list if unique passwords

2. Include everybody on the Security Team

Cybersecurity isn’t just a job for the IT department, but that can be hard for employees to recognise, especially if they don’t consider themselves “tech people”. Unfortunately, that perception often leads to employees not engaging with security awareness training and not carrying the good cybersecurity practices that they learn over into their everyday actions. That expectation may also be at work on the executive end of the equation too. By not running regular training sessions or only giving a few employees training against certain threats, companies fail to utilise all of their human resources to keep an eye out for trouble. Internal blockers can also discourage employees from taking an interest in cybersecurity, a tragedy in a time when businesses need all the help that they can get. Eliminating those blockers will create a stronger security culture, making your business more cyber resilient.

3 Facts About Employee Security Attitudes

Just under 30% of employees fail to report cybersecurity mistakes out of fear.

A full 50% of employees don’t report clicking on a phishing email to avoid disciplinary action.

An estimated 60% of employees open suspicious emails for fear of misidentifying a message.

No employee should be afraid to ask for help around security issues. When employees fear losing their jobs because of a security mishap, small problems don’t get reported, giving them time to grow into giant disasters. Improved security awareness can also quickly reduce a company’s risk of malicious insider incidents. In a business with a healthy cybersecurity culture, employees feel confident that they can ask for help freely whether they just have a question, they made a mistake, they are unsure about something or think that they have spotted a phishing attempt, and that brings benefits that can’t be measured.

Security Culture Dos and Don’ts

Don’t threaten employees with termination if they make a security mistake

Do make it easy for employees to ask questions or get help around security

Don’t just make cybersecurity the IT department’s job

Do make every employee feel that they are invested in company security

Don’t fail to set policies that encourage smart security behavior

Don’t have one set of policies for employees and another for executives

3. Empower Employees with the Right Training and Tools

If you want your employees to protect your business from cyberattacks, they’re going to need a quality toolkit and the training to notice potential trouble spots. The power of security awareness training is immense, and it starts right away.

In a UK study on the effectiveness of phishing simulations, researchers discovered that 40 – 60% of the surveyed employees were likely to open a phishing message at the beginning of the study. However, after about 6 months of training, the percentage of employees who took the bait dropped 20% to 25%. Even better, after 3 to 6 months more training, only 10% to 18% were likely to open a phishing message, a steep decline.

Regular security awareness training clearly works. Having the right tools available is also essential. If you’re relying on old, clunky, hard-to-use tools for your day-to-day operations, you’re not only opening your business up to security risks from potential cyberattacks, you’re also making it hard for your employees to follow safe behaviours or take security seriously – and that can mean the difference between a crisis averted and a disaster landing on your doorstep.

3 Facts About Security Tools

One tool, multifactor authentication, stops 99% of password-based cybercrime

Automated email security catches 40% more phishing messages than conventional security or a SEG

Security awareness training reduces the chance of a damaging security incident by up to 70%

It’s not necessary for businesses to splash out cash on dozens of fancy security tools. Having too many security tools is just as bad as having too few. But it is essential that you provide the right tools and training to build a foundation for cybersecurity success. However, a stunning one in three small businesses with 50 or fewer employees relies solely on free or consumer-grade cybersecurity tools for protection. Even worse, an astonishing 60% of business leaders revealed that their companies didn’t have a cyberattack prevention plan in place at all and had no foundation for incident response. Give your employees the tools, training and support that they need to succeed and they will help keep your business safe in a stormy cybersecurity landscape.

Training and Tools Dos and Don’ts

Don’t use security awareness training as a punishment

Do run security awareness training at least 11 times per year

Don’t make employees afraid to lose their jobs if they report issues

Do make sure that everyone from the Directors to the apprentices receives regular training

Don’t rely on a patchwork of old tools that make maintaining security more challenging

Do make it easy for employees to get help when they have a security issue

Protect your Business from Cybercrime

MSnet was founded with a passion to assist businesses from the threat of Cybercrime.

Our Mission is to empower businesses with the knowledge, Training and Services required in safeguarding them from Cybercriminal activity.

If you would like more information please reach out our team on 01489 539700 or use the Contact US button below

Cyber Security Education

Gone Phishing?

Gone Phishing

Phishing is the most common cybercrime and the most dangerous for your business. Some of today’s most devastating cyberattacks, including incidents like the Colonial Pipeline ransomware disaster in May 2021, started with a phishing email.

Employees may encounter phishing attempts daily if action isn’t taken to keep phishing messages out of your business.

An estimated 6 billion phishing emails were sent to businesses daily in 2020!

What is a Phishing Attack?

Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information or to deploy malicious software.

Phishing is the type of cyberattack employees see the most, the reason cybercriminals favour phishing is because it has a low barrier to entry, it’s cheap and it’s effective. Phishing is an easy way for Cybercriminals to obtain passwords, user data and other credentials, enabling them to undertake other cybercrime operations like business email compromise or deploy ransomware.

An estimated 75% of organizations in the United States were hit by a phishing attack that resulted in a data breach in 2020.

How to spot a phishing attack?

Phishing can be tricky to spot, but these red flags should always give you pause as they’re common indicators that an e-mail is actually a phishing attempt.

Subject Line

Is the subject line accurate? Subject lines that feature oddities like “Warning”, “Your funds have” or “Message is for a trusted” should set off alarm bells. If the subject or pre-header of the email contains spelling mistakes, usage errors, unexpected elements like emojis or other things that make it stand out from emails you regularly receive from the sender, it’s probably phishing.

Greeting

If the greeting seems strange, be suspicious. Are the grammar, punctuation and spelling correct? Is the greeting in a different style than you usually see from this sender? Is it generic when it is usually personalised, or vice versa? Anomalies in the greeting are red flags that a message may not be legitimate.

Domain

Check the sender’s domain by looking at the email address of the sender. A message from a major corporation is going to come from that company’s usual, official domain.

For example, If the message says it is from Sender@microsoftsecurity.com instead of Sender@microsoft.com, you should be wary.

Word Choices, Spelling & Grammar

This is a hallmark test for a phishing message and the easiest way to uncover an attack. If the message contains a bunch of spelling and usage errors, it’s definitely suspicious. Check for grammatical errors, data that doesn’t make sense, strange word choices and problems with capitalisation or punctuation. We all make the occasional spelling error, but a message riddled with them is probably phishing.

Style

Does this look like other messages you’ve received from this sender? Fraudulent messages may have small variations in style from the purported sender’s usual email style. Beware of unusual fonts, colors that are just a little off, logos that are odd or formats that aren’t quite right.

Links

Using malicious links to capture credentials or send victims to a web page that can be used to steal their personally identifiable information (PII) or financial information is a classic phishing scam. Hovering your mouse or finger over a link will usually enable you to see the path. If the link doesn’t look like it is going to a legitimate page, don’t click on it. If you have interacted with it, definitely don’t provide any information on the page that you’re directed to because it’s almost certainly phishing.

Attachments

Never open or download an unexpected attachment, even if it looks like a normal Microsoft 365 (formerly Office) file. Almost 50% of malicious email attachments that were sent out in 2020 were Microsoft Office files. The most popular formats are the ones that employees regularly exchange every day — Word, PowerPoint and Excel — accounted for 38% of phishing attacks. Archived files, such as .zip and .jar, account for about 37% of malicious transmissions.

Origin

Is this someone or a company that you’ve dealt with before? Does the message claim to be from an important executive, politician or celebrity? A bank manager or tax agent you’ve never heard of? Be cautious about interacting with messages that seem too good to be true. Messages from government agencies should also be handled with care. Phishing practitioners love using fake government messages.

How Can I Protect My Business from Phishing Attacks

Cybersecurity requires a multi-layered approach to fully protect your business.

Protecting your employees from phishing equally requires a number of different layers of protection.

The first should be training! Security Awareness training, prepares employees to recognise the threat of cybercrime and how to avoid the dangers.
The second is simulated Phishing E-mails. Test phishing E-mails are sent to employees to allow them to review and fine tune their new knowledge.
Lastly an integrated threat protection service to filter and remove dangerous E-mails and files from reaching employees in the first place.

MSnet was founded with a passion to assist businesses from the threat of Cybercrime.

Our Mission is to empower businesses with the knowledge, Training and Services required in safeguarding them from Cybercriminal activity.

If you would like more information please reach out our team on 01489 539700 or use the Contact US button below

Cyber Security Education

SME Data Breaches

SME Data Breaches in 2021

A data breach is a nightmare for any company, and it’s one that more businesses in more industries are having to face today. About 85% of IT professionals foresee a data breach at their business in the next 12 months.

Cybercriminals are hungry for data that they can sell in the booming dark web data markets for a hefty profit, spawning an unprecedented increase in data-focused cybercrime that’s rocking businesses of every size and it isn’t going to stop anytime soon!

Top 10 SME Data Breach Statistics from 2021

The number of recorded data breaches in 2021 has exceeded the total number of events 2020 by 17%, with 1,291 breaches in 2021 compared to 1,108 breaches in 2020
More than 60% of breaches result from misused, stolen or purchased credentials
An estimated 85% of data breaches involve a human element.
Phishing is the top threat action that results in a breach
The number of breaches that involve ransomware has doubled
34% of data breaches involve internal actors
Over 80% of breaches are discovered by external parties.
An estimated 36% of businesses worldwide had a cloud data breach in the past 12 months
74% of businesses in the United States have fallen victim to a successful phishing attack that resulted in a data breach in the last 12 months
The US is the leader in phishing-related data breaches for 2021 so far, with rates 30% higher than the global average, and 14% higher than the same period in 2020.

The Cost of a Data Breach

In this year’s IBM Cost of a Data Breach Report, researchers determined that the average cost of a breach in 2021 is estimated at £3.1 million per incident, the highest ever recorded in the 17 years of the study.

The cost of a data breach can change significantly depending upon the initial attack vectors including the top three most common: compromised credentials (20% of breaches), phishing (17%) and cloud misconfigurations (15%).

The cost of a breach can be impacted by the type of data stolen or leaked, like customer personally identifiable information (Pii) – the most frequently breached and the most expensive at £125 per record.

The top country in the world for data breach costs in 2021 (so far) is the US with an average cost of $9.05 million.

Thanks to the hot market for COVID-19 data in 2020, medical data is in second place as the most desirable data to snatch, and healthcare at £6.8 million is the industry with the most expensive data breach costs.

Businesses that operate with 50% remote workers took an average of 316 days to identify and contain a data breach compared to the overall average of 287 days.

Companies supporting a remote or hybrid workforce experienced an increase of up to £750,000 more when a data breach occurred, with the highest rates of £3.5 million in comparison to £2.8 million.

Cloud Data Breaches

“The State of Cloud Security 2021” Verizon report asked IT professionals about the circumstances that influence a company’s chance of a possible cloud data breach and these were the factors that they pointed to:

32% say too many APIs and interfaces to govern

31% cite lack of adequate controls and database oversight

27% point to lack of policy awareness around data security

23% blamed old-fashioned negligence

21% said they are not checking Infrastructure as Code (IaC) prior to deployment

20% admitted outright that human factors were at fault

Booming Dark Web Data Markets Drive Data Theft

Most Prevalent Types of Data Stolen in Breaches:

Credentials: 60%

Personally Identifying Data (PII): 40%

Medical Data: 10%

Bank Data: 10%

Internal Data: 10%

Payment Data: 10%

Is Your Business Protecting Its Valuable Data?

Cybersecurity requires a multi-layered approach to fully protect your business.

Protecting your business Data is a critical priority for any business, not only form a regulatory stance (I.E GDPR, PCI-DSS etc) but also in protecting your customers and employees.

MSnet was founded with a passion to assist businesses from the threat of Cybercrime.

Our Mission is to empower businesses with the knowledge, Training and Services required in safeguarding them from Cybercriminal activity.

If you would like more information please reach out our team on 01489 539700 or use the Contact US button below

Cyber Security Education

Password Danger

Password Danger is Escalating

The struggle to get users to make good, strong, unique passwords and actually keep them secret is real!

It can be hard to demonstrate to users just how dangerous their bad password decisions can be to the entire business, even though an estimated 60% of data breaches involved the improper use of credentials in 2020.

There’s no rhyme or reason to why employees create and handle passwords unsafely. Employees at every level are unfortunately drawn to making bad passwords and playing fast and loose with them – and that predilection doesn’t look like it’s going away anytime soon.

Managing Too Many Passwords ?

The average adult has an estimated 100 passwords floating around that they’re using. That’s a bewildering tangle of passwords to manage. About 300 billion passwords are currently in use by humans and machines worldwide. The global pandemic helped put even more passwords into circulation as people on stay-at-home orders created an abundance of new online accounts. According to the conclusions of a global study conducted by Morning Consult for IBM, people worldwide created an average of 15 new online accounts per person during the main thrust of the pandemic.

Many of those logins were compromised from the start thanks to abundant dark web data. An estimated 15 billion unique logins are circulating on the dark web right now. In 2020 alone, businesses had to contend with a 429% increase in the number of business login details with plaintext passwords exposed on the dark web. That dramatic increase in risk per user comes back to haunt a business.

The average business is now likely to have about 17 sets of login details available on the dark web for cybercriminals to enjoy and that number is only going to continue to grow thanks to events like this year’s giant influx of fresh passwords from the RockYou 2021 leak!

Bad Passwords

Research by the UK’s National Cyber Security Centre (NCSC) shows that employees will choose memorability over security when making a password. Their analysts found that 15% of people have used their pet’s name as their password at some point, 14% have used the name of a family member, 13% have used a significant date, such as a birthday or anniversary and another 6% have used information about their favourite sports team as their password.

That makes cybercriminals’ jobs easy even if they’re trying to directly crack a single password. After all, those users have probably told them everything that they’d need to know to do the job in their social media profiles.

Password Sharing Is Rampant

Worse yet, employees are sharing their passwords with other people at an alarming rate, even if the people they’re sharing a password with don’t work at the same company. Over 30% of respondents in a Microsoft study admitted that their business had experienced a cybersecurity incident as a result of compromised user credentials that had been shared with people externally.

43% of survey respondents have shared their password with someone in their home
22% of employees surveyed have shared their email password for a streaming site
17% of employees surveyed have shared their email password for a social media platform
17% of employees surveyed have shared their email password for an online shopping account

Top Password fails

Analysis of the top 250 passwords found on the dark web, found the top categories for the weakest passwords in 2020 were:

Weakest Password Categories in 2020

Family Names (I.E Maggie)
Sports Teams (I.E Arsenal)
Favourite Food (I.E Cookie)
Place Names (I.E. London)
Names of Pets (I.E. Rocky)
Famous People/Characters (I.E Tigger)

Top 20 Most Common Passwords found on The Dark Web in 2020

123456
password
12345678
12341234
1asdasdasdasd
Qwerty123
Password1
123456789
Qwerty1
:12345678secret
Abc123
111111
stratfor
lemonfish
sunshine
123123123
1234567890
Password123
123123
1234567

Stolen Passwords on the Dark Web

Credentials were the top type of information stolen in data breaches worldwide in 2020, (personal information took second place just over financial data in third), and Cybercriminals didn’t hesitate to grab batches of credentials from all over the world. Cybercriminals snatched them up in about 70% of EMEA breaches, 90% of APAC region breaches and 60% of North American breaches. Researchers disclosed that the average company experiences 5.3 credential compromises that originate from a common source like phishing every year, a number that should give every business owner chills.

An abundance of records on the dark web has spawned an abundance of passwords for cybercriminals to harvest, and that’s bad news. Giant password dumps on the dark web like the 100GB text file dubbed RockYou2021 have ratcheted up risk too. That giant dump of of data is estimated to contain 8.4 billion passwords. Cybercriminals make use of that bounty quickly and effectively.

In the aftermath of an enormous 2020 hack, ShinyHunters breached the security of ten companies in the Asian region and brought more than 73 million user records to market on the dark web. A group like ShinyHunters will of course try to profit by selling that stolen data at first, but when the data has aged or there are no interested buyers, cybercriminals will just offload it in the vast data dumps of the dark web making it available for anyone to sift through.

Protect your Business from Password Danger

Password shenanigans can put any business at risk of a devastating and expensive cyberattack, but protecting your business from password-related danger isn’t hard to do or expensive.

Protecting your business from password dangers requires a multi-layered approach, incorporating both training and technology.

Training will educate your employees into the dangers of Cybercrime and what they can do to recognise the threat and how to avoid the dangers.

Technology and policy ensures a correct framework is in place to remove the complications around employee passwords, ensuring a robust and centralised credential management system is in place to protect your business.

MSnet was founded with a passion to assist businesses from the threat of Cybercrime.

Our Mission is to empower businesses with the knowledge, Training and Services required in safeguarding them from Cybercriminal activity.

If you would like more information please reach out our team on 01489 539700 or use the Contact US button below

The Week in Breach

The Week in Breach News: 10/11/21 – 16/11/21

Post author By MSnet
Post date 18 November 2021
No Comments on The Week in Breach News: 10/11/21 – 16/11/21

Hackers manage a shocking breach that leads to ATO at the FBI, beer production goes flat after a cyberattack at S.A. Damm, Robinhood takes a beating and welcome good news about business security spending increases.

Federal Bureau of Investigation (FBI)

Exploit: Account Takeover

Federal Bureau of Investigation (FBI): Federal Government Agency

Risk to Business: 1.417= Severe

A shocking email security breach at the US Federal Bureau of Investigation (FBI) led to the takeover of a user account. The cybercriminals that accomplished the feat were able to use that compromised email account to send tens of thousands of fraudulent emails warning recipients of impending cyberattacks. Messages reached celebrities like Jay Z and journalists including investigative reporter Brian Krebs. The Bureau later confirmed that its Law Enforcement Enterprise Portal (LEEP) was compromised in a cyberattack Friday. FBI officials were quick to stress the fact that the malicious emails originated from an FBI-operated server that was solely dedicated to pushing notifications for LEEP and not part of the FBI’s corporate email service.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: This incident shows that no organization is immune to a cyberattack, and even the best defenses can fail.

West Virginia Parkways Authority

Exploit: Ransomware

West Virginia Parkways Authority: State Government Agency

Risk to Business: 1.822=Severe

A suspected ransomware attack snarled operations at the West Virginia Parkways Authority last Friday. Officials announced that a cyberattack had hit the agency’s internal computer systems, knocking out email, telephones, and various non-critical applications for several hours. According to the statement, no data was extracted or exposed in the incident which only impacted operational technology. Systems have since been restored and the incident is under investigation.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Using ransomware against infrastructure targets to shut down their operations has become much more common.

Robinhood

Exploit: Phishing (Vishing)

Robinhood: Financial Services Platform

Risk to Business: 1.542=Extreme

Financial services platform Robinhood is in the news again after disclosing a data breach on 11/03. The company blamed the security incident on vishing. Threat actors obtained access to the organization’s customer support systems by obtaining systems access over the phone. This is the same technique that proved successful in the 2020 Twitter hack. According to reports, after accessing the data, the cybercriminals then demanded an extortion payment to keep the data safe. No word on the amount of this demand. The incident is under investigation.

Individual Risk: 1.312=Extreme

The company disclosed that it estimates a total of seven million users are apparently affected by this breach. Threat actors accessed email addresses for five million customers and a separate list of full names for two million customers. Robinhood says that the bad guys gained access to varying levels of user information including in-depth PII including full names, date of birth and zip code for around 310 users, and extensive records for a subset of 10 users.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Vishing threats are popping up more frequently as cybercriminals look to vary their approach to obtaining credentials in unexpected ways.

Hewlett Packer Enterprise (HPE)

Exploit: Credential Compromise

Hewlett Packer Enterprise: Business Technology Services

Risk to Business: 1.615= Severe

Hewlett Packer Enterprise (HPE) just informed customers that use its Aruba networking unit that their information may have been exposed in a cyberattack on its Aruba Central cloud environment in late October. The company outlined the incident in a statement to the press “On 2 November, HPE discovered that an access key to data related to the network analytics and contact-tracing features of Aruba Central, our cloud-based network management and monitoring solution, was compromised and used by an external actor to access the environment over a period of 18 days between 9 and 27 October 2021.” HPE went on to specify that the data in question included “identifying device media access control (MAC) addresses, IP addresses, device operating systems type and hostnames, and user names for Wi-FI networks where authentication is used, as well as dates, times, and physical Wi-Fi access points (APs) to which devices connected.” The incident is under investigation

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Cybercriminals will do anything to obtain a legitimate user credential because it gives them the keys to the kingdom, enabling them to do massive damage quickly.

United Kingdom – Simplify Group

Exploit: Hacking

Simplify Group: Conveyancing & Property Services

Risk to Business: 1.512= Severe

UK property services giant Simplify Group has been experiencing a cyberattack that impacted operations at many of its divisions. The company operates brands like Premier Property Lawyers, My Home Move and DC Law. The outage was a spanner in the works for new and prospective homebuyers, including some that were mid-move, and they were quick to take to social media. Some systems have been restored and the incident is under investigation.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Operational disruption from a ransomware attack is just as likely as data theft and sometimes even more damaging.

Spain – S.A. Damm

Exploit: Ransomware

S.A. Damm: Brewing

Risk to Business: 1.595 = Extreme

Operations went flat at Spanish brewer S.A. Damm after a ransomware attack crippled production. The company disclosed that the cyberattack hit the brewery on Tuesday night and for a few hours the plant in El Prat de Llobregat, which produces 7 million hectolitres of beer a year, was “entirely paralyzed”. Operations were partially restored quickly and the rest of the recovery is expected to be completed soon.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware gangs have been stopping production in factories rather than stealing data in the hopes of scoring a quick ransom from desperate businesses.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

The Week in Breach

The Week in Breach News: 03/11/21 – 09/11/21

Post author By MSnet
Post date 16 November 2021
No Comments on The Week in Breach News: 03/11/21 – 09/11/21

Canada’s biggest cyberattack ever disrupts Newfoundland and Labrador healthcare, ransomware is the real villain at Diamond Comic Distributors, phishing wreaks havoc at a defence contractor.

Diamond Comic Distributors

Exploit: Ransomware

Diamond Comic Distributors: Periodical Distributor

Risk to Business: 1.417= Severe

It’s a bird, it’s a plane, it’s a ransomware attack at Diamond Comic Distributors. The Baltimore-based company, the exclusive distributor of Image Comics and a publishing outlet for dozens of small-press comics publishers, suffered a ransomware attack last Friday that took down the company’s website and customer service platforms all weekend into Monday. Diamond said in a statement that it did not anticipate that any customer financial data had been impacted by this event. Investigation and recovery is underway with some functions already restored.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Ransomware can cost companies a fortune from operational disruption alone even if no data is snatched, not to mention incident response costs.

Electronic Warfare Associates (EWA)

Exploit: Phishing

Electronic Warfare Associates (EWA): Defense Contractor

Risk to Business: 1.822=Severe

A phishing attack that snared an employee is the suspected cause of a breach at defense contractor Electronic Warfare Associates (EWA). The company is a major provider of specialized software for the US defense establishment including the Pentagon, the Department of Defense (DoD), the Department of Justice (DoJ) and the Department of Homeland Security (DHS). EWA’s investigation determined that an attacker broke into an EWA email account in August 2021 after a phishing operation. The intrusion was uncovered when the attacker attempted a wire transfer. Employee PII was exposed and concern remains that sensitive defense information may also have been exposed.

Individual Risk: 1.703=Severe

EWA has admitted that the attackers snatched files with certain personal information including name and Social Security Number and/or drivers’ license number for an undisclosed number of EWA employees, but no further information was given.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Phishing is an equal opportunity offender and no less likely to be successful against the presumably cybersecurity savvy employees of a tech company as any other business.

Newfoundland and Labrador Health

Exploit: Ransomware

Newfoundland and Labrador Health: Healthcare System

Risk to Business: 1.442=Extreme

What may be the largest cyberattack in Canadian history crippled the healthcare system of the province of Newfoundland and Labrador on October 30th. The suspected ransomware attack hit scheduling and payment systems, causing widespread interruptions in patient care including the cancellation of all non-urgent imaging and medical appointments well as a reduction in chemotherapy sessions and significant complications the province’s COVID-19 response. Eastern Health reported that their payment systems to suppliers and vendors were also targeted by the attack. Email and telephone capability has been restored in some locations and an investigation is ongoing.

Individual Impact: No information about the exposure of patient information was disclosed in this incident as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Healthcare has been beleaguered by cyberattacks, especially ransomware, since the start of the global pandemic.

Greece – Danaos Management Consultants

Exploit: Hacking

Danaos Management Consultants: Maritime IT

Risk to Business: 1.615= Severe

Maritime clients who use the communication systems of Danaos Management Consultants found themselves without some communications capability after a cyberattack blocked their communication with ships, suppliers, agents, charterers and suppliers. Several Greek shipping companies were impacted. The incident also resulted in the loss of an unspecified amount of files and correspondence for the impacted shipping firms.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Cyberattacks have rocked the maritime world in 2021, with major attacks against the world’s four biggest shippers complicating the world’s supply chain woes.

Germany – Media Markt

Exploit: Ransomware

Media Markt: Electronics Retailer

Risk to Business: 1.512= Severe

Electronics retailer MediaMarkt has suffered a ransomware attack that caused the company to shut down some IT systems, impacting store operations in Netherlands and Germany. While cash registers and payment card systems in brick-and-mortar locations were disrupted, online sales were not impacted. The attack was purportedly carried out by the Hive ransomware outfit who initially demanded $240 million in ransom.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Operational disruption from a ransomware attack is just as likely as data theft and sometimes even more damaging.

Australia – mySA Gov

Exploit: Hacking

mySA Gov: Government Services Platform

Risk to Business: 1.595 = Extreme

South Australia’s Department for Infrastructure and Transport confirmed that mySA Gov accounts were compromised through a cyber attack. Officials went on to say that the hackers gained access to several mySA Gov accounts that were secured with recycled passwords. The department went on to say that there was no evidence of any unauthorized transactions on the impacted accounts while encouraging users to update their passwords.

Individual Risk: 1.595 = Extreme

A report from ABC says that 2,601 mySA Gov accounts were accessed in the attack, with 2,008 of them containing registration and licensing information. It is unclear if any information was exfiltrated.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Cybercriminals are always hungry for PII, especially identification card or passport data that can help them commit identity theft.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

The Week in Breach

The Week in Breach News: 27/10/21 – 02/11/21

Post author By MSnet
Post date 16 November 2021
No Comments on The Week in Breach News: 27/10/21 – 02/11/21

Ransomware sours operations at dairy powerhouse Schreiber Foods, jeweller to the stars Graff is in the wrong kind of spotlight, an old gang with a new name hits the NRA, trouble at the Toronto Transit Commission.

The National Rifle Association (NRA)

Exploit: Ransomware

National Rifle Association: Gun Rights Activist Group

Risk to Business: 1.417= Severe

Guess who’s back? Cybersecurity researchers believe that the notorious Evil Corp has rebranded itself as Grief, the group that has claimed responsibility for a probable ransomware attack at The National Rifle Association (NRA). Grief posted 13 files to its news website last Wednesday after they claimed to have hacked the NRA. The gang is threatening to release more of the files if they’re not paid, but no ransom demand was specified. NBC News reported that the files it saw were related to grants. The samples provided by the gang include blank grant proposal forms, a list of recent grant recipients, an email to a recent grant winner earlier this month, a W-9 form and the minutes from a September 24th NRA teleconference meeting.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Ransomware can be used to steal and publicize sensitive information that a company doesn’t want exposed.

PracticeMax

Exploit: Ransomware

PracticeMax: Medical Practice Management Services

Risk to Business: 1.822=Severe

A ransomware attack on medical practice management services firm PracticeMax may have exposed Protected Health Information. The company notified members of Village Health that they may have been impacted by a cyberattack in April and May of 2021. VillageHealth is a care coordination program for patients with chronic conditions run by DaVita Inc. and offered through health plans including Anthem and Humana. PracticeMax indicates the breach affected more than 4,400 of its members in legal filings, but a company statement warns that they cannot say for sure that any data was actually accessed or stolen.

Individual Risk: 1.703=Severe

In breach notification letters being sent on behalf of DaVita, Humana and Anthem, PracticeMax says the incident affected PHI including members’ first and last name, date of birth, address, phone number, Social Security Number, member ID number and clinical data pertaining to services received through the VillageHealth program.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Service providers that handle a lot of valuable data have been favored targets of ransomware groups looking to profit in the booming data markets.

United States – Schreiber Foods

Exploit: Ransomware

Schreiber Foods: Dairy Processor

Risk to Business: 1.442=Extreme

Wisconsin-based dairy powerhouse Schreiber Foods said its plants and distribution centers are back up and running after a ransomware attack ground operations to a halt over the weekend. The company announced that a “cyber event” had disrupted operations at its processing and distribution centers after critical systems were knocked or taken offline. Schreiber uses a variety of digital systems and computers to manage milk processing, so this event impacted the entire dairy supply chain in the US. This is the latest incident in a string of massive production-impacting cyberattacks against agricultural sector targets. The company is the largest milk processor in Wisconsin, and it has reportedly been hit with a $2.5 million ransom demand.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business In September, the FBI released a notice warning companies in the food and agriculture sectors to watch out for ransomware attacks aiming to disrupt supply chains.

Canada – Toronto Transit Commission (TTC)

Exploit: Hacking

Toronto Transit Commission (TTC): Government Entity

Risk to Business: 1.615= Severe

The Toronto Transit Commission was the victim of a ransomware attack that it says began last Thursday night and expanded on Friday. Officials were quick to assure the public that the attack has not caused any significant disruption to transit service and the public and employees are not at risk. They specified that transit vehicles are continuing to service their routes, but apps and computer displays of route information are being affected. There’s no word on when those functions will be restored.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Cyberattacks on infrastructure targets are common, and that means that organizations that run and serve them need to step up their security game.

United Kingdom – Graff

Exploit: Ransomware

Graff: Jeweler

Risk to Business: 1.512= Severe

The Conti ransomware gang made headlines again with a successful ransomware attack against high-society jeweler Graff. The company counts clients like Donald Trump, David Beckham, Oprah Winfrey and other major-league clientele. Graff operates at the top end of the diamond jewelry market, with more than 60 retail stores worldwide. Reports say that the Conti group has already posted 69,000 confidential documents on its dark web leak site including client lists, contact data and other proprietary information. Ransom demands are reported to be in the millions of pounds.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Firms like Graff not only have records on deep-pocketed clients, they also have records on transactions that those clients may want to have kept quiet.

Poland – C.R.E.A.M. Finance

Exploit: Cryptojacking (Misconfiguration)

C.R.E.A.M. Finance: Decentralized Lending Platform

Risk to Business: 1.595 = Extreme

For the third time this year, cybercriminals have hit lending platform C.R.E.A.M. Finance, stealing cryptocurrency. This time, thieves made off with $130 million worth of cryptocurrency assets. According to the experts, the attackers have likely exploited a vulnerability in the platform’s flash loan feature, then transferred the stolen funds to a wallet under their control before splitting them through other wallets. This is the third successful heist from the platform this year. Crooks jacked $29 million in August 2021 and $37 million in February 2021.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Cybercriminals are always hungry for cash and crypto is the currency that they prefer, so stealing it will continue to be a popular option.

Thailand – Centara Hotels & Resorts

Exploit: Ransomware

Centara Hotels & Resorts: Hotel Chain

Risk to Business: 1.637 = Severe

The Desorden ransomware group claims to have stolen over 400GB of files and databases containing information belonging to millions of hotel guests of Thailand’s Centara Hotels & Resorts. The hotel chain is part of Central Group, a conglomerate that also includes the Central Restaurants Group, which it hacked earlier this month. The hackers made it clear that this attack was in retaliation for the Central Group’s refusal to pay the ransom for the first attack after negotiating and promising payment. That incident would have provided a ransom payment of $900,000 before Central Group backed out of the deal on Tuesday, spurring the second attack.

Individual Risk: 1.818 = Severe

The company admitted that attackers had in fact breached their system and accessed the data of some customers. The data accessed includes names, booking information, phone numbers, email addresses, home addresses and photos of IDs. Whether or not passport data was included was not specified but it is commonly requested. The theft is said to have affected guests who stayed at the hotel chain between 2003 and 2021, including any guests that made advanced bookings up to December 2021.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Big pools of information are catnip to ransomware gangs, especially highly desirable PII or credit card data.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

The Week in Breach

The Week in Breach News: 20/10/21 – 26/10/21

Post author By MSnet
Post date 16 November 2021
No Comments on The Week in Breach News: 20/10/21 – 26/10/21

Ransomware becomes a TV star at Sinclair Broadcast Group, cybercriminals bring tricks and no treats to candymaker Ferrara Candy Company.

Sinclair Broadcast Group

Exploit: Ransomware

Sinclair Broadcast Group: Television Station Operator

Risk to Business: 1.227 = Extreme

Sinclair Broadcast Group, the operator of 184 tv stations in 86 US markets, experienced a cyberattack last week that knocked broadcasts offline. The disruption was extensive, knocking local news broadcasts and syndicated programs offline. In some markets, NFL Sunday broadcasts were also disrupted. An unspecified amount of data was also stolen from the company’s network.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Locking down networks and production lines to cause operational disruption is the name of the game for many ransomware groups in order to force a speedy ransom payment.

Ferrara Candy Company

Exploit: Ransomware

Ferrara Candy Company: Candy Manufacturer

Risk to Business: 1.822=Severe

Boo! Greedy cybercriminals unleashed their tricks on Ferrara Candy Company just one week away from Halloween. The company, maker of Brach’s Candy Corn, Nerds and Trolli gummies among other treats, has been in the confectionary business since 1901. Ferrara said that the attack briefly disrupted production operations. However, they were quick to assure anxious consumers that they didn’t need to worry about missing their Halloween favorites – Halloween orders were shipped to stores in August.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Manufacturers have been increasingly falling into cybercriminals’ sights, especially at peak times in their respective industries.

United States – CoinMarketCap

Exploit: Hacking

CoinMarketCap: Cryptoasset Tracker

Risk to Business: 1.702=Severe

Crypto evaluator CoinMarketCap has had a data leak. First reported by Have I Been Pwned, cybercrime researchers have discovered 3.1 million user email addresses from the site available on the dark web. The company initially denied the hack but ultimately owned up to the security blunder.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time. So far it’s only an email address list, no other information.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Attacks on the banking, crypto and fintech sectors have been growing, creating complications for every financial services organization.

United Kingdom – Tesco

Exploit: Hacking

Tesco: Supermarket Chain

Risk to Business: 2.115=Extreme

Ubiquitous UK supermarket chain Tesco left customers scrambling after a cyberattack disrupted its web services over the weekend. The company said that unnamed cyberattacks began impacting its systems on Friday night. Beginning Saturday and rolling into Sunday intermittently, shoppers were unable to place orders or track deliveries. The incident also impacted the Tesco app.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Cyberattacks can come from myriad sources but they all cause companies to lose revenue and suffer a negative impact on customer relationships.

Switzerland – MCH Group

Exploit: Ransomware

MCH Group: Event Management

Risk to Business: 2.763 = Moderate

Swiss events management company MCH Group was hit with a suspected ransomware attack late last week that resulted in operational disruption. the company said that it’s back online, upcoming events will not be impacted and it’s in the process of investigating the attack. MCH Group handles events including the Art Basel shows in Basel, Miami Beach, and Hong Kong, as well as the watch and jewelry show Baselworld.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Service providers have been popular targets for cyberattacks because they often maintain databases that will score a big payday for cybercriminals on the dark web.

Spain – Atento

Exploit: Hacking

Atento: Customer Service Center Operator

Risk to Business: 1.615 = Severe

Customer support giant Atento was hit by a cyberattack on its Brazil-based systems that primarily impacted its operations in South America. The company disclosed a business interruption in Brazil as it sought to contain and mitigate the attack. Operations have been fully restored. Brazil is one of Atento’s main global markets, and more than 45% of the company’s global workforce is in that location.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Brazil has been experiencing an uptick in cyberattacks in recent months including insurers, retailers and other businesses that store a large volume of data.

Thailand – Centara Hotels & Resorts

Exploit: Hacking

Centara Hotels & Resorts: Hotel Chain

Risk to Business: 1.631 = Severe

Motherboard manufacturer Gigabyte was clobbered with a ransomware attack last week The ransomware group Avos Locker clobbered the company in a SolarWinds-style supply chain attack. The gang posted samples of the purportedly stolen data on its leak site including confidential details regarding deals with third-party companies and identifiable information about employees. Researchers from ThreatPost were able to view an assortment of data in a 14.9 MB file entitled “proof.zip” containing confidential data on agreements with Gigabyte relationships including Amazon, BestBuy, Black Magic, Blizzard, Intel and Kingston.

Risk to Business: 1.6808 = Severe

Researchers also noted that some employee and applicant information is included in that file. Researchers spotted employee payroll details, passport scans CVs of applicants, human resources files, consulting agreements, credit card data from 2014 and images from company events.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Computer hardware manufacturers have been very attractive to hacers as teh chip shortage grinds on, putting pressure on the industry, something cybercriminals love to exploit.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

The Week in Breach

The Week in Breach News: 13/10/21 – 19/10/21

Post author By MSnet
Post date 16 November 2021
No Comments on The Week in Breach News: 13/10/21 – 19/10/21

Ransomware rocks Ecuador’s largest bank, a malicious insider strikes at a US healthcare organization, everyone in Argentina had their identity stolen

Olympus Corporation of the Americas

Exploit: Ransomware

Olympus Corporation of the Americas: Medical Technology Manufacturer

Risk to Business: 2.122 = Severe

Olympus was forced to take down IT systems in the U.S., Canada, and Latin America following a cyberattack that hit its network Sunday. The medical equipment manufacturer says that it does not believe that any data was stolen. Olympus also said that the incident was contained to the Americas with no known impact to other regions. Just last month, Olympus suffered another ransomware attack on its EMEA region systems.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Many ransomware gangs aren’t bothering to steal data anymore, opting to lock down networks and production lines to force a speedy ransom payment.

Premier Patient Healthcare

Exploit: Malicious Insider

Premier Patient Healthcare: Medical Clinic Chain

Risk to Business: 1.712=Severe

Texas-based accountable care organization Premier Patient Healthcare filed a statement this week detailing a malicious insider incident that caused the exposure of PII for over 37,000 patients from around the country. According to the report, a terminated executive had retained credentials that enabled them to access and obtain an unspecified amount of PHI. No further details were included and a HIPAA filing has not yet appeared. When the breach first came to light, the company’s early statements pointed to a fault at a vendor, which turned out to not be the case.

Individual Risk: 1.712=Severe

The patient records that were accessed included name, age, sex, race, county and state of residence, and zip code, as well as Medicare beneficiary information, such as Medicare eligibility period, spend information, and hierarchical condition category risk score for an unspecified number of patients.

Customers Impacted: 8.5 million

How It Could Affect Your Customers’ Business This incident isn’t just a double helping of embarrassment for Premier Patient Healthcare, it’s also going to be a financial nightmare after regulators get finished with them.

Ecuador- Banco Pichincha

Exploit: Ransomware

Banco Pichincha: Banking & Financial Services

Risk to Business: 1.412=Extreme

Ecuador’s largest private bank Banco Pichincha has suffered a suspected ransomware attack that has resulted in some systems being knocked offline for days. Many services of the bank were disrupted, including online banking, its mobile app and ATM network. The bank is working with national authorities at the Superintendency of Banks to investigate the incident. In an internal notification sent to the Bank’s agencies and seen by BleepingComputer, employees are notified that bank applications, email, digital channels, and self-services will not be operational for an unspecified amount of time due to a technology issue, limiting many bank services to in-person transactions. Some ATM services have been restored. The incident is ongoing.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Attacks on the banking and fintech sectors have been growing, creating complications for every financial services organization.

Argentina – Registro Nacional de las Personas (RENAPER)/National Registry of Persons

Exploit: Hacking

Registro Nacional de las Personas (RENAPER): National Identity Database

Risk to Business: 1.232=Extreme

Hackers have broken into the Argentina Interior Ministry’s IT network and stolen a massive amount of data from Registro Nacional de las Personas (RENAPER)/National Registry of Persons. That extremely sensitive database contains ID card details for the country’s entire population. The leak was announced when a Twitter user posted ID card photos and personal details for 44 Argentinian celebrities including the country’s president Alberto Fernández and soccer superstars Lionel Messi and Sergio Aguero. While the Argentine government admits to the hack, they maintain that no data was stolen. However, cybersecurity experts and journalists were able to contact the threat actors through a dark web posting and confirm the authenticity of the database. The hackers appear to have gained access through a compromised VPN.

Risk to Business: 1.222= Extreme

According to a sample provided by the hacker online, the information they have access to right now includes full names, home addresses, birth dates, gender info, ID card issuance and expiration dates, labor identification codes, Trámite numbers, citizen numbers, and government photo IDs.

Customers Impacted: The population of Argentina is 45 million

How it Could Affect Your Customers’ Business A strong security culture helps reduce the likelihood of an incident caused by employee carelessness as this one reportedly was.

Brazil – Hariexpress

Exploit: Misconfiguration

Hariexpress: e-Commerce Firm

Risk to Business: 1.616 = Severe

Brazilian e-commerce firm Hariexpress is in hot water after it exposed an estimated to 1.8 billion client and seller records. The problem appears to have originated with a misconfigured Elasticsearch server, according to researchers. The server was left unencrypted with no password protection in place, exposing 610GB of data and that data may have been exposed for several months.

Individual Risk: 1.616 = Severe

Exposed customer data included full names, home and delivery addresses, phone numbers and billing details. Also exposed were sellers’ full names, email and business/home addresses, phone numbers and business/tax IDs (CNPJ/CPF).

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Human error will always be a company’s biggest cyberattack risk. It pays to make sure that everyone feels like they’re responsible for security to avoid messes like this.

Spain – Meliá Hotels International

Exploit: Ransomware

Meliá Hotels International: Hotel Chain

Risk to Business: 1.615 = Severe

Meliá Hotels International, one of the largest hotel chains in the world, had fallen victim to a suspected ransomware attack. Attackers took down parts of the hotel chain’s internal network and some web-based servers, including its reservation system and public websites. An investigation is underway. No ransomware gang has yet claimed responsibility.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware is always expensive. Even without the extortion demand, it can cause massive losses simply from business interruption.

Taiwan – Acer

Exploit: Hacking

Acer: Computer Manufacturer

Risk to Business: 1.631 = Severe

Acer has just been beleaguered by cyberattacks in 2021. In its second time at the dance this year, Acer’s India after-sales service has suffered a data breach. A threat actor has already claimed the attack on a popular hacker forum, saying that they stole more than 60GB of files and databases from Acer’s servers. The stolen data includes client, corporate, and financial data and login details belonging to Acer retailers and distributors from India. The threat actor posted a video showcasing the stolen files and databases to a dark web forum showcasing the records of 10,000 customers, and stolen credentials for 3,000 Indian Acer distributors and retailers.

Individual Impact: No information about the nature of the exposed customer data was available at press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Companies that store large amounts of data are hacker catnip. The data that they can steal will not only reap a big profit, it also opens other cybercrime doors.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.