This week in data breaches: small businesses fail to prevent phishing attacks, government admin compromises data, and a new study reveals the prominent role of human error in data breaches.
Dark Web ID Trends:
Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: Government contractor, health, retail
Top Employee Count: 251-500
United States – Visser Precision
Exploit: Ransomware
Visser Precision: Parts manufacturer for space and defense contractors
Risk to Small Business: 2.111 = Severe
Visser Precision was infected with data exfiltrating ransomware that stole proprietary information before encrypting IT systems. Based on documents published online, it appears that hackers obtained company data, including a list of clients, nondisclosure agreements, and some development plans. This incident reflects a growing trend in ransomware attacks – cybercriminals are increasingly stealing company data before encrypting critical IT systems, and organizations don’t detect it until it’s too late.
Individual Risk: No personal information was compromised in this breach.
Customers Impacted: Unknown
What Can You Learn from Their Mistake?
Ransomware attacks not only negatively impact productivity and manufacturing, they also negatively impact growth. Companies like Visser Precision have many high-profile and mission-critical clients. Cybersecurity incidents can put those organizations at risk, making them less likely to do business with companies that have data security issues.
How Can Spry Squared Help?
Spry Squared is an expert in cybersecurity and helping our SMB customers understand the importance of security. We offer a free intial Dark Web scan and you can see if your business credentials have been compromised. From Dark Web monitoring to ransomeware protection and training to a recovery plan, our cybersecurity package will help with all aspects of your comany’s cybersecurity. Learn more about Spry Squared Cybersecurit here.
United States – Riverview Health
Exploit: Accidental data sharing.
Riverview Health: Healthcare provider
Risk to Small Business: 2.333 = Severe:
On January 14, 2020, an employee inadvertently sent notification letters that intermixed patients’ names and addresses. The messages were delivered to the appropriate addresses, but they included the incorrect patient name. In today’s digital landscape, even small clerical errors can have significant consequences as both customers and regulators look to punish companies that fail to secure personal information.
Individual Risk: 2.714 = Moderate
Patients’ names and addresses were compromised in the breach. Riverview Health maintains that the risk of data misuse is very low, but victims should still be aware that this information can be used for nefarious purposes and take precautions to ensure that their information is secure.
Customers Impacted: 2,610
What Can You Learn from Their Mistake?
The biggest threat to your data isn’t cybercriminals, its human error. With customer blowback and regulatory penalties increasing, every organization needs to take steps to mitigate the risk posed by staff mistakes. Implementing protocols and increasing training about the pitfalls presented by phishing attacks and data sharing errors can significantly reduce your organization’s exposure to a data breach.
How Can Spry Squared Help?
We can provide a more complete picture of your company’s security posture and potential risk, transforming the weakest links of an organization into your strongest points of protection. Click this link to get started.
United States – J Crew
Exploit: Unauthorized database access
J Crew: Clothing retailer
Risk to Small Business: 2.111 = Severe
J Crew identified a data breach that took place in April 2019. In response, the company has disabled all impacted accounts, and advised all customers to reset their account credentials. The incident follows cybersecurity lapses at other prominent retailers at a time in which many consumers are shunning companies that don’t secure their information. The lengthy identification and reporting time will likely open the organization up to additional regulatory scrutiny that could further erode its brand reputation and bottom line.
Individual Risk: 2.428 = Severe
Hackers accessed customers’ account login credentials, email addresses, and passwords. Partial payment card data and order information was also compromised. The company has closed the impacted accounts, but all J Crew customers should take steps to protect their personal information.
Customers Impacted: Unknown
What Can You Learn from Their Mistake?
With threats coming from multiple directions, every organization must enact strong cybersecurity defenses to ensure that they are ready to address potential threats and keep their clients’ data safe – and avoid the brand-eroding fallout that comes from a cybersecurity disaster. In doing so, they can minimize the consequences of a breach, keep customer data off the Dark Web, and promote a rapid recovery.
How Can Spry Squared Help?
We go into the Dark Web to keep you out of it. Dark Web IDTM is the leading Dark Web monitoring platform in the channel. Our award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze, and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today.
In Other News:
Coronavirus Phishing Scams Capitalizing on Fear & Urgency
As concern over the Coronavirus (COVID-19) spreads around the globe, hackers are exploiting the atmosphere of panic and fear created by the pandemic to steal peoples’ personal information. According to a recent report, more than 4,000 Coronavirus-related domains have been registered since the beginning of the year. Experts consider 3% to be outright malicious, and 5% are categorized as suspicious – more than double the usual number. Hackers are likely to target organizations with phishing attacks in an attempt to steer employees toward these malicious sites where they can steal critical data.
The World Health Organization has already issued a warning about Coronavirus-related phishing attacks that purport to be from to their organization, and CISA has released several warnings about the emerging threat of COVID-19 related phishing scams. Taken together, it’s a reminder that while phishing scam awareness training is an effective defense against cybercrime, security education isn’t a static endeavor. It must always adapt to address today’s shifting threats in order to keep your organization a step ahead of tomorrow’s bad actors.
Not sure how safe your data is OR is your company data already on the Dark Web?
Contact the cybersecurity experts at Spry Squared for your complimentary Dark Web scan.
Thanks to our cybersecurity partner ID agent for this Week in Breach report!