https://cdn2.hubspot.net/hubfs/2431775/WEEK%20IN%20BREACH.png
This week, a phishing scam compromised an entire healthcare network, two more UK breaches, and ransomware attacks become costlier than ever. In this edition you will learn about security breaches affecting small/medium businesses and breaches that may affect you or your own business.
This Weeks Dark Web Trends
Royal Yachting Association
https://www.theregister.co.uk/2020/01/24/royal_yachting_association_data_breach/
Exploit: Unauthorised database access
Location: United Kingdom
Organisation Profile: Royal Yachting Association: Boating organisation
Risk to Small Business: 1.777 = Severe
Hackers infiltrated the company’s network and downloaded a database containing customers’ personal information. The organisation identified the breach on January 17th and hired cyber-security specialists to investigate the event and secure customer data. To prevent unauthorised account access, the Royal Yachting Association reset all customer passwords. Although the database contains information from several years ago, there are still many ways that criminals can deploy this information in additional cyber-crimes.
Individual Risk: 2.428 = Severe
The data breach compromised members’ personally identifiable information (PII data), including names, email addresses, and hashed passwords. No financial data was compromised. Those impacted by the breach should immediately reset their password on any accounts using these login credentials. In addition, they should carefully assess online communications, as this data can be used to craft spear phishing attacks that can dupe unsuspecting recipients into compromising even more personal information.
Customers Impacted: Unknown
How it Could Affect Your Business: Data breaches compromising usernames and passwords can have far-reaching consequences for an organisation, as this data can be used in many ways to make an already bad situation even worse. Moreover, cyber-criminals can come up with many ways to misuse this information, and businesses need tools to stop its spread as soon as possible.
Appliant Dark Web Monitoring alerts you when employee emails and passwords have been compromised and are for sale to the highest bidder.
SuperCasino
https://www.technadu.com/supercasino-breached-customer-info-leaked/90769/
Exploit: Unauthorised data access
Location: United Kingdom
Organisation Profile: SuperCasino: Online gambling platform
Risk to Small Business: 1.888 = Severe
SuperCasino experienced a data breach that compromised users’ personally identifiable information. While the online gambling outfit identified and investigated the breach, their customer communications were blasé at best, minimising the potential harm to customers’ data privacy. The company will likely endure intense scrutiny under GDPR and other privacy regulations, which could mean painful penalties alongside other financial implications of the data breach.
Individual Risk: 2.285 = Severe
SuperCasino claims that users’ financial data was not compromised in the event. However, hackers did access users’ names, usernames, email addresses, telephone numbers, residential addresses, and account activity data. SuperCasino is asking all users to reset their passwords and to reset passwords on any platforms that may use duplicate credentials. Victims are at a heightened risk for phishing attacks and other scam messages, so they should carefully scrutinise their online communications.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Protecting against a data breach should be every company’s first priority but deploying an adequate response to an event needs to be a close second. Moreover, as data privacy regulation becomes the new norm, every organisation needs to consider the necessary steps to compliance that can prevent a breach or mitigate the consequences after an event occurs. Pre-planning for both of these contingencies can ensure that your organisation is ready to thrive in today’s digital environment.
Appliant Compliance Manager enables companies to automate data privacy standards and documentation responsibilities, making compliance a simple, intuitive process for everyone.
California Healthcare Network
https://portswigger.net/daily-swig/california-healthcare-data-breach-could-impact-nearly-200-000-patients
Exploit: Phishing scam
Location: United States
Organisation Profile: California Healthcare Network: Hospital and urgent care centre operator
Risk to Small Business: 1.888 = Severe
Employees fell for a phishing scam that compromised patients’ protected health information (PHI). The company first discovered the breach on June 19, 2019, when it secured accounts by resetting login credentials. However, an additional investigation revealed that patient data was compromised in the breach. The California Healthcare Network is notifying patients of the incident and updating the email security standards, but the real test is certainly still ahead. Healthcare data breaches are the most expensive of any sector, and the company will undoubtedly endure intense regulatory scrutiny because of the sensitive nature of the breach.
Individual Risk: 2.428 = Severe
Hackers had access to patient data contained in employee email accounts. California Health Network declined to provide specific data categories, but healthcare records often include patients’ most sensitive personal data. The access is limited between June 11, 2019 and June 18, 2019, but the information has now been available for more than six months, so those impacted by the breach will want to work quickly to secure their data. The California Healthcare Network is offering free credit monitoring services to all victims.
Customers Impacted: 199,548
How it Could Affect Your Customers’ Business: Most data breaches begin with a successful phishing scam. Every organisation has a responsibility to train its employees in defensive best practices, which is a relative bargain compared to the high cost of a data breach. In doing so, organisations transform a known vulnerability into a valuable asset to their defensive posture.
Appliant Phishing simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defence against cyber-crime.
Risk Levels:
* The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.