Cyber Alert Monday, Data Breach- That business lunch you enjoyed last week just cost you more than you think. 100+ restaurants and hotels across nine states had their customer data accessed.

North Country Business Products:  A  Minnesota-based provider of POS systems for the hospitality sector.

Exploit: Malware injection into point-of-sale (POS) systems.
Risk to Small Business: EXTREME: Customers of restaurants and hotels in nine states, including some 50 Arizona establishments and 65 Dunn Brothers coffee shops, may have had their payment card information accessed between January 3 and January 24, 2019. Announcement of this potential exposure was made February 15 by North Country Business Products, which provides point-of-sale software systems in the hospitality sector. Upon discerning suspicious activity in certain of its clients’ networks, North Country launched an investigation January 4, determining on January 30 that an outside party deployed malware to some of its business partners.
Individual Risk: SEVERE RISK:  Information potentially accessed includes the cardholder’s name, credit card number, expiration date, and CVV. Criminals can use this information to commit payment fraud, so those who patronized the Arizona restaurants and hotels affected should continuously review account statements and monitor credit reports. North Country, which says that the problem has been corrected, lists the businesses potentially affected on its website and has set up a helpline for consumers.
Customers Impacted: To be determined.
How it Could Affect Your Business:  The issue was first noticed January 4 and data continued to be exposed for another 20 days, until January 24, signaling an opportunity for North Country Business Products to implement advanced security monitoring technologies. All businesses should consider the promise of machine learning solutions, which can detect and predict suspicious activities before they inflict damage. Source
 

AdventHealth Medical Group: Taveras, Florida-based health care practice.

Exploit: Malware.
Risk to Small Business: Severe: AdventHealth Group recently announced a 16-month data breach stretching back to August 2017 that exposed some 42,000 patients’ sensitive personal data. The medical provider group has not detected how the malware was installed, nor has it stated why the breach was not discovered for nearly a year and a half.
Individual Risk: Severe: The malware allowed access to patient names, addresses, email addresses, telephone numbers, dates of birth, health insurance information, Social Security numbers, and medical histories, as well as race, gender, weight, and height. This data could allow identity theft and potentially blackmail where particularly sensitive medical conditions, such as HIV/AIDS or addiction, are concerned.
Customers Impacted: 42,000.
How it Could Affect Your Business: The data breach extended across 16 months before it was discovered, and the medical group has not yet determined its origin, indicating a need to implement advanced security monitoring technologies. All businesses should consider the promise of machine learning solutions, which can detect and predict suspicious activities before they inflict damage. Source
 

American consumers: Online users in the United States

Exploit: Malvertising campaign.
Risk to Small Business: Severe: A malvertising campaign by the eGobbler group targeting U.S. users was launched over Presidents Day weekend, February 16-18, garnering some 800 million impressions. Those who clicked on the ads were redirected to a wide range of phishing sites that attempted to trick consumers to enter personal details, including financial information.
Individual Risk: Moderate: Cybercriminals can use the information collected to conduct spear phishing email campaigns or they can sell the stolen credentials on the Dark Web to other criminals.
Customers Impacted: Unknown.
How it Could Affect Your Business: Malvertising campaigns can expose sensitive customer and employee data, or cause mistrust in websites hosting the infected ads leading to brand erosion and customer churn. Source.
 

Labour Party: Second largest political party in the United Kingdom

Exploit: Theft of data from member databases.
Risk to Small Business: Severe: The United Kingdom’s Labour Party announced February 20, 2019, that it had detected several attempts to access member databases and campaign tools. The surmise is that members of Parliament (MPs) who recently left the Labour Party to form a competing party known as The Independent Group tried to steal information that would allow targeting in future political campaigns. Anyone obtaining or attempting to obtain personal data without the consent of the controller is committing an offense under the U.K.’s Data Protection Act of 2018.
Individual Risk: Moderate: It is yet unknown if information was obtained by individuals whose access to that information should have been revoked. Labour Party officials may also be questioned as to the large number of individuals with access to its databases, including not only MPs but also paid and volunteer campaign associates across the nation.
Customers Impacted: Undisclosed.
How it Could Affect Your Business: All organizations, whether public or private sector, need robust systems and processes to validate access rights and continually manage those rights, which includes triggering notices when unauthorized parties attempt to gain access. Source.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!