Last week, hackers gain access to data from popular delivery service, ransomware diverts ambulance services, and few employees report sufficient cybersecurity training.

United States – Thinkful

Exploit: Unauthorized database access
Thinkful: E-learning website for developers
Risk to Small Business: 2.333 = Severe: By leveraging an employee’s stolen credentials, an unauthorized third party was able to access the company’s database. While sensitive data, such as social security information, was not exposed, it’s possible that other personal information was accessed. In response, Thinkful has notified its users of the data breach and is requiring password resets on all accounts. While the company wrote to its users that it is taking additional steps to enhance security, these efforts will not help those whose credentials were already compromised in the breach. This incident follows on the heels of the company being acquired by Chegg.
Individual Risk: 2.857 = Moderate: Users’ Social Security numbers were not compromised in the breach, but other personal information could have been accessed by hackers. Users should create unique passwords, enroll in multi-factor authentication, and monitor their accounts for suspicious activity in the wake of the attack.
Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Thinkful’s data breach announcement is especially problematic since it immediately followed news that the company was being acquired by Chegg. It’s unclear how this cybersecurity incident will impact the deal, but cybercriminals often target small companies before an acquisition, hoping to infiltrate their IT infrastructure before coming under the protection of the larger, more robust system of their new parent company. Therefore, businesses must consider cybersecurity as both a moral imperative and financial necessity, especially in the realm of mergers and acquisitions.

---

United States – Campbell County Memorial Hospital

Exploit: Ransomware
Campbell County Memorial Hospital: Healthcare provider operating as part of the Campbell County Health Department
Risk to Small Business: 2.111 = Severe: A ransomware attack on Campbell County Memorial Hospital forced the healthcare provider to divert ambulance services, cancel surgeries, and stop admitting patients. The hospital’s emergency room remains operational, but many services are curtailed. Hackers did not send a ransom demand, leaving hospital IT administrators grappling for a solution. Campbell County Memorial Hospital reports that no patients were harmed because of the outage. However, with no solution in sight, patient care remains dubious and the long-term financial ramifications of the incident could be extensive.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Unfortunately, once a ransomware attack infects your network, there are usually no get-out-of-jail-free cards. Ransom demands themselves often cost companies hundreds of thousands, whereas restorative services can be even more expensive. Moreover, the opportunity costs associated with interrupting business processes only makes matters worse. In this case, patients’ lives could have been put at risk, which is a worst-case scenario for any cybersecurity incident.

---

Canada – DoorDash

Exploit: Unauthorized database access
DoorDash: Food delivery service
Risk to Small Business: 1.555 = Severe: Hackers infiltrated a DoorDash server, providing them with access to user and driver data. In response, the company is encouraging all users to reset their passwords. Although the breach was discovered in early September, it’s unclear why they waited nearly a month before notifying users. Now, DoorDash will likely face legal and reputational blowback that will damage its standing in an already competitive market.
Individual Risk: 2.285 = Severe: Hackers accessed personal data for both DoorDash users and drivers, including names, email addresses, delivery addresses, phone numbers, hashed passwords, and the last four digits of payment cards. However, full payment card data was not accessible. In addition, the breach does not include DoorDash users who joined after April 5, 2018. The platform is encouraging all users to reset their passwords and to monitor their financial accounts for unusual activity. Moreover, those impacted by the breach should know that this data can be used to facilitate additional cyberattacks, including phishing scams, that can further compromise personal information.
Customers Impacted: 4,9000,000

How it Could Affect Your Customers’ Business: In 2019, companies can’t afford to spare any expense when it comes to protecting their data. With the initial cost of a breach soaring and the long-term damage becoming clearer, the big-picture threat is a tangible reality for every company. Rather than hoping to avoid being caught in the crosshairs by hackers, every business should take steps to identify vulnerabilities and to apply best practice solutions to mitigate the risk of a devastating data breach.

---

In Other News:

Cyber Insurance Rises 5% in 2019 
Despite a significant uptick in cybersecurity lapses, the average cost of cyber insurance only rose by 5% in 2019, according to a recent report.
In some ways, this is good news for companies as cyber insurance has become an important commodity in today’s dangerous digital environment. However, the report also found that the insurance industry is getting more adept at controlling its own losses by imposing high deductibles and offering limited payouts.
For instance, the sub-limit on a $1 million ransomware policy can be as low as $25,000, and deductibles often exceed $10,000.
At the same time, the cost of a data breach is escalating quickly, and insurance payouts aren’t adjusting to this new reality, meaning that, even with insurance reimbursement, companies often incur significant direct losses from a data breach.
Taken together, it underscores the importance of a strong defensive posture when it comes to cybersecurity risks as there are no helpful or affordable options once a data breach occurs.

---

A Note From Kobargo

Few Employees Receive Cybersecurity Training 
The precipitous rise in phishing scams and malware attacks has made employee cybersecurity training a critical component of any cyber defense strategy. However, a recent report by Chubbs indicates that many businesses aren’t providing cybersecurity training to their employees.
The report found that only 31% of employees receive cybersecurity training, while 70% of companies claim to have “excellent” or “good” cybersecurity standards.
These divergent claims contradict one another as companies with disengaged or ignorant employees pose a serious cybersecurity threat to their cybersecurity posture.
As data breaches continue to make headlines and to damage businesses’ bottom lines, it seems that too many organizations are unnecessarily putting themselves at risk. Comprehensive employee awareness training is an affordable way to bolster your defensive posture, and it can make a significant impact on the most prescient threats facing businesses today.

---

Contact Kobargo Technology Partners to schedule a free consultation today!

[/mp_span]
[/mp_row]

DATA BREACH, CYBER ALERT MONDAY: 

Last week, data breaches threatened future government contracts, PII was exposed online, and cybersecurity incidents were projected to reach an all-time high.

United States – Carle Foundation Hospital 

Exploit: Phishing attack

Carle Foundation Hospital: Regional, not-for-profit healthcare provider

Risk to Small Business: 2.111 = Severe: Three company employees fell victim to a phishing scam that gave hackers access to their email accounts containing patient data. Although the hospital immediately secured the accounts, the easily preventable incident will expose Carle Foundation Hospital to intense regulatory scrutiny and cascading costs related to the breach.

Individual Risk: 2.428 = Severe: The compromised email accounts belonged to three physicians, and they included data from patients that received cardiology or surgery services at Carle. The data includes patient names, medical record numbers, dates of birth, and clinical information. Fortunately, patients’ Social Security numbers and financial data were not included in the breach. However, personal data is a widely accepted currency on the Dark Web, since personally identifiable information(PII) can be used to facilitate additional cybercrimes. Therefore, those impacted by the breach need to closely monitor their accounts for usual activity while being mindful of other malicious uses of that information.

Customers Impacted: Unkown

How it Could Affect Your Business: Data breaches bring a host of complications to any company, including reputational damage and ancillary recovery costs. Altogether, it can cause significant financial distress to any organization. Neutralizing defensible threats, like phishing scams, is a simple and affordable solution that can play a prominent role in protecting your company’s reputation and bottom line.

---

United States – Miracle Systems

Exploit: Malware attack

Risk to Small Business: 1.555 = Severe: Using stolen credentials, hackers gained access to several databases that store company data related to the US military. The breach, which occurred on three separate occasions between November 2018 and July 2019, was enabled by a malware attack that was distributed via a malicious email attachment. Although the stolen data was years old, the company was closely scrutinized by the Secret Service, and company leaders estimate that they’ve lost as much as $1 million because of the breach. Of course, this doesn’t include the opportunity costs associated with a loss in trust and business with the government.

Individual Risk: 2.428 = Severe: Several email account credentials were stolen during the breach, and their accessibility was broadly advertised on the Dark Web. Although the company believes that this information is outdated, all employees should reset their password and follow best practices for creating unique credentials.

Customers Impacted:Unknown

How it Could Affect Your Business: For many companies, protecting their data should be an extension of protecting their bottom line. The Miracle Systems breach is a reminder of the steep price that many companies pay in lost revenue and reputational damage that can have far-reaching consequences for their financial viability and future business model.

---

United States – Restaurant Depot

Exploit: Spear phishing attack

Restaurant Depot: Commercial food service wholesaler

Risk to Small Business: 1.666 = Severe: Restaurant Depot’s customers are receiving phishing emails requesting payment for invoices, purportedly from the company. In response, customers began lashing out on social media, and the company was forced to issue a statement on its website discrediting the email content. The emails are personalized so cybercriminals likely purchased company data from a Dark Web marketplace, which could suggest the possibility of an even more expansive data breach at Restaurant Depot.

Individual Risk: 2.142 = Severe: Any recipient who paid a fraudulent invoice has compromised their personally identifiable information and their payment data. However, even for those that delete the message, it’s likely that their information was obtained through a different data breach, and they should closely examine their credentials for other potential misuses. In some cases, credit or identity monitoring services might be required to ensure their data’s long-term integrity.

Customers Impacted: Unkown

How it Could Affect Your Business: Having your company co-opted as a tool for cybercriminals is bad for business, and companies that are victimized in this way face an expensive, up-hill battle to restore their customer’s confidence. Preemptively knowing if your employee or customer data is compromised can help prevent this scenario by giving your business an opportunity to respond before hackers wreak havoc on your system.

---

In Other News:

DATA BREACH, CYBER ALERT MONDAY: 

Last week, phishing scams continued to trap employees, weak passwords put company data at risk, and the consequences of a breach were higher for SMBs.

United States – Metro Mobility

Exploit: Unauthorized email account access

Metro Mobility: Shared ride public transportation service for riders with disabilities and health complications

Risk to Small Business: 1.333 = Extreme: An unauthorized party gained access to two employee email accounts that contained customers’ personally identifiable information. The data from one account was available between February 4th and March 12th, and information from the second account was available for several hours on March 12th. The company hired a third-party cybersecurity firm to audit their security standards, and they’ve made changes to prevent a similar breach in the future. However, it’s unclear why the company waited so long to notify customers, and future reparations will not be able to recover the damage of the data that’s already stolen.

Individual Risk: 2.143 = Severe: Impacted email accounts contained personal information, including customers’ names, dates of birth, contact information, drivers’ license information, financial information, medical record numbers, patient identification numbers, and treatment-related information. In addition, some users had their Social Security numbers compromised in the breach. Lyons is providing free credit monitoring and identity restoration services for everyone impacted by the breach. Since this information is incredibly valuable to cybercriminals on the Dark Web, breach victims should take advantage of these services to help ensure the integrity of their data.

Customers Impacted: Unkown

How it Could Affect Your Business: A data breach has far-reaching consequences for any company, which makes a preventable attack like a phishing scam especially problematic. Protecting customer data means protecting your bottom line, and cybersecurity training is a low-cost initiative to ensure that phishing threats are neutralized before they compromise customer data and put your company at risk.

 

United States – Premier Family Medical

Exploit: Ransomware
Premier Family Medical: Comprehensive family healthcare provider

Risk to Small Business: 2.111 = Severe: A ransomware attack on Premier Family Medical has significantly restricted employees’ access to patient data and company services, halting key business operations. In some cases, the opportunity cost associated with a ransomware attack can be more costly than the actual recovery effort, placing a multifaceted strain on a business’s finances.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: 320,000

How it Could Affect Your Business: Ransomware attacks have been on the rise in 2019, often targeting SMBs with limited resources for cybersecurity initiatives. Unfortunately, whether companies pay a ransom or restore operations using other recovery efforts, the implications can lead to lower ROI, or even worse, closed doors. When it comes to protecting your network against a ransomware attack, a strong defensive posture is the only option, and it’s one that every business should consider to be mission-critical in today’s digital environment.

 

United States – Entercom Communications

Exploit: Ransomware

Entercom Communications: Broadcasting and radio company based in Bala Cynwyd, Pennsylvania

Risk to Small Business: 2.111 = Severe: Hackers were able to spread ransomware across a company’s network using one company computer. The attack brought down email services, billing networks, and shared drives. While broadcasts continue uninterrupted, employees have been warned not to connect any devices to the company network, and Entercom expects several days of outages before services will be fully restored. Hackers are demanding $500,000 to decrypt the ransomware, but the company is choosing to use cybersecurity services to restore their network instead.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unkown

How it Could Affect Your Business: Regardless of the recovery methodology, recovering from a ransomware attack is incredibly expensive. In this case, hackers demanded $500,000 to restore Entercom’s network, a cost that comes without guarantees that bad actors will follow through on their promises. However, restoring a network often carries similar or even higher costs, meaning that there are no good solutions once an attack occurs. In a similar breach early this year, a station estimated that they lost up to $800,000 in revenue in addition to the $500,000 recovery charge. Consequently, it’s clear that every business needs to protect its bottom line by ensuring that its cybersecurity standards align with today’s emerging threat landscape.

---

In Other News:

Data Breaches Put Small Businesses at Risk 

Data loss events are a huge risk for any company, but the aftermath of a data breach can be especially problematic for SMBs, a recent study by Bank of America Merchant Services concluded. 

The survey, which included 522 small businesses and 409 consumers in the US, questioned consumers and small businesses about the cybersecurity risks underscoring today’s digital environment. In response, one in five SMBs reported a data breach in the past two years, a 17% increase in two years. Moreover, 41% of small businesses endured a data breach that cost the company more than $50,000.

This financial component is especially troubling for SMBs, which don’t have extravagant resources that large corporations can use to hasten their recovery efforts. Making matters worse, 30% of consumers indicated that they would never return to a small business that endured a data breach, a 20% increase year-over-year.

These trends are taking place as SMBs are increasingly moving online. 51% of SMBs run their own websites, and 70% have some form of e-commerce component to their business.

In total, it’s evident that SMBs have every reason to prioritize data security protocols as a foundational element of a successful, sustainable business model.

DATA BREACH, CYBER ALERT MONDAY: 

Last week’s customer loyalty programs were compromised, employees continued to fall for phishing scams, and data breach costs continued to increase.

United States – Lyons insurance

Exploit: Unauthorized email account access

Lyons Insurance: Independent insurance broker and employee benefits firm

Risk to Small Business: 1.333 = Extreme: An unauthorized party gained access to two employee email accounts that contained customers’ personally identifiable information. The data from one account was available between February 4th and March 12th, and information from the second account was available for several hours on March 12th. The company hired a third-party cybersecurity firm to audit their security standards, and they’ve made changes to prevent a similar breach in the future. However, it’s unclear why the company waited so long to notify customers, and future reparations will not be able to recover the damage of the data that’s already stolen.

Individual Risk: 2.143 = Severe: Impacted email accounts contained personal information, including customers’ names, dates of birth, contact information, drivers’ license information, financial information, medical record numbers, patient identification numbers, and treatment-related information. In addition, some users had their Social Security numbers compromised in the breach. Lyons is providing free credit monitoring and identity restoration services for everyone impacted by the breach. Since this information is incredibly valuable to cybercriminals on the Dark Web, breach victims should take advantage of these services to help ensure the integrity of their data.

Customers Impacted: Unkown

How it Could Affect Your Business: Few things can cripple a business like a data breach, and post-breach security initiatives can’t help those whose personal information is already available on underground marketplaces. Consumers and employees are increasingly unwilling to associate with companies that cannot protect their information, making cybersecurity a bottom-line problem for every business. Identifying and addressing vulnerabilities before a breach occurs offers tangible benefits over waiting until after a data disaster to make changes.

 

United States – Presbyterian Healthcare Services

Exploit: Phishing scam
Presbyterian Healthcare Services: Private not-for-profit healthcare system and provider

Risk to Small Business: 1.555 = Severe: An employee unwittingly opened a phishing email that provided hackers with access to a treasure trove of patients’ personally identifiable information. The breach occurred on or before May 9th, and it wasn’t discovered for nearly a month. While the healthcare provider began notifying those impacted by the breach in early August, the latest accounting reveals even more extensive damage than originally identified. Moreover, Presbyterian Healthcare Services expects that they still have to understand the full scope of the breach. Healthcare is a highly regulated industry, so Presbyterian Healthcare Services will endure a significant repair cost, along with increased scrutiny from regulatory bodies.

Individual Risk: 2.571 = Moderate: While hackers didn’t have access to electronic health records or billing information, they were able to access patient names, dates of birth, Social Security numbers, and health plan information. Although Presbyterian Healthcare Services hasn’t found the data on the Dark Web yet, those impacted by the breach should assume that it will be exploited for fraud in the near future.

Customers Impacted: 183,000

How it Could Affect Your Business: Companies that store copious amounts of sensitive personal information are sitting ducks for data thieves and have an obligation to take necessary precautions to protect their customers’ data. Fortunately, phishing scams are entirely defensible, and comprehensive awareness training can render such attacks useless. With phishing attacks on the rise, this training should be mandatory for every company storing personal data of employees or customers.

 

United States – Oregon Judicial Department 

Exploit: Phishing Scam

Oregon Judicial Department: Judicial branch of the state of Oregon

Risk to Small Business:  1.444 = Extreme risk: A phishing campaign effectively duped five employees into opening malicious emails that compromised the personal information of thousands of people. The attack occurred on July 15th, and it left affected accounts exposed for four hours before IT admins could disable access to personal data. Consequently, the department is responsible for providing credit monitoring services to impacted individuals, an expense that will hinder the efforts of an already cash strapped organization.

Individual Risk: 2.286 = Severe: The data breach exposed personally identifiable information, including names, full and partial dates of birth, financial information, health data, and Social Security numbers. Anyone impacted by the breach should enroll in the provided credit monitoring services to keep tabs on their financial data. Meanwhile, they should be vigilant about monitoring their personal accounts for suspicious or unusual activity.

Customers Impacted: 6,607

How it Could Affect Your Business: Phishing scams may be incredibly prevalent, but they are also entirely preventable. Despite the best efforts of automated detection services, businesses should assume that some phishing emails will make their way to your employees’ inboxes, making comprehensive awareness training a critical component of holistic data security. By training employees to spot and respond to phishing campaigns, it’s possible to mitigate persistent attacks while demonstrating cybersecurity prowess.

 

United States – Wisconsin Diagnostic Laboratories

Exploit: Unauthorized database access

Wisconsin Diagnostic Laboratories: Medical laboratory and testing service provider

Risk to Small Business: 1.556 = Severe: A June 2019 data breach at one of the company’s partners has compromised the personal information of patients at Wisconsin Diagnostic Laboratories. The company has severed the relationship with their third-party vendor, and they are taking steps to retrieve and secure compromised patient data. Of course, retrieving information once it reaches the web is extremely difficult, and Wisconsin Diagnostic Laboratories will certainly face regulatory scrutiny that will cost time and resources.

Individual Risk: 2.857 = Moderate Risk: The data breach revealed personal data including patient names, dates of birth, dates of service, and other medical information. In some cases, payment information, including credit card numbers and bank account details, was exposed. Social Security numbers and payment data were excluded in the breach. Since this type of information is frequently exchanged on the Dark Web, those impacted by the breach should monitor their accounts closely.

Customers Impacted: 114,985

How it Could Affect Your Business: Today’s business environment often requires partnering with third-parties to provide the best experiences for your customers. Unfortunately, this also increases your company’s exposure to various cybersecurity risks, and every business needs to have effective recovery protocols in place to respond to these incidents. In this way, companies can benefit from relationships with strategic partners with cybersecurity expertise in order to proactively secure sensitive information.

 

---

In Other News:

Data Breaches Expected to Cost Businesses $5 Trillion by 2024 

By now, every business should be aware of the costs associated with a data breach. Unfortunately, such damages are not being contained. Instead, they are rising steadily, culminating in a $5 trillion price tag by 2024, according to the latest report from Juniper Research. 

A recent report, “The Future of Cybercrime & Security,” found that regulatory fines and lost business will be the primary drivers of this expense.

Consumers continually demonstrate a disdain for platforms that can’t protect their data, making opportunity cost one of the most arduous, often immeasurable consequences of a data breach.

At the same time, the report notes that cybercrimes are likely to accelerate as hackers deploy increasingly sophisticated technology, like AI, to perpetuate even more disruptive cybercrimes.

However, Juniper Research found that cybersecurity-related expenditures are only expected to increase by 8% over the next four years, meaning that enterprises are turning to other methodologies to protect their data. Most prominently, the report concluded, employee awareness training is seen as the most efficient and cost-effective way to protect a company’s data.

Regardless of the technique, one truth is certain. The cybersecurity landscape will not look the same in four years, and every business needs to be prepared to adapt and meet the shifting challenges of its time.

DATA BREACH, CYBER ALERT MONDAY: 

Last week’s hacks, attacks, data breaches and more…

United States – Rhode Island Ear, Nose, and Throat Physicians Inc.

Exploit: Unauthorized database access

Rhode Island Ear, Nose, and Throat Physicians Inc.: Specialty healthcare practice providing family care for diseases of the ears, nose, and throat

Risk to Small Business: 1.666 = Severe: Hackers accessed a patient database that contained personally identifiable information for patients served by the practice between May 1st and June 12th. Third-party forensic IT specialists determined that information wasn’t copied or downloaded. Regardless, the practice will incur the cost of updating their protocols, and also be subjected to regulatory scrutiny. This could eventually result in additional HIPAA fines, which will negatively affect their bottom line.

Individual Risk: 2.285 = Severe: For those impacted by the breach, personal information, including names, dates of birth, and clinical data was exposed. In some cases, patients had their Social Security numbers compromised as well. Since this information can quickly spread online and onto the Dark Web, identity monitoring services can help identify potential misuses in the future.

Customers Impacted: 2,493

How it Could Affect Your Business: Personal data can quickly make its way to the Dark Web marketplaces where it is often used to facilitate crippling attacks. Therefore, businesses bear the responsibility of protecting and informing their customers of what happens to compromised information. With the CCPA on the brink of being implemented, healthcare companies aren’t the only ones that face the threat of legal penalties.

United States – Massachusetts General Hospital 

Exploit: Unauthorized database access
Massachusetts General Hospital: The largest teaching hospital of Harvard Medical School

Risk to Small Business: 1.555 = Severe: Massachusetts General Hospital (MGH) has begun notifying patients of a data breach in two of the hospital’s computer programs. The event first occurred in June, but the hospital waited more than two months before notifying patients, significantly restricting their opportunity to take precautionary measures before the data is further misused. Now, MGH is incurring the cost of third-party security analysts, and they will be subjected to additional regulatory scrutiny because of the sensitive nature of their business.

Individual Risk: 2.428 = Severe: The data breach exposed personal information for patients participating in select clinical trials. The information includes patient names, dates of birth, medical record numbers, and medical histories. However, Social Security numbers and financial data was not exposed to hackers. Despite the elongated timeframe, those impacted by the breach should review their accounts for suspicious activity, and they should enroll in identity monitoring services to ensure their information’s security moving forward.

Customers Impacted: 10,000

How it Could Affect Your Business: Especially for businesses operating in highly-regulated industries, protecting personal information is of the utmost importance. However, when a mistake is made, every business needs to supportive resources in place to hasten a full recovery and to begin repairing the intense reputational damage that accompanies a cybersecurity incident. In doing so, companies protect their customers, which could make a big difference when securing their loyalty in the future.

United States – City of Borger 

Exploit: Ransomware

City of Borger: Local government administration serving Borger, Texas

Risk to Small Business:  1.666 = Severe: A ransomware attack on the city’s IT infrastructure has crippled their ability to conduct business. The attack was part of a targeted effort impacting 20 Texas municipalities, and it cut off access to basic city services like public records, bill payments, and communications systems were inaccessible. Fortunately, the city has been able to restore several functions without paying the ransom, but several services remain unavailable.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware attacks increasingly afflict local governments and small businesses that often don’t have robust resources to devote to cybersecurity initiatives. However, cybersecurity experts that can identify and address potential vulnerabilities are a relative bargain compared to the tangible and less quantifiable costs associated with a ransomware attack.

United States – Fargo Public Schools

Exploit: Unauthorized database access

Fargo Public Schools: Public school district serving students in Fargo, North Dakota

Risk to Small Business: 1.888 = Severe: An expansive data breach at a third-party vendor compromised students’ personally identifiable information. The breach is attributed to Pearson, but the cost of containment and restoration will fall squarely on the district’s shoulders. Consequently, the district will endure the cost of updating its data privacy protocols and the increased public and media scrutiny that often accompany a data

Individual Risk: 2.285 = Severe: Hackers accessed students names, birthdates, and student ID numbers. However, Social Security numbers or payment information were not compromised. Unfortunately, even small amounts of personal information can be used to enact future identity or cybercrimes. Therefore, those impacted by the breach should enroll in the provided identity monitoring services while also being aware that their information could be used against them in future phishing or other cyber-attacks.

Customers Impacted: Unknown

How it Could Affect Your Business: Today’s business environment often depends on third-party partnerships that can increase an organization’s capabilities. However, when it comes to data privacy, these relationships can also create vulnerabilities, so cybersecurity protocols need to be a top priority when entering into these relationships. Moreover, having customer protection services in place can help mitigate the risks of a data privacy event negatively impacting your customers.

---

In Other News:

The First Half of 2019 Sees Precipitous Rise in Data Breaches 

A recent report by Risk Based Security confirmed what many people already knew: data breaches are increasing in frequency and scope. 

In the first half of 2019, there were 3,816 data breaches, a 54% increase from the same period in 2018. In total, more than 4 billion records were stolen. While the majority of these records, 3.2 billion were stolen as part of eight high-profile breaches, more than one billion records were taken in lesser known data heists from smaller organizations.

The healthcare sector led all industries with 224 data breaches while retail and finance accounted for 199 and 183 breaches respectively. Meanwhile government and education have collectively endured nearly 300 data breaches.

According to the report, email addresses and passwords were the most sought after data, occurring in more than 70% of data heists. In contrast, only 11% of data breaches contained financial information like credit card numbers.

Email addresses and passwords can be used to promulgate additional cybercrimes, and companies need to train their employees to protect this information as phishing scams and other attacks threaten the integrity of these credentials and business’ entire cyber infrastructure. For starters, implementing comprehensive awareness can help strengthen the security of your company’s email addresses and passwords.