Data Breach, Cyber Alert Monday:
Last week, ransomware threatened a company’s financial future and online shoppers had their payment information stolen by MageCart.

LAST WEEK’S HACKS, ATTACKS, DATA BREACHES AND MORE…

Grays Harbor Community Hospital: Healthcare provider operating as part of the Harbor Medical Group

Exploit: Ransomware

Risk to Small Business: 1.666 = Severe: After an employee accidentally clicked on a phishing email, cybercriminals were able to infect the hospital’s IT infrastructure with ransomware that impacted the provider’s access to medical records, prescription information, and more services, including payment processing. The hackers demanded $1 million to unlock the files, a significant sum that places a serious strain on the cash-strapped hospital. While it’s unclear if the hospital paid the ransom, officials noted that restricted cash flow will threaten the organization’s future financial viability..

Individual Risk: 2.142 = Severe: While there is no evidence that personal data was collected as part of the breach, sensitive patient information, including medical records, demographic information, insurance information, medical history, medical treatment, and billing information could have been made accessible to unauthorized third-parties. Since personally identifiable information can quickly make its way to the Dark Web, where it can be used to facilitate additional cybercrimes, those impacted by the breach should acquire monitoring services to secure this information.

Customers Impacted: 85,000

How it Could Affect Your Business: Ransomware is much more than a temporary inconvenience. The astounding costs surrounding repair, restoration, or even ransom payments can significantly impact a company’s ability to continue operating. Once ransomware takes hold of a company’s IT infrastructure, every path forward is expensive and fraught with difficulties. Therefore, identifying and addressing vulnerabilities before they enable a breach is the only effective way of avoiding the costly aftermath of a ransomware attack.

---

National Baseball Hall of Fame: American History Museum for Major League Baseball

Exploit: Malicious code script

Risk to Small Business:1.555 = Severe: The notorious hacking group MageCart infiltrated the National Baseball Hall of Fame, compromising the personal information of customers shopping on their e-commerce store. Hackers had access to shopper information for seven months, beginning in November 2018. The hackers injected a malicious script into the checkout page that forwarded user information to the hacking group. Now, the museum will incur the inevitable repair costs that always accompany a data breach, and the reputational damage to their online store will likely cost them revenue and loyal customers moving forward.

Individual Risk:2.428 = Severe: MageCart scams steal customer data at checkout, and online shoppers between November 15, 2018 and May 14, 2019 could have their information stolen by the hacking group. This data involves customers’ names, addresses, and payment information, including CVV codes. Customers who made purchases at the online store during this timeframe are encouraged to contact their credit card company and monitor accounts for fraudulent or suspicious activity.

Customers Impacted: Unknown

How it Could Affect Your Business: Online shopping is quickly becoming the go-to buying method for many shoppers, and SMBs rely on this revenue stream to compete with major corporations. Therefore, securing IT infrastructure is critical to stay competitive in today’s digital-first environment. To mitigate the damage after a breach, businesses should strive to provide proactive customer care to ensure that they can quickly and completely recover from a breach.

---

Camp Verde Unified School District: Public school district serving students in Camp Verde, Arizona

Exploit: Ransomware

Risk to Small Business: 2.111 = Severe: A ransomware attack prevented the school district from accessing its entire network for more than two weeks. The attack’s timing is particularly problematic since it occurred during back-to-school season for the district and its families. Consequently, records and payments are being recorded by hand as the district attempts to continue business as usual. Fortunately, the district has ransomware insurance that will help offset some of the costs, but those resources won’t undo the difficulties incurred by the organization at a critical time for business operations.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Business:Opportunity cost is a significant factor in a ransomware attack. Many businesses are making arrangements to account for the costs of recovery, but there is no way to avoid losses in productivity and revenue that inevitably occur during a ransomware attack. Therefore, businesses and organizations need to take every precaution to prevent a ransomware attack before it occurs.

---

Hy-Vee: Supermarket chain with 245 locations throughout the Midwestern United States

Exploit: Unauthorized database access

Risk to Small Business:1.777 = Severe: Unauthorized activity involving payment processing software compromised transaction data at the company’s fuel pumps, coffee shops, and restaurants. However, card data involving the company’s supermarket check lanes and other payment systems was not impacted by the breach. As a result, the regional company will have to spend considerably to upgrade its cybersecurity standards and absorb the less quantifiable costs in brand erosion.

Individual Risk: 2.428 = Severe: Hy-Vee took steps to eradicate the malicious activity, but the company has not revealed the specific data sets that were compromised in the breach. Given that the event focused on point-of-sale platforms, it’s possible that names and payment information was made available to hackers. Customers should anticipate further developments from the company, but they should carefully monitor their accounts to identify suspicious activity.

Customers Impacted: 15,298

How it Could Affect Your Business: Supporting those impacted by a data breach is the most important responsibility of any company that fails to protect customer data. Having the policies, procedures, and technology in place to quickly respond to a breach can help mitigate the inevitable reputation damage and customer blowback that accompanies a security lapse.

---

Choice Hotels: Hospitality franchisor based in Rockville, Maryland

Exploit: Ransomware

Risk to Small Business:2 = Severe Risk: An unsecured database for the hospitality company was discovered by security researchers, but cybercriminals stole a trove of company data before Choice Hotels could repair the vulnerability. When repairing the database, researchers discovered a ransom note indicating the data theft and demanding a $4,000 payment in Bitcoin to return the information. Cybersecurity personnel believe that the hackers intended to destroy the entire database, but their efforts failed.

Individual Risk: 2.714 = Moderate Risk: The data breach includes data from staff and students from the years 2001 – 2016, and it includes first and last names, school email addresses, and birth dates. Personal data can travel quickly on the Dark Web, and those impacted by the breach should enroll in the credit monitoring services offered by the district.

Customers Impacted: Unknown

How it Could Your Customers’ Business: Choice Hotels is working to put new security measures in place to prevent something like this from happening again. Unfortunately, once a breach occurs, customer information is readily and permanently available online. Therefore, data security is one of the best customer-facing initiatives that a business can adopt. When mistakes are made, knowing what happens to that information and putting procedures in place to prevent future breaches is a must-have service for any business.

DATA BREACH, CYBER ALERT MONDAY:

LAST WEEK, A DATA BREACH CAUSED TRAVEL DELAYS, RANSOMWARE COMPROMISED THE FIRST DAY OF SCHOOL, AND SMALL BUSINESSES ENDURED AN UNPRECEDENTED NUMBER OF DATA BREACHES.

LAST WEEK’S HACKS, ATTACKS, DATA BREACHES AND MORE…

City of Naples: Local government serving residents in Naples, Florida

Exploit: Phishing attack

Risk to Small Business: 2 = Severe: Spear phishing campaigns have evolved in sophistication, often relying on previously stolen credentials and inflicting greater damage than ever before. Therefore, awareness training is a critical element of any organization’s cybersecurity defense, since it can equip employees to successfully defend against all types of phishing campaigns that threaten company data and resources.

Individual Risk:No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Business: The cost of a data breach is higher now than ever before, which makes a preventable data breach even more egregious. Consequently, awareness training should be a top priority for every company. The expense of credit and identity monitoring services, reputational damage, and IT upgrades far exceeds the awareness training that can prevent phishing scams from compromising customer data.

---

Broken Arrow Public Schools: Public school district in Broken Arrow, Oklahoma

Exploit: Ransomware

Risk to Small Business: 2.555 = Moderate Risk: A ransomware attack compromised the school district’s network, making it briefly inaccessible to all personnel. Fortunately, the school district maintained comprehensive backups that were not impacted by the data breach, and they were able to restore normal operations without paying a ransom. The attack came as school was preparing to begin, and it temporarily put critical services like scheduling, bus routes, and even the first day of school at risk.

Individual Risk:No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Business: A ransomware attack can come at any time, which means that a comprehensive response plan is an immediate and necessary element of every business or organization’s cybersecurity strategy. By planning for a ransomware attack, which could include everything from data backups to ransomware insurance, every business can put its best foot forward to thwart these increasingly common attacks.

---

Presbyterian Health Services: Private, not-for-profit healthcare system and provider

Exploit:Phishing attack

Risk to Small Business:  1.777 = Severe: Beginning on May 9th, hackers gained access to employee email accounts that contained copious amounts of patient data. The employees fell for a phishing scam that compromised their accounts, which criminals accessed for nearly a month before the healthcare provider discovered the breach. While Presbyterian Health Services secured their employee accounts after discovering the unauthorized access, cybercriminals had plenty of time to exploit this vulnerability. Healthcare data breaches are incredibly expensive, and Presbyterian Health Services will incur the immediate cost of identity and credit monitoring services as well as increased regulatory scrutiny because patient data was involved.

Individual Risk: 2.142 = Severe: Hackers accessed patients’ names, dates of birth, Social Security numbers, and other healthcare related data. This information can quickly spread on the Dark Web, and those impacted by the breach need to attain the services necessary to protect this information.

Customers Impacted: 183,000

How it Could Affect Your Business: Every organization wants to avoid the high cost of a data breach, so succumbing to defensible attacks like a phishing scam is uniquely frustrating. Phishing scams are cheap and easy to execute, and they are frequently making their way into employees’ inboxes. Therefore, comprehensive awareness training is a must-have element for every organization’s cybersecurity initiatives.

---

Earnin: Mobile finance app offering cash advances on paycheck deposits

Exploit: Malware attack

Risk to Small Business:Risk to Small Business: 1.555 = Severe: A group of white hat hackers accessed Earnin’s network and discovered significant security vulnerabilities, including customers’ financial information stored in plain text. Although the data breach was limited to the white hat hackers, the company’s subpar security standards are producing significant bad press that could hinder their development moving forward.

Individual Risk: 2 = Severe: There is no indication that personal information was misused in this data breach, but significant amounts of user data was accessed, including names, bank account numbers, routing numbers, and payment statements. Because of Earnin’s poor security standards, users should closely monitor their accounts for unusual activity, and they should carefully consider their participation in platforms that don’t prioritize data security.

Customers Impacted: Unknown

How it Could Affect Your Business:In the past, tech startups operated with near impunity as they developed new platforms and services to meet our modern moment. Today, shifting consumer sentiments toward data privacy and a cadre of new privacy laws make this proposition more perilous. Instead, startups need to make cybersecurity a top priority from day one because failing to protect customer information can undercut their financial, regulatory, and customer-facing viability.

---

Indian Prairie School District 204: Public school district providing educational services in Aurora, Illinois

Exploit: Unauthorized database access

Risk to Small Business: 2 = Severe Risk: A data breach at Pearson Clinical Assessments has trickled down to Indian Prairie School District, compromising the personal information of tens of thousands of staff and students. The district believes the information was put up for sale the Dark Web, and they are offering free credit monitoring services for everyone impacted by the breach. In this case, a security vulnerability at a third-party contractor requires the district to pick up the heavy cost of credit monitoring services for thousands of former students. In a sector already strapped for cash, this expense alone is reason enough to prioritize cybersecurity initiatives pertaining to the contract work and beyond.

Individual Risk: 2.428 = Severe Risk: The data breach includes data from staff and students from the years 2001 – 2016, and it includes first and last names, school email addresses, and birth dates. Personal data can travel quickly on the Dark Web, and those impacted by the breach should enroll in the credit monitoring services offered by the district.

Customers Impacted: 49,000

How it Could Your Customers’ Business: Data breaches that compromise people’s personally identifiable information are always concerning, especially when they involve minors. Providing the supportive services necessary to recover from a data breach is the most important, and identity and credit monitoring services is the first place to start. These programs provide people the peace-of-mind necessary to successfully navigate the recovery process.

---

In Other News:

UK SMBs Fend Off 10,000 Cyber Attacks Per Day 

According to a recent report by the Federation of Small Businesses (FSB), UK-based SMBs are enduring significant cyber-attacks that total nearly 10,000 per day.

Respondents indicated that one in five small businesses were the victim of a data breach in the past two years, and the survey identified other ancillary consequences accompanying this incredibly high number. For instance, the threat landscape is both expansive and diverse with businesses reporting 530,000 phishing attacks, 374,000 malware incidences, and 260,000 ransomware attacks.

Moreover, the collective cost of these data breaches exceeds £4.5 billion with the average cost of an attack costing companies £1,300.

Interestingly, the survey found that many companies aren’t equipped to defend against these threats. The research found that 64% of small businesses don’t have a security team, and only 1/3 provided cybersecurity training to their employees.

---

A Note From Kobargo..

GermanWiper Ransomware Targets SMBs 

German SMBs are the target of a new ransomware that’s wreaking havoc on company data.
The ransomware is delivered by a phishing campaign purporting to be from a potential job applicant, and the email contains an attachment that poses as a PDF resume from the sender.

When users click on the attachment, it unleashes a ransomware attack that demands payment in Bitcoin to decrypt the files.

Unfortunately, even if businesses pay the ransom, their files are unrecoverable. This particular ransomware, dubbed GermanWiper, erases the encrypted data, making it permanently inaccessible to users.

GermanWiper is a reminder of the precarious nature of ransomware attacks that are increasingly targeting businesses and government organizations to extract large payments. If companies are unprepared for a ransomware attack, there is no guarantee that they will ever recover their information by paying a ransom, and other restorative processes can be even more costly than the ransomware demands.

Therefore, defensive initiatives are business’s best bet for avoiding a ransomware attack, and, with security specialists (Like us!) ready to help out, now is the right time to ensure that your company is ready to defend against today’s always-shifting threat landscape.

---

Contact Kobargo Technology Partners to schedule a free consultation today!

Data Breach, Cyber Alert Monday:
Last week, a data breach caused travel delays, ransomware compromised the first day of school, and small businesses endured an unprecedented number of data breaches.

LAST WEEK’S HACKS, ATTACKS, DATA BREACHES AND MORE…

City of Naples: Local government serving residents in Naples, Florida

Exploit: Phishing attack

Risk to Small Business: 2 = Severe: Spear phishing campaigns have evolved in sophistication, often relying on previously stolen credentials and inflicting greater damage than ever before. Therefore, awareness training is a critical element of any organization’s cybersecurity defense, since it can equip employees to successfully defend against all types of phishing campaigns that threaten company data and resources.

Individual Risk:No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Business: The cost of a data breach is higher now than ever before, which makes a preventable data breach even more egregious. Consequently, awareness training should be a top priority for every company. The expense of credit and identity monitoring services, reputational damage, and IT upgrades far exceeds the awareness training that can prevent phishing scams from compromising customer data.

---

Broken Arrow Public Schools: Public school district in Broken Arrow, Oklahoma

Exploit: Ransomware

Risk to Small Business: 2.555 = Moderate Risk:A ransomware attack compromised the school district’s network, making it briefly inaccessible to all personnel. Fortunately, the school district maintained comprehensive backups that were not impacted by the data breach, and they were able to restore normal operations without paying a ransom. The attack came as school was preparing to begin, and it temporarily put critical services like scheduling, bus routes, and even the first day of school at risk.

Individual Risk:No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Business: A ransomware attack can come at any time, which means that a comprehensive response plan is an immediate and necessary element of every business or organization’s cybersecurity strategy. By planning for a ransomware attack, which could include everything from data backups to ransomware insurance, every business can put its best foot forward to thwart these increasingly common attacks.

---

Presbyterian Health Services: Private, not-for-profit healthcare system and provider

Exploit:Phishing attack

Risk to Small Business:  1.777 = Severe: Beginning on May 9th, hackers gained access to employee email accounts that contained copious amounts of patient data. The employees fell for a phishing scam that compromised their accounts, which criminals accessed for nearly a month before the healthcare provider discovered the breach. While Presbyterian Health Services secured their employee accounts after discovering the unauthorized access, cybercriminals had plenty of time to exploit this vulnerability. Healthcare data breaches are incredibly expensive, and Presbyterian Health Services will incur the immediate cost of identity and credit monitoring services as well as increased regulatory scrutiny because patient data was involved.

Individual Risk: 2.142 = Severe: Hackers accessed patients’ names, dates of birth, Social Security numbers, and other healthcare related data. This information can quickly spread on the Dark Web, and those impacted by the breach need to attain the services necessary to protect this information.

Customers Impacted: 183,000

How it Could Affect Your Business: Every organization wants to avoid the high cost of a data breach, so succumbing to defensible attacks like a phishing scam is uniquely frustrating. Phishing scams are cheap and easy to execute, and they are frequently making their way into employees’ inboxes. Therefore, comprehensive awareness training is a must-have element for every organization’s cybersecurity initiatives.

---

Earnin: Mobile finance app offering cash advances on paycheck deposits

Exploit:Malware attack

Risk to Small Business:Risk to Small Business: 1.555 = Severe: A group of white hat hackers accessed Earnin’s network and discovered significant security vulnerabilities, including customers’ financial information stored in plain text. Although the data breach was limited to the white hat hackers, the company’s subpar security standards are producing significant bad press that could hinder their development moving forward.

Individual Risk:2 = Severe: There is no indication that personal information was misused in this data breach, but significant amounts of user data was accessed, including names, bank account numbers, routing numbers, and payment statements. Because of Earnin’s poor security standards, users should closely monitor their accounts for unusual activity, and they should carefully consider their participation in platforms that don’t prioritize data security.

Customers Impacted: Unknown

How it Could Affect Your Business:In the past, tech startups operated with near impunity as they developed new platforms and services to meet our modern moment. Today, shifting consumer sentiments toward data privacy and a cadre of new privacy laws make this proposition more perilous. Instead, startups need to make cybersecurity a top priority from day one because failing to protect customer information can undercut their financial, regulatory, and customer-facing viability.

---

Indian Prairie School District 204: Public school district providing educational services in Aurora, Illinois

Exploit: Unauthorized database access

Risk to Small Business: 2 = Severe Risk: A data breach at Pearson Clinical Assessments has trickled down to Indian Prairie School District, compromising the personal information of tens of thousands of staff and students. The district believes the information was put up for sale the Dark Web, and they are offering free credit monitoring services for everyone impacted by the breach. In this case, a security vulnerability at a third-party contractor requires the district to pick up the heavy cost of credit monitoring services for thousands of former students. In a sector already strapped for cash, this expense alone is reason enough to prioritize cybersecurity initiatives pertaining to the contract work and beyond.

Individual Risk: 2.428 = Severe Risk: The data breach includes data from staff and students from the years 2001 – 2016, and it includes first and last names, school email addresses, and birth dates. Personal data can travel quickly on the Dark Web, and those impacted by the breach should enroll in the credit monitoring services offered by the district.

Customers Impacted: 49,000

How it Could Your Customers’ Business: Data breaches that compromise people’s personally identifiable information are always concerning, especially when they involve minors. Providing the supportive services necessary to recover from a data breach is the most important, and identity and credit monitoring services is the first place to start. These programs provide people the peace-of-mind necessary to successfully navigate the recovery process.

DATA BREACH, CYBER ALERT MONDAY:

LAST WEEK, STUDENTS LEARNED A HARSH LESSON ABOUT DATA SECURITY, LAW ENFORCEMENT AGENCIES WERE FORCED OFFLINE, AND A CREATIVE NEW MALWARE THREATENED WINDOWS USERS.

LAST WEEK’S HACKS, ATTACKS, DATA BREACHES AND MORE…

Ameritas: Insurance company operating as a subsidiary of Ameritas Mutual Holding Company

Exploit: Phishing attack

Risk to Small Business: 1.777 = Severe: Several employees fell for a phishing scam and provided their credentials to hackers who used that information to access customer data. The insurance company disabled the affected accounts and issued a company-wide, mandatory password reset. The company’s quick actions certainly prevented the data breach from becoming more expansive, but even temporary access can allow hackers to inflict significant damage on a company’s data security. Because Ameritas failed to adequately prepare their employees for a phishing scam, they will now incur the significant cost of hiring an external security firm to shore up their data integrity, even as they face the less quantifiable reputational cost that always accompanies a data breach.

Individual Risk: 2.285 = Severe: Hackers accessed customers’ personally identifiable information, including names, addresses, email addresses, social security numbers, and policy numbers. Ameritas is offering one year of free credit and identity monitoring services, and anyone impacted by this data breach should enroll in these programs. At the same time, they should diligently monitor their accounts for unusual or suspicious activity.

Customers Impacted: Unknown

How it Could Affect Your Business: The cost of a data breach is higher now than ever before, which makes a preventable data breach even more egregious. Consequently, awareness training should be a top priority for every company. The expense of credit and identity monitoring services, reputational damage, and IT upgrades far exceeds the awareness training that can prevent phishing scams from compromising customer data.

---

Washoe County School District: Public school district providing educational services to students in Washoe County, Nevada

Exploit: Unauthorized database access

Risk to Small Business: 2.111 = Severe: A data breach at one of the district’s contractors, Pearson, compromised students’ personally identifiable information. Even though the district isn’t directly responsible for the data breach, they will still incur the cost of providing credit and identity monitoring services to thousands of victims, and their already strapped budgets will be further strained by the recovery efforts.

Individual Risk: 2.714 = Moderate Risk: The data breach impacts students who attended the school district between 2001 and 2016, and it includes student names and dates of birth. Some staff names and email addresses were also accessed during the breach. Those impacted by the breach should enroll in the district-provided credit and identity monitoring services to ensure their information’s long-term integrity.

Customers Impacted: 144,000

How it Could Affect Your Business: Even when an organization isn’t directly responsible for a data breach, they are still charged with helping victims recover from the episode and for strengthening the cybersecurity standards going forward. Especially when minors are involved, knowing what happens to people’s information after it leaves your network is a good place to start.

---

Georgia Department of Public Safety: Government agency overseeing state law enforcement divisions

Exploit: Ransomware

Risk to Small Business: 2.111 = Severe: A ransomware attack on the Georgia Department of Public Safety forced the institution to take all of its computer servers offline. The department is responsible for several law enforcement agencies, which were unable to use their systems to conduct their day-to-day operations. Fortunately, the department was prepared with a ransomware response plan that will equip them to restore operations without paying the ransom. However, as other incidents in recent months revealed, that doesn’t mean that recovery is free or even cheap. The opportunity cost associated with network outages and the IT repairs costs can quickly exceed ransom demands.

Individual Risk:  No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Business:This is the third ransomware attack on a Georgia-based government agency in the past month, costing precious public funds that could be spent on more beneficial projects. The pattern is certainly not restricted to Georgia, and organizations of every size and in every location should prioritize robust security awareness to address network vulnerabilities before an attack occurs.

---

Los Angeles Police Department: Local police department serving Los Angeles, California

Exploit: Unauthorized database access

Risk to Small Business: 1.666 = Severe: A hacker gained access to the department’s database housing information on thousands of recruits, compromising sensitive personal information for thousands of potential officers in the process. While the department is taking steps to protect their network going forward, they neither knew they were breached nor accounted for their officers’ data security before the incident occurred. Consequently, their officers’ personal information is available to untold bad actors.

Individual Risk: 2.428 = Severe: When hackers contacted the department, they revealed that the personal information included names, partial social security numbers, dates of birth, email addresses, and application credentials. The breach extends to officers, trainees, recruits, and applicants, and those impacted by the breach should attain the credit and identity monitoring services necessary to ensure that their information isn’t being used for nefarious purposes.

Customers Impacted: 20,000

How it Could Affect Your Business: Data breaches are a veritable PR nightmare for any company, and this is especially true when prized community members, like police officers, are victimized by the incident. Since this information can quickly make its way to the Dark Web, organizations can begin repairing the damage by verifying that this information isn’t being used to perpetuate further crimes. Moreover, offering supportive services, like comprehensive identity theft restoration, provides the support that victims need to recover from a data breach.

---

Poshmark: Social commerce marketplace for buying and selling clothing, shoes, and accessories

Exploit: Unauthorized database access

Risk to Small Business: 2.222 = Severe Risk: Hackers gained access to the company’s database where they accessed customers’ personal information. The company hashed and salted users’ passwords, making it difficult for hackers to use this information to directly access user accounts. However, similar breaches at online retailers eventually saw their customers’ data sold on the Dark Web, giving Poshmark a heavy responsibility to identity the stolen information and to ensure its long-term integrity. In addition, the company is paying the expense of hiring a third-party cybersecurity team to update their protocols in the wake of the breach.

Individual Risk: 2.714 = Moderate Risk: Poshmark is used by customers in Canada and the United States, but only US-based accounts were impacted by the breach. For those impacted by the breach, their usernames, passwords, names, gender, and city of residence are compromised. In addition, some platform-related content, like clothing size, was also made available. Ensuring this data’s security is a long-term process that doesn’t have an easy solution. Therefore, users should attain the monitoring services necessary to secure their information.

Customers Impacted: Unknown

How it Could Your Customers’ Business: Research shows that customers are unlikely to return to a platform that compromises their personal data, making cybersecurity not just a technological issue but a bottom-line priority. Providing comprehensive care to those impacted by a breach allows companies to put their best foot forward toward restoring the customers’ confidence, and, hopefully, retaining their business.

---

Lodi, California: City located in San Joaquin County, California

Exploit: Ransomware

Risk to Small Business: 1.888 = Severe Risk: Ransomware was delivered to city employees as an email attachment that appeared to be an invoice. The malware ultimately disabled the city’s phone lines, financial data systems, and other computer systems. Hackers demanded a $400,000 ransom in Bitcoin, which officials have declined to pay. The ransomware was first discovered in April, and, after several attempts to remove it from their system, it’s continued to plague their systems months later. While the city has cybersecurity insurance, it includes a $50,000 deductible, which means that there are only bad options for restoring network functionality.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Your Customers’ Business: This incident illustrates the complicated debate surrounding ransomware attacks. $400,000 is an expensive ransom, but local municipalities can quickly spend more as they endure the arduous process of recovering their systems. As Lodi demonstrates, this process can take months, and success isn’t a guarantee. Consequently, government agencies and organizations need to prioritize cybersecurity initiatives to strengthen their defensive posture before an attack occurs. In this case, a single malicious email will have significant financial consequences for the local government.

---

In Other News:

Capital One Data Breach Impacts US and Canadian Customers 

An expansive data breach at the credit card juggernaut, Capital One Financial, has compromised the personal information for more than 100 million US and Canadian customers.

The breach exposed the personal data for more than six-million Canadians, making it one of the most significant data breaches in the country’s history. Capital One, which provides Mastercard credit cards for retailers like Costco Wholesale and Hudson Bay Company, noted that the data is primarily restricted to consumers and small businesses who applied for a credit card between 2005 and 2019.

The data includes names, addresses, postal codes, phone numbers, dates of birth, and incomes. For US customers, the stolen data also includes 80,000 linked bank account numbers and 140,000 social security numbers.

The incident is just the latest wide-spread data breach impacting small businesses and consumers, making their preemptive data protection a must-have element of personal or organization data security. For example, Kobargo’s Dark Web monitoring services can identify if an organization’s data is made available on the Dark Web, providing you with an opportunity to enhance your security posture before an attack takes place.

---

A Note From Kobargo..New Malware Strain Targets Windows Users 

A new malware strain, SystemBC, targets Windows computers with a multifaceted attack that can wreak havoc on their users.

In addition to infecting computers with the primary strain of malware, SystemBC contains an on-demand proxy component that allows other malware stains to integrate with infected computers. Bad actors can use this arrangement to install trojans, ransomware, and other malware on users’ computers.

This iterative approach to malware illustrates the ever-changing cybersecurity landscape that threatens every organization. With the cost of a data breach growing each year, companies have every incentive to protect their IT infrastructure. Although the challenges are immense, partnering with qualified professionals (Like us!) can ensure that your organization is always ready to combat the latest threats.

---

Contact Kobargo Technology Partners to schedule a free consultation today!

Data Breach, Cyber Alert Monday:
Last week, students learned a harsh lesson about data security, law enforcement agencies were forced offline, and a creative new malware threatened Windows users.

LAST WEEK’S HACKS, ATTACKS, DATA BREACHES AND MORE…

Ameritas: Insurance company operating as a subsidiary of Ameritas Mutual Holding Company

Exploit: Phishing attack

Risk to Small Business: 1.777 = Severe: Several employees fell for a phishing scam and provided their credentials to hackers who used that information to access customer data. The insurance company disabled the affected accounts and issued a company-wide, mandatory password reset. The company’s quick actions certainly prevented the data breach from becoming more expansive, but even temporary access can allow hackers to inflict significant damage on a company’s data security. Because Ameritas failed to adequately prepare their employees for a phishing scam, they will now incur the significant cost of hiring an external security firm to shore up their data integrity, even as they face the less quantifiable reputational cost that always accompanies a data breach.

Individual Risk: 2.285 = Severe: Hackers accessed customers’ personally identifiable information, including names, addresses, email addresses, social security numbers, and policy numbers. Ameritas is offering one year of free credit and identity monitoring services, and anyone impacted by this data breach should enroll in these programs. At the same time, they should diligently monitor their accounts for unusual or suspicious activity.

Customers Impacted: Unknown

How it Could Affect Your Business: The cost of a data breach is higher now than ever before, which makes a preventable data breach even more egregious. Consequently, awareness training should be a top priority for every company. The expense of credit and identity monitoring services, reputational damage, and IT upgrades far exceeds the awareness training that can prevent phishing scams from compromising customer data.

---

Exploit: Unauthorized database access

Risk to Small Business: 2.111 = Severe: A data breach at one of the district’s contractors, Pearson, compromised students’ personally identifiable information. Even though the district isn’t directly responsible for the data breach, they will still incur the cost of providing credit and identity monitoring services to thousands of victims, and their already strapped budgets will be further strained by the recovery efforts.

Individual Risk: 2.714 = Moderate Risk: The data breach impacts students who attended the school district between 2001 and 2016, and it includes student names and dates of birth. Some staff names and email addresses were also accessed during the breach. Those impacted by the breach should enroll in the district-provided credit and identity monitoring services to ensure their information’s long-term integrity.

Customers Impacted: 144,000

How it Could Affect Your Business: Even when an organization isn’t directly responsible for a data breach, they are still charged with helping victims recover from the episode and for strengthening the cybersecurity standards going forward. Especially when minors are involved, knowing what happens to people’s information after it leaves your network is a good place to start.

---

Georgia Department of Public Safety: Government agency overseeing state law enforcement divisions

Exploit: Ransomware

Risk to Small Business: 2.111 = Severe: A ransomware attack on the Georgia Department of Public Safety forced the institution to take all of its computer servers offline. The department is responsible for several law enforcement agencies, which were unable to use their systems to conduct their day-to-day operations. Fortunately, the department was prepared with a ransomware response plan that will equip them to restore operations without paying the ransom. However, as other incidents in recent months revealed, that doesn’t mean that recovery is free or even cheap. The opportunity cost associated with network outages and the IT repairs costs can quickly exceed ransom demands.

Individual Risk:  No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Business:This is the third ransomware attack on a Georgia-based government agency in the past month, costing precious public funds that could be spent on more beneficial projects. The pattern is certainly not restricted to Georgia, and organizations of every size and in every location should prioritize robust security awareness to address network vulnerabilities before an attack occurs.

---

Los Angeles Police Department: Local police department serving Los Angeles, California

Exploit: Unauthorized database access

Risk to Small Business: 1.666 = Severe: A hacker gained access to the department’s database housing information on thousands of recruits, compromising sensitive personal information for thousands of potential officers in the process. While the department is taking steps to protect their network going forward, they neither knew they were breached nor accounted for their officers’ data security before the incident occurred. Consequently, their officers’ personal information is available to untold bad actors.

Individual Risk: 2.428 = Severe: When hackers contacted the department, they revealed that the personal information included names, partial social security numbers, dates of birth, email addresses, and application credentials. The breach extends to officers, trainees, recruits, and applicants, and those impacted by the breach should attain the credit and identity monitoring services necessary to ensure that their information isn’t being used for nefarious purposes.

Customers Impacted: 20,000

How it Could Affect Your Business: Data breaches are a veritable PR nightmare for any company, and this is especially true when prized community members, like police officers, are victimized by the incident. Since this information can quickly make its way to the Dark Web, organizations can begin repairing the damage by verifying that this information isn’t being used to perpetuate further crimes. Moreover, offering supportive services, like comprehensive identity theft restoration, provides the support that victims need to recover from a data breach.

---

Poshmark: Social commerce marketplace for buying and selling clothing, shoes, and accessories

Exploit: Unauthorized database access

Risk to Small Business: 2.222 = Severe Risk: Hackers gained access to the company’s database where they accessed customers’ personal information. The company hashed and salted users’ passwords, making it difficult for hackers to use this information to directly access user accounts. However, similar breaches at online retailers eventually saw their customers’ data sold on the Dark Web, giving Poshmark a heavy responsibility to identity the stolen information and to ensure its long-term integrity. In addition, the company is paying the expense of hiring a third-party cybersecurity team to update their protocols in the wake of the breach.

Individual Risk: 2.714 = Moderate Risk: Poshmark is used by customers in Canada and the United States, but only US-based accounts were impacted by the breach. For those impacted by the breach, their usernames, passwords, names, gender, and city of residence are compromised. In addition, some platform-related content, like clothing size, was also made available. Ensuring this data’s security is a long-term process that doesn’t have an easy solution. Therefore, users should attain the monitoring services necessary to secure their information.

Customers Impacted: Unknown

How it Could Your Customers’ Business: Research shows that customers are unlikely to return to a platform that compromises their personal data, making cybersecurity not just a technological issue but a bottom-line priority. Providing comprehensive care to those impacted by a breach allows companies to put their best foot forward toward restoring the customers’ confidence, and, hopefully, retaining their business.

---