Last week, the hits just keep coming for GoDaddy and the Toll Group and consumers are more ready than ever to walk away from companies that experience a data breach from cybercrime.
United States – Management and Network Service, LLC.
Exploit: Phishing scam
Management and Network Services, LLC.: Managed care provider
Risk to Small Business: 1.479 = Extreme
Hackers accessed several employee email accounts containing patients’ personally identifiable information (PII) and protected health information (PHI). The cybercrime breach, which occurred between April and July of 2019, wasn’t discovered until August 21, 2019. Although they haven’t detected data misuse, this extended duration could make it more difficult for victims to recover. In response, the company is updating its email security practices and implementing two-factor authentication to prevent a future incident.
Individual Risk: 1.716 = Severe
Patients’ personal information was compromised in the breach. This includes names, medical treatment information, diagnosis and medical details, insurance credentials, dates of birth, and Social Security numbers. In some cases, the breach also exposed driver’s license numbers, state identification card numbers, and financial details. Those impacted by the breach should immediately notify their financial institutions of the event while taking steps to ensure that their data isn’t used in other nefarious ways
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Cybercriminals are capitalizing on the chaos of COVID-19 to send millions of phishing scams each day. Even one malicious message can have cascading consequences for your business, making employee awareness training a top priority for companies looking to keep their data secure.
United States – GoDaddy
Exploit: Unauthorized database access
GoDaddy: Domain service provider
Risk to Small Business: 1.805 = Severe
GoDaddy has reported an October data breach to California authorities after it identified an unauthorized individual operating within their platform. Although the company believes that files were not altered or modified, the company was forced to reset user account passwords and to provide a free year of its website security and malware service. It’s possible that the intruder is related to an earlier cybersecurity incident stemming from an employee who engaged with a phishing scam. The hosting platform often touts its small business services, and these organizations will now have to decide if a platform with multiple cybersecurity lapses is the best place for their digital services to reside.
Individual Risk: GoDaddy asserts that personal data was not compromised in this breach, but customers should carefully monitor their accounts for possible misuse.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This incident highlights the growing cybersecurity threat posed by third-party partnerships, which SMBs often rely on to power their platforms and services. To protect account security, even in the event of a third-party cybersecurity incident, companies should enact simple but effective data security standards, like enabling two-factor authentication and requiring employees to use strong, unique passwords on all accounts.
United States – Storenvy
Exploit: Unauthorized database access
Storenvy: Online retailer
Risk to Small Business: 2.281 = Severe
Hackers gained access to a company database containing customer information. This database was subsequently downloaded and posted online as a free resource. Making matters worse, the database contained plain text passwords and other personal data that can quickly be used by bad actors to execute cybercrimes ranging from spear phishing scams to malware attacks. This is the company’s second data breach in two years, undermining its credibility at a critical time. Online shopping is experiencing a boon because of the COVID-19 pandemic, but customers are increasingly unwilling to do business with platforms that can’t protect their information.
Individual Risk: 2.779 = Moderate
The compromised data includes shoppers’ account passwords, order details, and payment methods. However, shipping and card information were not impacted. Victims should immediately update their account passwords, and they need to be mindful that the compromised data could be used against them in future cyberattacks.
Customers Impacted: 1,500,000
How it Could Affect Your Customers’ Business: Both now and in the future, online retail is becoming the preferred shopping experience. This is a significant opportunity for many companies, enabling them to reach a bigger and broader audience than ever before. Unfortunately, for companies that can’t protect their platforms, many customers will take their business elsewhere.
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News:
Consumers Seek New Options After a Cyberattack
While many organizations are focused on the bottom line during the COVID-19 downturn, cyber-readiness must be considered as a critical piece of the puzzle. According to a recent consumer survey, today’s customers are placing a high priority on cybersecurity, often requiring it as a prerequisite for doing business.
For instance, 90% of those surveyed consider a company’s trustworthiness when deciding to purchase a product, and nearly 60% indicated that they would avoid doing business with a company that experienced a cyberattack in the past year.
When cyberattacks cause a service disruption, 37% of survey participants indicated that they would switch to a competitor, and 66% were prepared to leave if operations weren’t restored within three days. The survey results were especially problematic for financial service providers and communications products, two industries that consumers are readily prepared to abandon in the event of a cybersecurity incident.
The global survey that included shoppers in North America, the United Kingdom, France, and Germany found that consumers overwhelmingly feel that businesses aren’t doing enough to protect their information.
80% of respondents noted that they shared negative ransomware-related brand experiences with family, friends, or colleagues, accelerating brand erosion and piling on to the long-lasting implications of a cyberattack. For companies navigating an already harsh business environment, it’s clear that customer retention may be contingent on their ability to defend their networks from an ever-evolving threat landscape.
A Note From Kobargo
Cybercrime Increased by 300% Since COVID-19 Pandemic Began
By now, many organizations are well aware of the increase in cybercrime since the COVID-19 pandemic began. The number of phishing scams have soared, popular virtual meeting platforms (like Zoom) have endured cybersecurity shortcomings and many more.
A report by the US Federal Bureau of Investigation (FBI) has quantified the increase in cyberattacks, detailing that the number of reported cybersecurity complaints have increased by more than 4,000 since the pandemic began. The information comes as tech platforms have similarly quantified cyber threats related to their platforms. Google says that it’s blocking 18 million COVID-19 phishing scams each day, and the US Federal Trade Commission (FTC) has recorded 18,257 fraud complaints related to the Coronavirus, collectively causing $13.44 million in losses.y.
These numbers are a reminder that companies need to remain vigilant about addressing the most pressing threats, especially phishing scams, during the pandemic. However, agencies are also speculating that the significant uptick in cybercrime could be the result of a yet undisclosed data breach, which means that companies need visibility into the Dark Web where stolen credentials or other information could be used in upcoming attacks.