Cyber Alert Monday, February 11, 2019

Houzz: US-based Home improvement and interior decorating startup

Exploit: User data exposure

Risk to Small Business: Severe: On Friday, the company issued a notice to customers stating that an “unauthorized third party” had accessed user data including usernames, passwords, and IP addresses. Although financial information was not exposed, Houzz became aware of the breach in late December of 2018, yet the investigation is still ongoing, and it is still not clear how many users were impacted.

Individual Risk: Severe: When combined with the internal data that was compromised, public information such as first and last name, city, state, country, profile description, can be packaged together to sell on the Dark Web and commit cyber fraud. Additionally, users who logged into the app via Facebook would have their IDs exposed as well.

Customers Impacted: To be determined

How it Could Affect Your Business:  In the event that an organization has to disclose a breach to its users, it is essential to be clear on “who, what, when, and where”. Even though Houzz discovered the leak in late December of 2018 and was compelled to disclose in a timely manner in accordance with new GDPR laws, they are still unsure on the number of users impacted or the origin of the cyber attack. Aside from dispelling vigilant customers who want to protect their data going forward, the incident may trigger fines to be levied. Source

 

Colorado CCPSA: Private physician practice in Lakewood, Colorado

Exploit: Employee phishing attack.

Risk to Small Business: Severe: The Colorado-based clinic recently discovered a phishing attack affecting 23,377 patients between August 14th and November 23rd of 2018. A hacker gained access to an employee email account and sent phishing emails via contact list to steal payment data. Officials could not determine exactly what was viewed or copied, but it’s quite possible that personal and protected health information was compromised. Along with being forced to offer one year of free credit monitoring services and install mandatory cybersecurity awareness training for employees, further investigations will ensue.

Individual Risk: Severe: A wide spectrum of data could have been compromised, ranging from names, addresses, dates of birth, social security numbers, and license numbers to diagnoses, conditions, medications, and more. Payment information was not involved, but the compromised details can be leveraged for far more nefarious schemes such as insurance fraud.

Customers Impacted: 23,377 patients.

How it Could Affect Your Business: It’s not a secret that phishing attacks originating from employee email accounts are becoming more and more prevalent. Companies must prioritize security by partnering up with service providers that can prevent, detect, and mitigate data breaches. Without proper detection solutions in place, the resources and time allocated to containing a breach grow exponentially and detract from the bottom line. Source

 

 

Canada Revenue Agency (CRA): Tax law administrator for the government of Canada

Exploit: Privacy breach by rogue tax workers

Risk to Small Business: SevereThousands of Canadians had their personal incomes and other tax information compromised by employees working at the CRA. Of the 264 workers who inappropriately accessed information, 182 were disciplined, 36 face a pending decision, and 46 have left the organization. Along with having to augment on their preexisting investment of $10M on prevention from 2017, CRA will remain under fire and must answer to disgruntled citizens.

Individual Risk: Severe: As conservative national revenue critic Pat Kelly commented, “it’s unacceptable that information like a person’s information was accessed inappropriately”. Given that 264 of these privacy breaches occurred between a span of 4 years (November 4th, 2015 to November 27th, 2018), it is safe to say that no one’s tax data is safe.

Customers Impacted: 41,631 Canadian taxpayers

How it Could Affect Your Business: With tax information in hand, hackers can sell information on the Dark Web for lucrative profits or conduct fraud that is difficult to trace. Additionally, this breach can be leveraged to orchestrate further cyber-attacks on different companies, which means that companies doing business in Canada should be on high alert. Source.

No Comments Yet.

Leave a reply

Sign up for our Newsletter


By submitting this form, you are consenting to receive marketing emails from: Kobargo Technology Partners, 12425 W. Bell Road, Surprise, AZ, 85378, http://www.kobargo.com. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact