Last week, third party contractors put data at risk, phishing scams continue to target unprepared employees, and cybercriminals target online retailers as the pandemic continues to keep customers out of stores.
United States – Wolfe & Associates
Exploit: Unauthorized access
Wolfe & Associates: Property management company
Risk to Small Business: 2.756 = Moderate
A company database containing housing applicants’ personal data was infiltrated by hackers more than six months ago, providing bad actors unfettered and unrestrained access to sensitive personal information. Wolfe & Associates learned of the breach when it was notified by a local police department, which raises real questions about their cybersecurity capabilities and defensive posture. In addition to contacting victims directly, Wolfe & Associates completed a holistic overhaul of its IT infrastructure. However, this costly upgrade won’t undo the damage of its negligent data defense.
Individual Risk: 2.593 = Moderate
The stolen database contains account information for 217,000 users. This includes names, email addresses, and hashed and scrambled passwords. Those impacted by the breach should immediately update their login credentials for this website and any other service using the same information, plus closely monitor their accounts for unusual or suspicious activity.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: In response to this incident, Wolfe & Associates undertook a holistic realignment of their data security capabilities. However, in today’s cybersecurity landscape, where hackers are actively looking to exploit lax data defense standards, companies must take action to secure critical information before a breach occurs.
United States – Canon Business Process
Exploit: Phishing scam
Canon Business Process: Business outsourcing provider
Risk to Small Business: 1.575 = Severe
After an employee fell for a phishing scam, hackers gained access to the personal data from the company’s business contracts, including General Electric. The breach occurred between February 3 and February 14, 2020, but Canon Business Process didn’t learn of the breach until February 28. Now, in addition to providing credit monitoring services for victims, Canon Business Process has damaged its reputation with a major client.
Individual Risk: 1.701 = Severe
Canon Business Process provides outsourcing services for human resources and payroll responsibilities, so the compromised data includes direct deposit forms, tax forms, Social Security numbers, birth certificates, passports, benefit applications, and driver’s licenses. This information is often used to execute financial fraud, and those impacted by the breach should immediately notify their financial institutions of the breach. In addition, they should enroll in the complimentary credit monitoring services provided by Canon Business Process.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Third-party data breaches are becoming increasingly common, extending businesses’ cybersecurity concerns to every partnership they pursue. With the cost and consequences of a data breach continually increasing, every company should consider a company’s defensive posture before agreeing to work together.
United States – nCourt
Exploit: Unprotected database
nCourt: Payment processor
Risk to Small Business: 2.341 = Severe
nCourt developers failed to secure a database containing customers’ financial data from its two websites that facilitate court payments. The breach compromised three years of customer data through November 2019. Unfortunately, this information has already been posted on hacking forums where bad actors can use it for many nefarious purposes.
Individual Risk: At this time, no personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Companies in every sector have seen an uptick in cybersecurity threats as COVID-19 disrupts business-as-usual and puts many people on edge. This is especially true for the healthcare industry, which is experiencing a deluge of ransomware attacks, phishing scams, and other threats at a critical time.
United States – Otis Bowen Center for Human Services
Exploit: Phishing scam
Otis Bowen Center for Human Services: Mental health and addiction recovery service
Risk to Small Business: 2.223 = Severe
Two employees engaged with a phishing scam that provided hackers with access to company data. Although the breach occurred in January 2020, the company only recently completed a digital forensic audit that revealed the extent of the incident. Unfortunately, this slow response time has put victims at risk of data misuse, and it could have regulatory implications because of the healthcare-oriented nature of the breach.
Individual Risk: 2.130 = Severe
The company declined to identify the specific data sets, but patient data often contains peoples’ most sensitive information. Victims were notified by email, and they should take every precaution to ensure that they mitigate the possible repercussions of the breach. This includes enrolling in the complimentary credit and identity monitoring services offered by the company.
Customers Impacted: 35,800
How it Could Affect Your Customers’ Business: In 2020, data privacy regulations impact companies in every sector and in many locations. As a result, data security isn’t just an altruistic endeavor. It’s a mission-critical priority, and a failure to execute on this standard can have significant financial implications for companies that experience a data breach.
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News:
Online Retailers See Surge in Cyberattacks Amidst COVID-19 Crisis
The COVID-19 pandemic has relegated many of us to our homes, leaving businesses with few opportunities to reach their customers and make sales. Online shopping has become a vital lifeline for thousands of businesses while brick and mortar locations are closed and millions of people shelter in place. In fact, many retailers are experiencing online traffic that is exceeding Cyber Monday activity, typically a high watermark for online shopping.
Unfortunately, bad actors are capitalizing on this moment by targeting e-commerce platforms for attack using tricks like account takeovers, bot-powered scraping attacks, and payment card skimming malware. For example, 80% of login incidences at home goods retailers are attributed to account takeover attempts.
While a litany of COVID-19-related cyber risks has become increasingly apparent, it’s clear that online retailers need to be especially critical of their defensive posture to ensure that they can continue meeting surging demand in an uncertain retail atmosphere in order to retain customer goodwill and capture enough revenue to stay afloat in a challenging time for retail.
A Note From Kobargo
Less Than Half of Businesses Provide Cybersecurity Training
According to a recent study, less than half of UK businesses provide cybersecurity training to all employees, and 65% of IT security decision-makers view their organization as complacent when it comes to securing customer data. At the same time, the study found that correcting those issues is essential for ensuring data security.
Closing the gap between best practices and actual implementation is especially important now that COVID-19 has produced many novel cybersecurity threats that even the most well-trained and cybersecurity-savvy employees might not be prepared to thwart.
At ID Agent, we know that these unprecedented times present unique challenges. That’s why we’re happy to be able to offer Passly, the ideal secure identity and access management tool for today’s remote workforce. Passly adds vital security to every user’s login credentials to quickly secure access to your systems and data.
We are also ready to support your data security initiatives with best-in-class cybersecurity training that includes training your staff to spot and repel phishing attacks, the most common tactic that cybercriminals employ to gain entry to the heart of your business.
Our affordable, scalable solutions can be deployed in a flash and quickly customized to work for any company, enabling you to rapidly pivot to meet today’s needs and be well positioned for tomorrow.