Cyber Alert Monday, Data Breach- Why should you care about the latest data breach or ransomware attack? Reality is, you don’t have to. In fact, that’s what cyber-criminals are counting on.

Topps: U.S. Sports trading card and collectible company.

Exploit: Form-jacking attack.
Risk to Small Business: Severe: After initially discovering unauthorized access in December and investigating, the company confirmed that customers who had placed orders from November through January may have been compromised. Payment card details including credit/debit card numbers, card expiration dates, and security codes were breached. This is the second breach suffered by the company in recent years, which may compound customer churn and security costs.
Individual Risk: Severe: Personal information such as customer names, mailing addresses, telephone numbers, and email addresses were also exposed during the attack. Users are being asked to review their payment card statements and stay alert for possible identity theft.
Customers Impacted: To be determined.
How it Could Affect Your Business:  Form-jacking attacks are being deployed by hackers at an unprecedented rate, with a targeted focus towards online retailers. Once customer data is skimmed from an e-commerce site using malicious code, it can be sold on the Dark Web for profit or used to carry out various forms of cyber fraud. Even worse, such attacks can go unnoticed for long periods of time, causing more damage to both companies and their customers. Source
 

St. Francis Physician Services: Health system based in South Carolina.

Exploit: Unauthorized access of electronic health record system.
Risk to Small Business: Severe: On January 4th, it was discovered that an unauthorized individual gained access to systems of Milestone Family Medicine, a medical practice in Greenville. The SFPS health system previously employed the physicians that worked at Milestone Family Medicine, leading the larger organization to launch an investigation. While there is currently no indication of information misuse, letters have been sent to patients alerting them of the breach.
Individual Risk: Severe: On January 4th, it was discovered that an unauthorized individual gained access to systems of Milestone Family Medicine, a medical practice in Greenville. The SFPS health system previously employed the physicians that worked at Milestone Family Medicine, leading the larger organization to launch an investigation. While there is currently no indication of information misuse, letters have been sent to patients alerting them of the breach.
Customers Impacted: To be determined.
How it Could Affect Your Business:  In this scenario, SFPS was obligated to disclose the data breach even though Milestone Family Medicine was no longer a part of its network. Small businesses should be educated on data breach notification requirements that are becoming increasingly stringent. To avoid similar situations from arising, companies must shield themselves from third-party or employee-related breaches. Source
 

Samsung Canada: Canadian arm of the Samsung Electronics company

Exploit: Third-party employee breach.
Risk to Small Business: Severe: On November 29th, 2018, an intruder gained account credentials for a Glentel employee and was able to view personal details of shoppers on the Samsung Canada online store. Glentel is the independent wireless retailer that operates the Samsung website, and was able to address the vulnerability within the same day. The company was forced to disclose the breach to its customers but has offered assurances that no financial information was exposed.
Individual Risk: Severe: Names, addresses, emails, phone numbers, and product purchase details were compromised. However, only customers that were making purchases during the time of exposure would have been affected.
Customers Impacted: To be determined.
How it Could Affect Your Business: Disguising or diminishing the consequences of a data breach can be detrimental for any organization. A customer openly spoke out against the data breach notification on Twitter, sarcastically noting that “only my address, phone number, email was accessed… Thanks, Samsung Canada”. In the event of a breach, it is important to communicate effectively with customers in order to restore trust and get back to business. Source.
 

NWT Department of Health and Social Services: Health department for the Northwest Territories of Canada

Exploit: Theft of government employee laptop.
Risk to Small Business: Severe: On May 9th, 2018, an intruder broke into a car and stole a government employee’s laptop, resulting in a severe privacy breach. It is estimated that the device contained information on up to 40,000 Canadian citizens, and included sensitive health information. Officials are citing inadequate privacy training as the core issue since managers are instructed to delete sensitive data immediately after using them. The department will now be required to conduct a list of privacy initiatives by 2020, resulting in expensive investments measured in time and money.
Individual Risk: Severe: Although less than half of those affected were only identified by health card numbers, the remaining 53% could be at risk since their names, dates of birth, health card numbers, and diagnoses were stored on the exposed laptop. Such sensitive data can be sold on the Dark Web to the highest bidder or leveraged for harmful identity theft.
Customers Impacted: 40,000 Canadian residents.
How it Could Affect Your Business: Employees are identified as agents, or extensions, of the company they work for. When news breaks that an employee is responsible for a data compromise, the entire organization is put under a microscope. Businesses must ensure that their workforce acts as custodians of customer data, and this can be accomplished through privacy training and proper vetting. Source.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!