The Week in Breach – Data Gremlins are out to get ya

 

Make sure to add us or contact us for the latest news

The Week in Breach: Featured -Don’t let the Data Gremlins get you!

We’ve spent the past week focusing on a big problem for small business – and that is Data Gremlins. We have a quiz and a Data sheet about 16 things Data Gremlins hate below. It’s better to be prepared than caught unaware.

The troublesome data loss gremlins are always plotting devious new ways to destroy your most important data and ruin your day—and your livelihood. As soon as you let down your guard, they’ll sneak up on you with a nasty surprise, like a security breach, a server meltdown, or a devastating fire that will leave you and your customers scrambling to pick up the pieces.

That doesn’t mean you’re totally defenseless, though. Every data loss gremlin has a weakness, something they hate with a passion because it keeps foiling their evil plans. Knowing what these weaknesses are will help you scare off Scratch, Scorch, Klepto, Mal, Mayhem, and Whoopsie Daisy and keep your data safe.

Take the Quiz to see what Data Gremlin you are!

Find out the 16 Things the Data Gremlins Hate.


The Week in Breach News – United States


United States – Whirlpool

https://www.bleepingcomputer.com/news/security/home-appliance-giant-whirlpool-hit-in-nefilim-ransomware-attack/

Exploit: Ransomware

Whirlpool: Appliance Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.311 = Severe

The Nefilim ransomware gang struck at Whirlpool, stealing data but not impacting manufacturing operations. The gang claims that the files it published were obtained from Whirlpool during a ransomware attack in December 2020. The leaked data appeared to be proprietary and staff information including documents related to employee benefits, accommodation requests, medical information requests, background checks, and more.

Individual Risk: No personal or consumer information was reported as impacted in this incident at this time but the incident is still under investigation.

Customers Impacted: Unknown

How it Could Affect Your Business: While using ransomware to disrupt manufacturing or operations has been in vogue recently, it’s still a favored tool for cybercriminals to use in a classic data grab.

IntegraMSP to the Rescue: Don’t just hope that you’re not a target – get your business ready to fight back against ransomware threats. CONTACT US>>


United States – GetSchooled

https://welpmagazine.com/bill-melinda-gates-foundations-charity-getschooled-breaches-900k-childrens-details/

Exploit: Unsecured Database

GetSchooled: Education Non-Profit

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.302 = Severe

An unsecured database at education charity operation GetSchooled left personally identifiable information exposed for more than 900K students, ranging from 10-year-olds to college students. GetSchooled is an arm of the Bill and Melinda Gates Foundation that encourages educational achievement for students in need through gamification, personalized support, and content development. The database was left open and exposed for approximately one month.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.271 = Severe

The exposed information includes personally identifiable information of students including children, teenagers and young adults. Some of the information left exposed in this incident was very detailed including full addresses, schools, phone numbers and emails, graduation details, ages, genders.

Customers Impacted: 930,000

How it Could Affect Your Business Failing to secure a database is a rookie mistake, and especially embarrassing (and dangerous) for a charity that primarily serves minors.

IntegraMSP to the Rescue: Make sure everything that should be locked down is with secure identity and access management using Passly that seamlessly integrates with more than 1k apps. SCHEDULE A DEMO>>


United States – Door Controls USA

https://cybernews.com/security/140gb-of-confidential-data-from-us-based-door-parts-distributor-leaked-on-hacker-forum/

Exploit:  Ransomware

Door Controls USA: Door Parts Distributor

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.083 = Severe

Hackers have leaked more than 140 GB of confidential and proprietary information from Texas-based Door Controls USA after the company failed to pay a requested ransom. The information is sorted into two categories, with one containing assorted documents related to company financials and accounting information including credit card statements, while the other is dedicated to sensitive research and development data, blueprints, schematics, product plans, and manufacturing instructions for a variety of door parts.

Individual Impact: No personal data was reported as exposed in the incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Information like this can live forever on the Dark Web. Manufacturing data like blueprints spec sheets, research and development files, schema, product plans and similar specific product information is a hot seller in Dark Web markets

IntegraMSP to the Rescue: Dark Web ID helps protect businesses from Dark Web danger by watching for protected credentials to appear in Dark Web markets 24/7/365 and alerting your IT team if they appear. CONTACT US>>


United States – T-Mobile

https://www.bleepingcomputer.com/news/security/t-mobile-data-breach-exposed-phone-numbers-call-records/

Exploit: Hacking

T-Mobile: Mobile Device Network Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.383 = Severe

T-Mobile has found itself embroiled in a “malicious hacking incident” that has resulted in data exposure for an estimated 200,000 clients. The company said in a statement that Customer proprietary network information (CPNI) was accessed and may have included phone numbers, the number of lines on the account and call-related information.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.280 = Severe

T-Mobile maintains that only a small fraction of its clients were impacted in the incident, and the company has sent text messages to the affected account holders. T-Mobile customers should be cautious about potential phishing attempts through text or email using this data.

Customers Impacted: 200,000 estimated

How it Could Affect Your Business: It’s not all ransomware these days – good old-fashioned hacking is still a risk that every business faces. When information like this makes its way to the Dark Web, it makes hackers’ jobs easier.

IntegraMSP to the Rescue: Are your company credentials just waiting to be found in Dark Web data markets? Find out before cybercriminals do with 24/7/365 Dark Web monitoring. CONTACT US>>


United States – Aetna

https://medcitynews.com/2020/12/information-of-nearly-half-a-million-aetna-members-exposed-in-email-hack/

Exploit: Malicious Insider

Aetna: Insurance Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.928 = Severe

Aetna is in hot water after a debacle that involved a contractor BEC and phishing in an explosive insider incident. On Sept. 28, Aetna was informed that an EyeMed email account was accessed by an unauthorized individual and that phishing emails were sent to addresses contained in the mailbox. The email account contained information about individuals who previously or currently receive vision-related services through EyeMed, including Aetna customers.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.122 = Severe

The information that may have been accessed included names, addresses, dates of birth and vision insurance accounts/identification numbers. In some cases, full or partial Social Security numbers, birth or marriage certificates, medical diagnoses and conditions, treatment information or financial information may have been accessed. Customers of Aetna that use EyeMed should be wary of potential spear phishing and identity theft. EyeMed is mailing letters to affected individuals and has established a dedicated call center to answer any questions and concerns. It is also offering free credit monitoring and identity protection services for two years.

Customers Impacted: 500,000 estimated

How it Could Affect Your Business: Insider threats are one of the most overlooked high-damage cybersecurity threats. No one wants to believe that their employees are out to get them, but even non-malicious insiders can do massive damage fast.

IntegraMSP to the Rescue: Learn to spot and stop insider threats  CONTACT US TO FIND OUT HOW>>


The Week in Breach Risk Levels

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.