Make sure to add us or contact us for the latest news
 |
 |
 |
 |
 |
 |
 |
The Week in Breach: Featured -Don’t let the Data Gremlins get you!
We’ve spent the past week focusing on a big problem for small business – and that is Data Gremlins. We have a quiz and a Data sheet about 16 things Data Gremlins hate below. It’s better to be prepared than caught unaware.
The troublesome data loss gremlins are always plotting devious new ways to destroy your most important data and ruin your day—and your livelihood. As soon as you let down your guard, they’ll sneak up on you with a nasty surprise, like a security breach, a server meltdown, or a devastating fire that will leave you and your customers scrambling to pick up the pieces.
That doesn’t mean you’re totally defenseless, though. Every data loss gremlin has a weakness, something they hate with a passion because it keeps foiling their evil plans. Knowing what these weaknesses are will help you scare off Scratch, Scorch, Klepto, Mal, Mayhem, and Whoopsie Daisy and keep your data safe.
The Week in Breach News – United States
United States – Whirlpool
Exploit: Ransomware
Whirlpool: Appliance Manufacturer
Risk to Business: 2.311 = Severe
The Nefilim ransomware gang struck at Whirlpool, stealing data but not impacting manufacturing operations. The gang claims that the files it published were obtained from Whirlpool during a ransomware attack in December 2020. The leaked data appeared to be proprietary and staff information including documents related to employee benefits, accommodation requests, medical information requests, background checks, and more.
Individual Risk: No personal or consumer information was reported as impacted in this incident at this time but the incident is still under investigation.
Customers Impacted: Unknown
How it Could Affect Your Business: While using ransomware to disrupt manufacturing or operations has been in vogue recently, it’s still a favored tool for cybercriminals to use in a classic data grab.
IntegraMSP to the Rescue: Don’t just hope that you’re not a target – get your business ready to fight back against ransomware threats. CONTACT US>>
United States – GetSchooled
Exploit: Unsecured Database
GetSchooled: Education Non-Profit
Risk to Business: 2.302 = Severe
An unsecured database at education charity operation GetSchooled left personally identifiable information exposed for more than 900K students, ranging from 10-year-olds to college students. GetSchooled is an arm of the Bill and Melinda Gates Foundation that encourages educational achievement for students in need through gamification, personalized support, and content development. The database was left open and exposed for approximately one month.
Individual Risk: 2.271 = Severe
The exposed information includes personally identifiable information of students including children, teenagers and young adults. Some of the information left exposed in this incident was very detailed including full addresses, schools, phone numbers and emails, graduation details, ages, genders.
Customers Impacted: 930,000
How it Could Affect Your Business Failing to secure a database is a rookie mistake, and especially embarrassing (and dangerous) for a charity that primarily serves minors.
IntegraMSP to the Rescue: Make sure everything that should be locked down is with secure identity and access management using Passly that seamlessly integrates with more than 1k apps. SCHEDULE A DEMO>>
United States – Door Controls USA
Exploit: Ransomware
Door Controls USA: Door Parts Distributor
Risk to Business: 2.083 = Severe
Hackers have leaked more than 140 GB of confidential and proprietary information from Texas-based Door Controls USA after the company failed to pay a requested ransom. The information is sorted into two categories, with one containing assorted documents related to company financials and accounting information including credit card statements, while the other is dedicated to sensitive research and development data, blueprints, schematics, product plans, and manufacturing instructions for a variety of door parts.
Individual Impact: No personal data was reported as exposed in the incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Information like this can live forever on the Dark Web. Manufacturing data like blueprints spec sheets, research and development files, schema, product plans and similar specific product information is a hot seller in Dark Web markets
IntegraMSP to the Rescue: Dark Web ID helps protect businesses from Dark Web danger by watching for protected credentials to appear in Dark Web markets 24/7/365 and alerting your IT team if they appear. CONTACT US>>
United States – T-Mobile
Exploit: Hacking
T-Mobile: Mobile Device Network Provider
Risk to Business: 2.383 = Severe
T-Mobile has found itself embroiled in a “malicious hacking incident” that has resulted in data exposure for an estimated 200,000 clients. The company said in a statement that Customer proprietary network information (CPNI) was accessed and may have included phone numbers, the number of lines on the account and call-related information.
Individual Risk: 2.280 = Severe
T-Mobile maintains that only a small fraction of its clients were impacted in the incident, and the company has sent text messages to the affected account holders. T-Mobile customers should be cautious about potential phishing attempts through text or email using this data.
Customers Impacted: 200,000 estimated
How it Could Affect Your Business: It’s not all ransomware these days – good old-fashioned hacking is still a risk that every business faces. When information like this makes its way to the Dark Web, it makes hackers’ jobs easier.
IntegraMSP to the Rescue: Are your company credentials just waiting to be found in Dark Web data markets? Find out before cybercriminals do with 24/7/365 Dark Web monitoring. CONTACT US>>
United States – Aetna
Exploit: Malicious Insider
Aetna: Insurance Company
Risk to Business: 1.928 = Severe
Aetna is in hot water after a debacle that involved a contractor BEC and phishing in an explosive insider incident. On Sept. 28, Aetna was informed that an EyeMed email account was accessed by an unauthorized individual and that phishing emails were sent to addresses contained in the mailbox. The email account contained information about individuals who previously or currently receive vision-related services through EyeMed, including Aetna customers.
Risk to Business: 2.122 = Severe
The information that may have been accessed included names, addresses, dates of birth and vision insurance accounts/identification numbers. In some cases, full or partial Social Security numbers, birth or marriage certificates, medical diagnoses and conditions, treatment information or financial information may have been accessed. Customers of Aetna that use EyeMed should be wary of potential spear phishing and identity theft. EyeMed is mailing letters to affected individuals and has established a dedicated call center to answer any questions and concerns. It is also offering free credit monitoring and identity protection services for two years.
Customers Impacted: 500,000 estimated
How it Could Affect Your Business: Insider threats are one of the most overlooked high-damage cybersecurity threats. No one wants to believe that their employees are out to get them, but even non-malicious insiders can do massive damage fast.
IntegraMSP to the Rescue: Learn to spot and stop insider threats CONTACT US TO FIND OUT HOW>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.