Make sure to add us or contact us for the latest news The Week in Breach: Featured Threat The BlackBaud…
New This Week in Cybersecurity News: This week: Carnival can’t sail out of a ransomware attack, Instacart has a second security stumble, rising breach penalties include legal troubles for a former Uber executive, and meet Graphus: a fresh automated phishing defense solution that’s the perfect addition to our digital risk protection platform.
Cooke County, TX: Municipal Government
Risk to Business: 1.972 = Severe
Attackers claimed to have used REvil ransomware on July 4 in a ransomware attack on the Cooke County Sheriff’s Office (CCSO). In the resulting in a data breach, cybercriminals snatching personal identification information from an internal database. The compromised data came from either CCSO reports or cases going back several years. The gang posted their typical announcement about the hack showing data folders with filenames that appeared to reflect archived case files as well as current cases, including a threat that the files would be uploaded in seven days.
Individual Risk: 2.201 = Severe
While no financial information was reported as stolen, PII was involved in the breach – not to mention potentially damaging or embarrassing legal records.
Customers Impacted: 2,000+
How it Could Affect Your Business: Ransomware is most commonly delivered via a phishing email, although cybercriminals are expanding their use of phishing through messaging and SMS text.
University of Utah: Institution of Higher Learning
Risk to Business: 2.077 = Severe
Netwalker ransomware appears to be the culprit in a data breach at the University of Utah. The school reportedly paid a ransomware gang $457,059 in order to avoid having student information released online. The hack occurred on July 19, and the cybercriminals gained access to the network of the university’s College of Social and Behavioral Science [CSBS].
Individual Risk: 2.224 = Severe
Even when a ransom is paid, there’s never proof that the gang really did destroy the stolen data, instead of copying it or selling it. Students should be aware of this data being used in spear phishing attempts.
Customers Impacted: Unknown
How it Could Affect Your Business Ransomware is a persistent and pernicious threat to any business. Paying the criminals doesn’t guarantee the safety of stolen data – but blocking the initial attack does.
Exploit: Unauthorized Access to Data
Instacart: Grocery Shopping and Delivery Service
Risk to Business: 1.775 = Severe
In a statement posted to its website, Instacart has announced that it has suffered another data breach, less than a month after a breach that was widely reported in the media containing user account data. This time, two employees at a third-party service provider accessed accounts that they shouldn’t have, exposing customer information again.
Individual Risk: 2.821 = Moderate
Instacart’s forensic investigation did not find any evidence the two support agents had downloaded or digitally copied data from its systems. The company’s contract with the third-party vendor has been terminated, and impacted accounts have been notified via email.
Customers Impacted: 2,180
How it Could Affect Your Business: Although the pandemic will continue to drive their business as people who are unable to shop in person flock to the service, in other circumstances this would assuredly cause customer dissatisfaction, especially after the information for 278,531 Instacart accounts turned up in a Dark Web marketplace after the first one.
Exploit: Unauthorized Database Access (Hacking)
Freepik: Photo and Graphic Library
Risk to Business: 1.903 = Severe
Photo and graphics giant Freepik the security breach occurred after hackers were able to exploit an SQL vulnerability to gain access to one of its databases storing user data. The unidentified cybercriminals gained access to usernames and passwords for the oldest accounts registered on the Freepik and Flaticon websites, impacting millions of users.
Individual Risk: 2.782 = Moderate
Potentially affected users have been notified via email the company reports that impact varies per account. Not all users had passwords associated with their accounts. The company estimates that number at 4.5 million users who used federated logins (Google, Facebook, or Twitter) to log into their accounts. For the remaining 3.77M users the attacker got their email address and a hash of their password. For 3.55M of those users, the method to hash the password was bcrypt. For 229K users, the method was salted MD5. Since the attack, all users have been updated to bcrypt.
Customers Impacted: 8.3 million
How it Could Affect Your Business: It pays to guard old data too by updating storage security and access security. Many of the oldest databases and accounts involved in this incident had never had their security updated and it had long since become obsolete, making it easier for hackers to break in and steal.
Carnival Corporation: Cruise Line
Risk to Business: 1.903 = Severe
Carnival has released a statement noting that on August 15 attackers “accessed and encrypted a portion of one brand’s information technology systems,” and that the intruders also downloaded files from the company’s network. preliminary assessment of the incident, Carnival said it expects that the attackers gained access to some guest and employees’ personal data, but it is still investigating the incident. This is Carnival’s second breach this year after another breach was disclosed in March.
Individual Risk: 2.312 = Severe
The investigation into exactly what data and what kind of data was stolen is ongoing. Carnival expects that both passenger and employee data has been impacted, but has offered no specifics. Anyone who has traveled on a Carnival cruise and staffers should be wary of phishing and identity theft attempts.
Customers Impacted: Unknown
How it Could Affect Your Business: Protection from ransomware starts with protection from phishing – including adding automated phishing protection and phishing resistance training to your security stack.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach Cybersecurity and New Breach News are calculated using a formula that considers a wide range of factors related to the assessed breach.