Make sure to add us or contact us for the latest news
 |
 |
 |
 |
 |
 |
 |
The Week in Breach: Featured – Personal Data Privacy is a Challenge in a Connected (and Hacked) World
Who is looking at your personal data? Chances are, it’s more people than you think. Even if you’ve been diligent about protecting it, providing your personal or business information is required for many basic daily functions. So is data privacy even still possible in our increasingly plugged-in world – and if it’s not, what can you do to mitigate the risk of your personal data falling into the wrong hands or coming back to haunt you?
In today’s booming Dark Web markets, data is currency, and that makes data privacy a thing of the past. Cybercriminals and their clients are happy to get their hands on any kind of data, from account records for defunct businesses to COVID-19 vaccine research data to user credentials for a file sharing service. It doesn’t even matter if the data is current – all kinds of data can be put to all kinds of nefarious uses. Especially personally identifying information (PII) and crucial business identity data.
You’ve provided your PII or your company’s identifying information hundreds of times. Every time you signed up for a newsletter, downloaded a business eBook, opened an account, or downloaded a webinar, you were asked to provide at least basic information like your name, address, phone number, email address, and other salient details. Every company you’ve done business with or contracted for a service has your PII or business identifying data creating third party risk for you and your business.
Why Do Cybercriminals Want Your Personal and Business Data?
That kind of data is the bread and butter of cybercriminals. It’s especially desirable for use in mounting spear phishing attacks. Phishing is today’s worst threat – more than 80% of all cyberattacks are phishing attacks. It’s also drastically ramped up, with more than 600% more phishing attacks in 2020 than the previous year. That means that cybercriminals are launching a new phishing attack every 39 seconds – and they’re using your PII to do it.
By gathering your PII or company data and potentially knowing at least some of your habits and interests, bad actors can craft spear phishing messages that really reel in victims. Phishing isn’t just a personal danger – spear phishing is a huge problem for businesses. Most spear phishing attacks aimed at businesses are designed to capture credentials or deploy malware or ransomware. Precisely targeted whaling attacks can also lead to dangerous, expensive business email compromise disasters involving executive accounts.
All of these cyberattacks can be accomplished with just a little bit of PII or business data and a touch of ingenuity. With plenty of information in Dark Web markets and data dumps, cybercriminals aren’t experiencing a shortage of available records. More than 22 billion records hit the Dark Web in 2020 alone. That data isn’t just harmful to consumers either. Experts estimate that over 60% of the data that’s already on the Dark Web can be used to attack businesses, and that number is steadily climbing.
Even if you and your business eschew most web-based services, your PII and your business data are still at risk. Only 13% of victims are even aware that they’ve been impacted in a data breach. It’s nearly impossible to keep your personal and business identifying data truly private anymore, but there are a few things that you can do to reduce the risk of damage from exposed PII and business identifying data on the Dark Web.
3 Ways to Mitigate the Danger
Be Cautious About Spear Phishing – This is the favored method of attack for more than 60% of cybercriminals, and it’s absolutely headed for your business. Protect your systems and data from spear phishing catastrophes more easily when everyone is part of your cybersecurity team. One of the ways that we do this is to use BullPhish ID to train your staffers to spot and stop phishing emails using plug-and-play phishing simulation campaigns and video lessons in 8 languages, ensuring that every staffer is on the lookout for phishing threats.
Use Multifactor Authentication (MFA) – This single mitigation can stop up to 99% of cyberattacks from impacting your business. MFA is a must-have for businesses of any size to protect systems and data from intrusion. Take the power out of a stolen or cracked password and stop credential stuffing attacks cold by requiring a second identifier for access. Passly provides MFA as well as other secure identity and access management essentials in one affordable, award-winning solution.
Monitor the Dark Web Like the Bad Guys – Cybercriminals aren’t the only ones exploring the Dark Web. We’re there too with Dark Web ID. Utilizing ID Agent’s human and machine powered 24/7/365 monitoring and analysis combs the Dark Web for your protected credentials and sends up a red flag if they appear in Dark Web markets or dumps, giving you time to take action before the bad guys do.
While true data privacy may be a thing of the past, you don’t have to let that become a stumbling block for you or your business. By taking a few simple, sensible precautions, you can mitigate the risk of Dark Web data including stolen PII and throw up essential shields between your life and cybercrime.
Contact us to see how we can help you secure your business and your clients at a price you’ll love.
The Week in Breach News – United States
United States – Teespring
https://cybernews.com/security/8-million-teespring-user-records-leaked-on-hacker-forum/
Exploit: Hacking
Teespring: eCommerce Platform
Risk to Business: 2.129 = Severe
Hackers have dropped a huge trove of user and creator data allegedly from Teespring, an e-commerce platform that specializes in enabling designers to market their wares. The two massive files of stolen data include email addresses and last update dates for 8,242,000 user accounts.
Individual Risk: 2.221 = Severe
The info dump contains 4,000,000+ user records, including usernames, full names, locations, phone numbers, Creator IDs, referral information, trust score, whitelisted seller campaigns, storefronts, bank check payouts, and other analytics data. This data could be used to conduct business email compromise attacks and spear phishing attempts.
Customers Impacted: 8,242,000
How it Could Affect Your Business: Data like this is sought-after by cybercriminals and often hangs around for years on the Dark Web, acting as fuel for future cybercrime.
IntegraMSP to the Rescue: Watch for threats from the Dark Web without lifting a finger using Dark Web ID, 24/7/365 credential monitoring that alerts you to trouble fast. LEARN MORE>>
United States – Circuit Court of Cook County
https://www.securityweek.com/illinois-court-exposes-more-323000-sensitive-records
Exploit: Unsecured Server
Circuit Court of Cook County: Municipal Court System
Risk to Business: 1.775 = Severe
An unsecured Elasticsearch server is the cause of a huge data exposure containing more than 323,277 Cook County court-related records. Researchers estimate that the database may have belonged to a specialist Cook County department of caseworkers working with people who needed additional help.
Risk to Business: 1.612 = Severe
The records contained PII such as full names, home addresses, email addresses, and court case numbers and notes on the status of both the case and the individuals concerned. Criminal, family and immigration cases are in the mix. This data could be used to mount an array of attacks like blackmail, identity theft and spear phishing attempts.
Customers Impacted: Unknown
How it Could Affect Your Business Failing to take a simple step to secure a server that contains sensitive information doesn’t speak well to an organization’s commitment to cybersecurity.
IntegraMSP to the Rescue: Everyone needs to understand the seriousness of today’s threats. Our Security Awareness Champion’s Guide makes understanding cyber threats easy and fun. LEARN MORE>>
United States – MeetMindful
https://www.zdnet.com/article/sonicwall-says-it-was-hacked-using-zero-days-in-its-own-products/
Exploit: Hacking
MeetMindful: Dating Site
Risk to Business: 1.979 = Severe
Details of an estimated 2.28 million users of dating site MeetMindful was just released online in the latest in a series of stolen data dumps by cybercrime gang ShinyHunters. There’s no clear origin of the data, but researchers expect that it may have come from an unsecured AWS S3 bucket.
Individual Risk: 1.779 = Severe
The dumped data includes users’ real names, email addresses, address information, physical descriptions, dating preferences, marital status, birth data, location data, IP addresses, Bcrypt-hashed passwords, Facebook user IDs and Facebook authentication tokens. This information puts users at risk for spear phishing attacks.
Customers Impacted: 2.28 million
How it Could Affect Your Business: Keeping data safe from hackers starts with keeping data secure using strong access point controls and basic security protocols like multifactor authentication.
IntegraMSP to the Rescue: Passly provides the toolkit that businesses need to keep cybercriminals locked out of data and systems including multifactor authentication and secure shared password vaults. LEARN MORE>>
United States – Bonobos
Exploit: Hacking
Bonobos: Menswear Retailer
Risk to Business: 1.979 = Severe
Men’s clothier Bonobos has experienced a huge 70GB data breach exposing millions of customers’ personal information after a cloud backup of their database was snatched. ShinyHunters, who had a very busy week, posted the full Bonobos database to a free hacker forum. ShinyHunters was kind enough to transform the stolen password data into a handy list for credential stuffing.
Individual Risk: 2.006 = Severe
The leaked data included customers’ addresses, phone numbers, partial credit card numbers (last four digits), order information and password histories. This information can be used in many cyberattacks including spear phishing and credential stuffing.
Customers Impacted: 7 million
How it Could Affect Your Business: Data theft is an increasingly worrisome problem for everyone. Not only is the original business impacted, the addition of such large troves of information to the Dark Web fuels further cybercrime.
IntegraMSP to the Rescue: Dark Web ID provides 24/7/365 protection against surprise credential compromise by sending up a red flag when a stolen credential that could impact your business appears on the Dark Web. LEARN MORE>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.