Week in Breach
This Week in Breach News: Egregor ransomware is flying high in retail, manufacturing & staffing around the world, Amazon phishing scams are even more of a holiday menace than usual to businesses this year, and our 2020 eBook “bestseller” list.
The Week in Breach News – United States
United States – Greater Baltimore Medical Center
https://www.securityweek.com/greater-baltimore-medical-center-hit-ransomware-attack
Exploit: Ransomware
Greater Baltimore Medical Center: Hospital
Risk to Business: 1.622 = Severe
A ransomware attack left Greater Baltimore Medical Center (GBMC) scrambling after many of its systems were knocked offline, impacting patient care. Procedures scheduled for 12/07/20 had to be rescheduled. Backups and workarounds enabled the hospital to keep functioning as the attack was investigated and mitigated. Recovery is ongoing.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is increasingly being used as a way to cause operational disruptions instead of just snatching data, complicating its impact.
ID Agent to the Rescue: BullPhish ID keeps staffers on alert for potentially ransomware-laced phishing email with engaging, easy-to-understand video training. LEARN MORE>>
United States – AspenPointe
Exploit: Unauthorized Database Access
AspenPointe: Healthcare Non-Profit
Risk to Business: 1.613 = Severe
AspenPointe has disclosed a large data breach that exposed personally identifying information (PII) of patients working with non-profit organizations that it manages including participants in its mental health and substance misuse programs. The unauthorized access took place in early September 2020 and it’s unclear how much data was stolen. AspenPointe is a nonprofit funded by Medicaid, state, federal, and local government contracts, as well as donations, that manages 12 organizations providing care and counseling in Colorado.
Individual Risk: 1.820 = Severe
Patients may have had extensive personal and private information exposed including PPI like their date of birth, Social Security number, Medicaid ID number, date of the last visit (if any), admission date, discharge date, and/or diagnosis code. AspenPointe is providing those affected by the data breach IDX identity theft protection services including “12 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services.”
Customers Impacted: 295,617
How it Could Affect Your Customers’ Business Data breaches at any business are bad news, but at a business like this, it’s a nightmare. Not only will AspenPointe have to deal with the corporate fallout, but regulators are also going to come calling with fines as well, making this incident extra expensive.
ID Agent to the Rescue: Your customers need solutions that protect their data from risks like this one, but tough times and tight budgets may be standing in the way of closing that sale. With Goal Assist, you can tag in an ID Agent expert to help you seal the deal. LEARN MORE>>
United States – Philabundance
https://www.phillyvoice.com/philabundance-cyberattack-theft-1-million-dollars/
Exploit: Business Email Compromise
Philabundance: Hunger Relief Non-Profit
Risk to Business: 2.017 = Severe
Hunger relief charity Philabundance got bilked by BEC scammers at the worst possible time. The charity, which fed 54,700 Philadelphians weekly in 2019, is now feeding 134,800 people each week. This incident occurred when the organization paid a construction bill of over $923,000 for a new $12 million facility built in North Philly for its Community Kitchen program, only to discover that they’d paid scammers instead. It’s believed that the con was enabled by a hack on the charity’s computer systems in July that enabled scammers to divert legitimate email from the construction company and replace it with their own fakes. Philabundance says that daily operations will not be impacted by the incident, but it remains a huge problem for this organization at a time when so many Americans rely on programs like this to keep their families fed.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: 134,800 Philadelphians daily
How it Could Affect Your Customers’ Business: Business email compromise scams are some of the thorniest problems that every business faces. Good regularly refreshed security awareness training will help employees spot and stop BEC scams.
ID Agent to the Rescue: Learn more about defending against BEC and other damaging attacks when you become a Security Awareness Champion with the tips, tricks, and scam walkthroughs in our Security Awareness Champion’s Guide. READ IT>>
United States – Kmart
https://threatpost.com/kmart-egregor-ransomware/161881/
Exploit: Ransomware
Kmart: Retail Store Chain
Risk to Business: 1.802 = Severe
Already beleaguered retailer Kmart did not need the extra complications that came with the Egregor ransomware attack that was delivered to their door. The incident has encrypted devices and servers connected to the company’s networks, knocking out back-end services and corporate operations functions. Retail stores are operating normally and no consumer impact has been reported.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a disaster for any business, but it’s an especially cruel problem for a non-profit these days.
ID Agent to the Rescue: Many Business Email Compromise scams arrive as the cargo of a phishing attack, like this one. Learn how to defend your organization against them with BullPhish ID in our new eBook Phish Files. READ IT>>
United States – Alaska Division of Elections
https://www.juneauempire.com/news/113000-alaskan-voter-ids-exposed-in-data-breach/
Exploit: Hacking
Alaska Division of Elections: State Agency
Risk to Business: 2.336 = Severe
An election-time data breach involving voter registration information was recently disclosed in Alaska. State and federal officials say that the election process was not impacted, but voter data was obtained for more than 100K Alaskan voters. Officials suspect nation-state hackers may be involved.
Individual Risk: 2.114 = Severe
The database snatched included some PII like birth dates, driver’s license or state identification numbers, the last four digits of social security numbers, full legal names, party affiliation, and official mailing addresses.
Customers Impacted: 113,000 voters
How it Could Affect Your Customers’ Business: Nation-state hacking is an especially serious problem for government agencies and infrastructure targets. Adding extra security with MFA and similar tools helps combat this risk.
ID Agent to the Rescue: Protecting your data and systems with more than one layer of security keeps hackers out no matter where they’re from. Passly provides that extra protection immediately at an excellent price. LEARN MORE>>
The Week in Breach News – Canada
Canada – Metro Vancouver
https://securityaffairs.co/wordpress/111513/data-breach/ransomware-hits-us-fertility.html
Exploit: Ransomware
Metro Vancouver: Public Transportation Authority
Risk to Business: 2.229 = Severe
Egregor ransomware had a busy week as it disrupted operations for Metro Vancouver, impacting causing disruptions in services and payment systems for its TransLink payment service. Transportation service for riders was not otherwise impacted. The Egregor gang published a ransom demand and the incident is being investigated.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a huge threat to infrastructure targets right now, and it has been especially impactful in the transportation sector. Agencies need to be using their resources wisely to combat it.
ID Agent to the Rescue: Ransomware is almost always delivered as part of a phishing attack. Don’t let phishing shut your operations down. Train staffers to spot and stop phishing with BullPhish ID. LEARN MORE>>
The Week in Breach News – United Kingdom & European Union
Switzerland – Kopter Group
https://securityaffairs.co/wordpress/111998/cyber-crime/lockbit-ransomware-kopter.html
Exploit: Ransomware
Kopter Group: Helicopter Manufacturer
Risk to Business: 1.662 = Severe
LockBit ransomware struck Swiss helicopter maker Kopter, disrupting operations. The attackers compromised its internal network and encrypted the company’s files. The ransomware gang revealed that it was able to access the company’s systems by utilizing a poorly protected VPN. Kopter manufactures civilian aircraft. Investigation and recovery are ongoing.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is the fastest, easiest way for cybercriminals to score a big payday, and it’s only growing more popular – and more disruptive.
ID Agent to the Rescue: Don’t just hope that you’re not next – fight back against ransomware threats with our eBook “Ransomware 101”. See why you’re at risk and how to protect your business fast. GET THE BOOK>>
The Netherlands – Randstad
Exploit: Ransomware
Randstad: Staffing Agency
Risk to Business: 2.237 = Severe
The Egregor ransomware gang is getting its work done before the holidays, with yet another major strike this week, this time on the world’s largest staffing company. Randstad states that only a limited number of servers were impacted and that their network and business operations continued to operate without disruption. The company is still assessing what data exactly was stolen, but doesn’t expect that any client or employee data was impacted.
Individual Impact: No personal data was reported as exposed in this incident, but that may change as the investigation progresses.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: No matter how big a company is, one ransomware-laden phishing email can bring it to its knees in a hurry. Phishing is the biggest risk every business faces today.
ID Agent to the Rescue: Don’t wait until ransomware creates a massive disruption in your organization’s ability to get the job done. Update phishing resistance and security awareness training for every staffer BullPhish ID. SEE BULLPHISH ID IN ACTION>>
The Netherlands – Royal Dutch Cycling Union
Exploit: Ransomware
Royal Dutch Cycling Union: Sport Governing Body
Risk to Business: 2.869 = Moderate
The ransomware gang that decided to strike the Royal Dutch Cycling Union struck out this week after stealing a database from the agency and publishing their ransom demand with sample data as proof. It turns out that the governing body had already transferred that information to a new, more secure system and they aren’t interested in having the old data returned. There’s been no impact on operations, and no sensitive membership data was involved.
Individual Impact: No personal data was reported as exposed in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Data theft is the most typical goal of ransomware gangs. Even in a low-impact incident like this, data could still be exposed that could harm your business, like account credentials.
ID Agent to the Rescue: Remember, employees routinely recycle passwords between work and personal applications. Don’t miss the memo when your employee passwords are exposed on the Dark Web through incidents like this. LEARN MORE>>
Our partners typically realize ROI in 30 days or less. See why 3,000+ MSPs in 30 countries choose to grow with ID AGENT solutions and support and join them. BECOME A PARTNER>>
The Week in Breach News – Australia & New Zealand
Australia – Loch Rannoch Highland Club
Exploit: Insider Threat (Employee Error)
Loch Rannoch Highlands Club: Private Resort
Risk to Business: 1.227 = Extreme
Administrators at the Lake Rannoch Highland club are in hot water after a suspected employee error exposed information about 2,400 members and visitors, including some very prominent people. Detailed personal information about people who don’t like that data circulating around was made available publically after it was posted to a publicly accessible portion of the club’s website in what the resort notes was an “employee error”.
Individual Risk: 1.433 = Extreme
243 pages of sensitive information about the owners of holiday homes or timeshares at the club and their guests were exposed, including the personal emails and phone numbers of more than 2,400 members plus timeshare owners’ email addresses and phone numbers, alongside their club reference numbers.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Insider threats are always lurking just around the corner, ready to spring messy cybersecurity incidents on every business that can have terrible consequences for your company’s reputation and client goodwill.
ID Agent to the Rescue: Insider threats can be controlled with the right security precautions. Download our “Insider Threats” toolkit for an eBook and other tools to combat insider threats. GET THE FREE TOOLKIT >>
The Week in Breach News – South America
Brazil – Embraer
https://www.securityweek.com/brazilian-plane-maker-embraer-targeted-cyberattack
Exploit: Ransomware
Embraer: Airplane Manufacturer
Risk to Business: 1.227 = Extreme
Embraer, the world’s third-largest manufacturer of commercial, executive, military, and agricultural aircraft, was grounded by a suspected ransomware attack. The company was able to limit the spread of the malware and recover quickly with only minimal disruptions to operations.
Individual Impact: No personal data was reported as exposed in this incident.
How it Could Affect Your Customers’ Business: Corporate data that includes plans and schematics for things like airplanes or security systems can fetch a pretty penny for criminals on the Dark Web. That kind of data needs extra protection.
ID Agent to the Rescue: Information from incidents like this inevitably makes its way to Dark Web data markets. Make sure your employee credentials are protected from Dark Web data risk when you have them monitored with Dark Web ID. SEE DARK WEB ID AT WORK>>
The Week in Breach News Guide to Our Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.