March 3rd, 2021 by Kevin Lancaster

This Week in Breach News:

Bombardier and Steris get caught up in a third-party data breach, troubled crypto exchange Cryptopia gets hacked again and the shockingly large percentage of data breaches that are email-based (plus how to help businesses fight back).



United States – Gab

https://www.hackread.com/gab-hacked-ddosecrets-leak-profiles-posts-dms-passwords-online/

Exploit: Hacking

Gab: Social Media Platform

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.479 = Extreme

Right wing social media platform Gab was hacked by hacktivist group DDoSecrets. The platform is notorious for lax censorship of hate speech and is a haven for extremists including white supremacists, neo-Nazis, white nationalists, the alt-right, and QAnon conspiracy theorists. DDosSecrets has posted 70 GB of Gab content to its website including public posts, private posts, user profiles, hashed passwords for users, DMs, and plaintext passwords for groups in SQL format, along with over 70,000 messages in more than 19,000 chats with over 15,000 users in plaintext format.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.447 = Extreme

It is unclear how many individuals may have been impacted. Gab users should be wary of spear phishing attempts, as well as potential legal consequences for nationalist or hate group activity.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Hacktivists are growing bolder in their quest to expose hate in public and private spaces. Information like this will haunt users for years on the dark web.

ID Agent to the Rescue: Watch for threats from the dark web without lifting a finger using Dark Web ID, 24/7/365 credential monitoring that alerts you to trouble fast. LEARN MORE>>


United States – Steris

https://www.infosecurity-magazine.com/news/steris-touted-as-latest-accellion/

Exploit: Third Party Data Breach

Steris: Medical Equipment Sales

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.919 = Severe

The ransomware gang Clop is claiming to have snatched an unspecified amount of information belonging to the Steris Corporation during a ransomware attack at third party cloud solutions provider Accellion. A small amount of internal data including studies and communications was identified as Steris data.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Third party threats are growing more serious as cybercriminals collect information used in past breaches to fuel future attacks.

ID Agent to the Rescue: Is your company in danger from dark web data like lists of stolen credentials? Dark Web ID helps you find out fast LEARN MORE>>


United States – Covenant Healthcare

https://www.wnem.com/news/covenant-healthcare-reports-data-breach-through-employee-emails/article_eaf988fc-76c8-11eb-99f1-cbedd3811c29.html

Exploit:  Phishing

Covenant Healthcare: Medical System

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.212 = Severe

Bad actors obtained access to two employee email accounts at Covenant Healthcare, leading to the exposure of personal information for an estimated 45K patients. The Michigan-based health system is undertaking an investigation with outside cybersecurity professionals.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.712 = Severe

Potentially stolen patient information includes includes names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical diagnosis and clinical information, medical treatment, prescription information, doctors’ names, medical record numbers, patient account numbers, and medical insurance information. The hospital is offering identity theft protection to impacted patients.

Customers Impacted: 45K

How it Could Affect Your Customers’ Business: Phishing is the gateway to dangerous cybercrime, and regular phishing resistance training helps keep that gate closed.

ID Agent to the Rescue: Learn the secret to keeping phishing away from your business and keeping your data safer in The Phish FilesREAD IT >>



Canada – Bombardier

https://www.teiss.co.uk/bombardier-data-breach/

Exploit:  Third Party Data Breach

Bombardier: Airplane Manufacturing

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.816 = Severe

Canadian aerotech manufacturer Bombardier has been caught up in a third party data breach In the recent breach at cloud services provider Accellion stolen data about many companies was obtained, including this information that Bombardier says was taken from specific servers and uploaded by hackers on their dark web portal.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.891 = Severe

Cybercriminals got their hands on a small subset of employee data including unspecified confidential information relating to 130 employees in Costa Rica.

Customers Impacted: 130 employees so far

How it Could Affect Your Customers’ Business: Ransomware that strikes your partner or service provider can be your problem too. Protecting businesses against damage from third party sources is a must these days.

ID Agent to the Rescue: Read our Security Awareness Champion’s Guide, for a complete walkthrough of today’s nastiest cyberattacks and the tricks that cybercriminals conduct them. GET THE BOOK>>


Our partners typically realize ROI in 30 days or less. See why nearly 4,000 MSPs in 30 countries choose to grow with ID AGENT solutions and support. BECOME A PARTNER>>



United Kingdom – Oxford University Division of Structural Biology

https://www.theverge.com/2021/2/25/22301725/covid-19-research-lab-hacked-oxford-university-strubi

Exploit: Hacking

Oxford University Division of Structural Biology: Research Laboratories

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.722 = Moderate

Oxford University Division of Structural Biology, popularly known as Strubi, landed in cybercriminal sights last week. Bad actors access operations and routine data from a number of machines including purification devices for handling biochemical samples, some of which included proteins used in ongoing coronavirus research. The incident is under investigation and all lab functions have been restored.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: In today’s booming data markets, hackers are hungry for unique data that fetches a pretty eny, like COVID-19 research reports.

ID Agent to the Rescue: Protect your business environment from hackers by adding Passly to your security suite to stop 99 percent of password-based cybercrime cold using multi factor authentication and more .SEE IT IN ACTION>>


United Kingdom – Npower

https://www.bbc.com/news/technology-56195631

Exploit: Credential Stuffing

Npower: Energy Utility

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.603 = Moderate

Energy firm Npower has closed down its app following a credential stuffing attack. This incident spurred an earlier than planned shut down of the company’s mobile that was slated to be shut down later in 2021 as part of wind-down plans following Npower’s acquisition by Eon.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.673 = Moderate

Some customers’ financial and personal information was accessed by bad actors including contact details, birth dates, addresses and partial bank account numbers.Customers should be wary of potentials spear phishing or credential compromise attempts using this data.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Shutting down any art of your operations because of a cyberattack is no good for any business. Fortunately for this company, it just accelerated an ongoing process, bu no every company would be that lucky.

ID Agent to the Rescue: Get The Road to Cyber Resilience to learn strategies and solutions that can make your business bounce back faster from cybersecurity failures. READ THE BOOK>>


United Kingdom – NurseryCam

https://www.bbc.com/news/technology-56141093

Exploit: Hacking

NurseryCam: Childcare Monitoring App

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 1.993 = Severe

A security flaw enabled hackers to gain access to user information at NurseryCam, a service that allows parents to observe their child’s nursery school or daycare experience in more than 40 UK locations. This is the second security flaw reported as discovered by researchers at NurseryCam.

cybersecurity news represented by a gauge indicating moderate risk

 

Risk to Business: 2.822 = Moderate

The flaw allowed hackers access to client information for parents who use the service including usernames, passwords, real names and email addresses

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Repeated security incidents will turn customers off, especially for companies that handle potentially sensitive data or access to sensitive environments like cameras in childcare facilities.

ID Agent to the Rescue: Stop intrusions from sloppy security or unsafe practices with affordable, simple secure identity and access management using Passly and keep your access points safer. SEE VIDEO OF PASSLY>>


Finland – TietoEVRY

https://www.bleepingcomputer.com/news/security/finnish-it-services-giant-tietoevry-discloses-ransomware-attack/

Exploit: Ransomware

TietoEVRY: IT Services

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 1.913 = Severe

Finnish IT services and software titan TietoEVRY has suffered a ransomware attack that forced an abrupt disconnection of 25 clients’ services. Impacted clients were in retail, manufacturing, and service-related sectors.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: 25

How it Could Affect Your Customers’ Business: Ransomware may not just shut down your business, it could also shut down your customers’ business if you are a service provider – and no customer will be happy about that.

ID Agent to the Rescue: keep ransomware from putting the brakes on your business with the insight and strategies you’ll learn in Ransomware 101GET IT>>



New Zealand – Cryptopia

https://www.hackread.com/cryptocurrency-exchange-liquidation-hacked-again/

Exploit: Hacking

Cryptopia: Cryptocurrency Exchange

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.116 = Extreme

Beleaguered cryptocurrency exchange Cryptopia has taken another expensive hacking hit. The company was smacked by hackers a second time in as many years, and they stole USD 45,000 (NZD 62,000) worth of crypto this time. Cryptopia lost USD 30 million in crypto-assets in a 2019 hack, catapulting it into receivership, where it remains now.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: The last thing an already reeling company needs to deal with is a cyberattack. Cutbacks should never include cybersecurity if a business is planning to get back on its feet.

ID Agent to the Rescue: Get smart, affordable protection from many hacking attempts with Passly, the award-winning multitool that handles secure identity and access management for less. SEE VIDEO OF PASSLY>>



supply chain risk represented by a handshake overlaid with an image of a chain in green on a black background.

Is Your Biggest Security Threat Already Inside Your Business? Learn to spot and stop insider threats with this kit>> DOWNLOAD IT



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.