top of page
Search
  • Writer's picture Avantia Threat Update

REGULATORS UNITE TO WARN OF FACEBOOK'S CRYPTO CURRENCY LAUNCH.....


Would you trust Facebook with your financial security?

This past week, privacy and security concerns prompts a regulator coalition to warn Facebook over their ‘libra’ cryptocurrency launch; China caught again; Local Government under the pump; the importance of data security partnerships; students learn a harsh lesson about data security, law enforcement agencies are forced offline, a creative new malware threatens Windows users and major data breaches in France; United Kingdom & United States*.


This Past Week’s Dark Web ID Trends*: Top Source Hits: ID Theft Forums

Top Compromise Type: Domain 

Top Industry: High-Tech & IT

Top Employee Count: 501+ Employees 

Featured Threat Updates:


Regulator Coalition warns Facebook over cryptocurrency launch*:

Global privacy regulators joined forces Tuesday to demand guarantees from Facebook on how it will protect users' financial data when it launches its planned cryptocurrency called ‘Libra’ in the first half of next year. The watchdogs from Australia, the US, EU, Britain, Canada and other countries issued an open letter calling on Facebook to respond to more than a dozen concerns over how it will handle sensitive personal information of users of the digital currency. The letter follows a chorus of warnings about Facebook's entry into the shadowy world of digital banking, including at a meeting last month of finance ministers and central bankers from the G7 group of most developed economies. The watchdogs said that Facebook and its subsidiary Calibra "have failed to specifically address the information handling practices that will be in place to secure and protect personal information". Facebook's handling of user data, highlighted by the Cambridge Analytica scandal, had "not met the expectations of regulators or their own users", they said. The social media giant's latest project faced similar risks, they said, adding that the "combination of vast reserves of personal information with financial information and cryptocurrency amplifies our privacy concerns about the Libra Network's design and data sharing arrangements". The regulators demanded Facebook provide guarantees that user information, such as transaction histories, will not be shared without explicit consent and that all personal data will be adequately secured by all parties in the Libra network. Facebook announced the launch of Libra in June, with Calibra slated to run a digital wallet and provide financial services using blockchain technology. The currency is to be overseen by a Geneva-based Libra Association of companies, and Swiss authorities have also pledged tight oversight of the operation. Libra is widely regarded as a challenger to dominant global player bitcoin. Expected to launch in the first half of 2020, Libra is designed to be backed by a basket of currency assets to avoid the wild swings of bitcoin and other cryptocurrencies.


China Government caught out again*:

Details have emerged revealing just how deeply Chinese government hackers plundered HPE, IBM, DXC, Fujitsu, Tata, and others, stealing corporate secrets and rifling through their customers' networks. An explosive in depth report by Reuters blows the lid off APT10, the infamous Beijing-backed hacking operation that was just accused of hacking mobile carriers around the world. APT10 was previously fingered for raiding corporations and organisations globally, and siphoning off blueprints and databases for President Xi's regime. This bombshell builds on last year’s revelations that a multi-year operation known as Cloud Hopper had worked its way into the internal networks at HPE and IBM, stealing corporate data and trade secrets along the way, and then drilled into customer systems. The hackers compromised customer servers that were managed by the IT giants, or slipped in via network links between the tech providers and their big-name clients. Hence the name: Cloud Hopper. Now, word has dropped that another six companies fell victim to APT10 during that same campaign: Fujitsu, Tata Consultancy Services, Dimension Data, NTT, and Computer Sciences Corporation. It is believed most of the hacking took place between 2015 and 2017, though it's said HP at least had been repeatedly 'pwned' since 2010. (CSC is now known as DXC following its merger with HPE's spun-off Enterprise Services in 2017.) The revelations mean that the reach of the Cloud Hopper operation was far greater than first feared. In addition to the tech goliaths themselves, the hackers pushed their way into customer systems from the compromised providers, dramatically increasing the pool of valuable industrial and aerospace data stolen. Beijing's miscreants had not just access to the internal files of HPE, IBM, Tata CS et al, but also their network-connected customers, putting designs, plans, personal information, and more, at their fingertips. Sources say that the APT10 crew would typically find and exploit a vulnerability in an external-facing server to break in, or a spear-phish an employee to gain access to their intranet account. From there, they harvested additional account credentials from the compromised machine, and used those to access other boxes and services on the network, which were in turn ransacked for more login details, and used further move around the network until the attackers had near complete control over the entire infrastructure. From there, the intruders could siphon off information, and probe network-connected customers, particularly if they gained control of managed or cloud server administrator accounts. This mirrors the pattern found by researchers at ‘Cybereason’, who earlier this month detailed efforts by APT10, or a gang operating just like the Chinese, to compromise ten or more cellular telcos around the world to spy on a few dozen VIPs – think politicians, foreign agents, etc. Given the resources and time afforded to the operation, it comes as no surprise that APT10 was able to so thoroughly penetrate their targets. By the end of the HPE operation, it is said that the hackers had such total control over the corporate network that they had begun leaving messages taunting system administrators. "One hacking tool contained the message 'FXXK ANY AV' – referencing their victims’ reliance on antivirus software," the Reuters team noted. "The name of a malicious domain used in the wider campaign appeared to mock US intelligence: nsa.mefound.com." In a statement to The Register, a DXC spokesperson claimed: “DXC has robust security measures in place to actively detect, prevent and alert attacks by actors such as APT10 We also have implemented tools that allow detailed reconstruction of any intrusions attempts, should they happen. "Since the inception of DXC Technology [in 2017], neither the company nor any DXC customer whose environment is under our control have experienced a material impact caused by APT10 or any other threat actor." A spokesperson for HPE said with a straight face: "The security of HPE customer data is always our top priority. As is the case in any breach, the company worked diligently for our customers to mitigate this attack and protect their information. And, we remain vigilant in our efforts to protect against the evolving threats of cyber-crimes committed by state actors." The rest – IBM, Fujitsu, Tata CS, Dimension Data, and NTT – are keeping ‘schtum’. Big Blue previously claimed it found no evidence that hackers had accessed its sensitive corporate data. to China’s deadpan response to these revelations: "The Chinese Government has never in any form participated in or supported any person to carry out the theft of commercial secrets.".............. Hmmm! (Editor)


Local Municipal Councils under the pump*.

City services in Baltimore, Maryland, USA were paralyzed earlier this year when a ransomware attach locked up computer networks and made it impossible for residents to make property transactions or pay their municipal bills. Officials refused to meet hacker demands for a ransom of $76,000 to unlock the systems, but have been saddled with an estimated $18 million in costs of restoring and rebuilding the city's computer networks which ratepayers will have to cough up. The dilemma in Baltimore and in a similar case in Atlanta a year earlier highlight tough choices faced by cities, hospitals and corporations hit by ransomware, which can shut down critical services for organizations with dated or vulnerable computer networks.Two Florida cities reportedly paid a total of US$ 1million in ransom this year, after which a new attack by the same group hit the state court system in Georgia. Globally, losses from ransomware rose by 60 percent last year to $8 billion, according to data compiled by the Internet Society's Online Trust Alliance. At least 170 county, city or state government systems have been hit since 2013, with 22 incidents this year, according to the US Conference of Mayors, which adopted a resolution opposing ransomware payments. "We're seeing more attacks against cities because it's clear cities are ill-prepared, and even if they know what's going on they don't have the funds to fix it," said Gregory Falco, a researcher at Stanford University specializing in municipal network security. Frank Cilluffo, head of Auburn University's Center for Cyber and Homeland Security, said the attacks have reached epidemic levels. "The scale and scope of the problem is striking, affecting everywhere from relatively robust states to major metropolitan areas to smaller cities and counties," Cilluffo told a congressional hearing last month. "Targets include police and sheriff departments, schools and libraries, health agencies, transit systems, and courts... no jurisdiction is too small or too large to go unaffected." Health care institutions have also been been frequent victims, and Hollywood Presbyterian Medical Center revealed in 2016 it paid $17,000 to hackers to decrypt important data.  The French Interior Ministry said in a recent report authorities responded to some 560 ransomware incidents in 2018 but also noted that most incidents are unreported. The same ministry report said hackers have shifted their strategy from attacking many systems with demands for small ransoms to more targeted attacks with higher potential payout. While the FBI and others warn against paying ransoms, some analysts say there is no clear answer for victims when critical data is locked. "You have to do what's right for your organisation," Falco said. "It's not the FBI's call. You might have criminal justice information, you could have decades of evidence. You have to weigh this for yourself." Josh Zelonis at Forrester Research offered a similar view, saying in a blog post that victims need to consider paying the ransom as a valid option, alongside other recovery efforts. Victims often fail to take preventive measures such as software updates and data backups that would limit the impact of ransomware. But victims may not always be aware of potential remedies that don't involve paying up, said Brett Callow of Emsisoft, one of several security firms that offer free decryption tools. "If the encryption in ransomware is implemented properly, there is a zero chance of recovery unless you pay the ransom," Callow said. "Often it isn't implemented properly, and we find weaknesses in the encryption and undo it." Callow also points to coordinated efforts of security firms including the No More Ransom Project, which partners with Europol, and ID Ransomware, which can identify some malware and sometimes unlock data. Analysts point out that ransomware attacks may be motivated by more than just money. Two Iranians were charged last year  in the attack on Atlanta that prosecutors said was an attempt to disrupt US institutions. "Attackers which aren't such big fans of the US might want to cause economic disruption," Falco said. "Instead of trying to take down the whole electric grid, they may try to create chaos in a number of cities."


In an Interconnected World, Data Security is a ‘partnership’ with your Suppliers*:

Taking active steps to safeguard your organization’s digital presence on and offline is not a new recommendation; if anything, elaborate security measures are emblematic of our times.  Password monitoring, multi-factor access protocols, biometrics and other forms of user authentication and protection have become standard, and for good reason: the incidence of data loss, theft and misuse is huge.  Data compromise – whether it involves personal, business, or government files – has become so common that only the most egregious consumer-facing cases make the evening news today. That’s understandable; sometimes the owners of business data effectively pin “kick me” signs on top of their most sensitive files.  An astonishing volume of data, whether through poorly configured security settings, indifferent employees, 3rd party password compromises or a reluctance to update legacy software, is exposed to pretty much anyone interested in harvesting it.  And the situation is getting worse.  ‘Digital Shadows’ Photon Research Team scanned the landscape of online file storage technologies and found more than 2.3 billion exposed files – a 50 percent increase from similar research just one year earlier, with Europe accounting for the largest share, followed by the Americas, Asia, and the Middle East, respectively. With exposures on the rise, it’s not surprising that ransomware extortion has become such a growth industry. And the methods used by ransomware attackers have become more cunning as well. The industry standard for ransomware mitigation has been to back up files so you can quickly revert to saved copies and avoid downtime or payments to the attackers in case of infection. But ‘Digital Shadows’ same research effort identified more than 17 million ransomware-encrypted files among file stores often used to back up systems. One particularly aggressive variant, NamPoHyu, was found to be solely responsible for encrypting more than 2 million files since it’s discovery in April of this year. No longer is backing up data sufficient to to solve the problem of ransomware - backups need to be secured too.  Not all data leaks and exposures result from the actions, inaction or neglect of their owners, however. Increasingly, they can be traced to third parties – contractors, suppliers, vendors and other firms in the company’s supply chain with legitimate access to the client’s files – companies that provide services such as data management, storage and processing.  If anything, it is now routine for larger enterprises to have an extensive network of specialized suppliers and partners – many of which are small companies whose own cyber defenses are nowhere near as robust as those of their clients.  The notorious 2013 attack on Target, which resulted in massive compromise of its customers’ credit details, gained entry to the company’s point of sale files through an Air-conditioning contractor.  Add to that the growing use of Internet connected wireless devices, and you have a toxic stew of opportunities for mischief. However, this growing base of interconnections is not limited to big corporations; essentially every individual and business, regardless of size, is embedded in a maze of online relationships – many of which may be hidden from the user.  What it means is that the attack surface – the sum of all the different points where an unauthorized user can attempt to extract data from an organization’s digital environment – is expanding geometrically.  Your fiendishly difficult password offers little protection if a third party’s connected system unwittingly exposes the same data you are determined to safeguard.  And those gaps in the armor cascade onto every sector they’re link to. Of course, not every file exposed to unauthorized parties is highly sensitive; there’s plenty of routine material – product orders, receipts, shipping labels, and customer complaints in there as well.  But payment information, customer data, product roadmaps, sales strategies, schematics, security assessments, financial and legal documents as well as credentials to access other systems can be of tremendous value to a competitor or to someone looking to monetize that information through fraud, extortion, dark web sales, or inflicting reputational damage.  The potential for losing millions of sensitive files at the same time is a relatively new phenomenon.  Of course, thefts of information have been going on forever.  But swiping a document or stealing a folder was a comparatively small loss; the physical demands and risks of stealthily removing papers from a desktop or file drawer are considerably greater than those associated with using a few keystrokes from halfway around the world to pilfer data on an industrial scale.  It’s enough to make you nostalgic, but there’s no turning back; digital transformation has become essential to remaining competitive, and the associated risks to your enterprise will continue to grow as outsourcing and system integration trends spread.  So, what does that mean for a company that takes data security seriously?  For one thing, it means that in dealing with vendors, trust alone is not a strategy.  Instead, security needs to be a collaborative effort.  Standards for mitigating risks need to be set for third parties.  Ongoing monitoring of vendors has to be part of that.  Beyond that, there are independent organizations whose primary business is assessing the security of different vendors.  They may not tell the whole story, but they certainly offer a start.  Even then, it is prudent for a company, in coordination with its vendors, to set security directives, run simulations, and assess the impact of potential failures in order to prioritize the measures required for the different categories of data it maintains.   If it takes a whole village to raise a child, it takes a whole community of vendors and business partners to build a secure data environment.  


New Malware Strain Targets Windows Users*. 

A new malware strain, SystemBC, targets Windows computers with a multifaceted attack that can wreak havoc on their users.  In addition to infecting computers with the primary strain of malware, SystemBC contains an on-demand proxy component that allows other malware stains to integrate with infected computers. Bad actors can use this arrangement to install trojans, ransomware, and other malware on users’ computers.  This iterative approach to malware illustrates the ever-changing cybersecurity landscape that threatens every organization. With the cost of a data breach growing each year, companies have every incentive to protect their IT infrastructure. Although the challenges are immense, partnering with qualified professionals (Like us!) can ensure that your organization is always ready to combat the latest threats. 


 

THREAT FOCUS: Sephora Personal Care - FRANCE*

Exploit: Unauthorized database access

Sephora: Paris-based multinational chain of personal care and beauty stores

Risk to Small Business: 2 = Severe: Data breaches have ongoing consequences for businesses and their customers and mitigating the damage for all parties is a top priority after a breach is discovered. In this case, Sephora needs to protect their customers from additional cybercrime, which includes providing credit or identity monitoring services to proactively spot malicious activity. At the same time, detecting their customers' data on the Dark Web can mitigate a threat by giving people a chance to respond before another attack occurs.

Individual Risk: 2 = Severe: The breach exposed customers’ names, dates of birth, gender, email addresses, encrypted passwords, and other cosmetic-related information. While the company believes that the information hasn’t been misused, personally identifiable information can quickly make its way to the Dark Web where it can be used for everything from fraud to account takeovers. Therefore, those impacted by the breach should change their account passwords, especially those that are the same as their Sephora account, and they should monitor their accounts for suspicious or unusual activity.

Customers Impacted: Unknown

Effect On Customers: Data breaches have ongoing consequences for businesses and their customers and mitigating the damage for all parties is a top priority after a breach is discovered. In this case, Sephora needs to protect their customers from additional cybercrime, which includes providing credit or identity monitoring services to proactively spot malicious activity. At the same time, detecting their customers' data on the Dark Web can mitigate a threat by giving people a chance to respond before another attack occurs.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: University of York - UNITED KINGDOM*

Exploit: Unauthorized database access

University of York: Public research university based in York, England

Risk to Small Business: 2 = Severe Risk: A malicious data breach at the University of York compromised the personal data of thousands of students. In total, 88 students had their entire records accessed and another 4,400 had “very basic data” accessed and downloaded in the attack. While the university has contacted the National Crime Agency to report the attack, they insist that student data hasn’t been used to instigate additional cybercrime, an expansive statement that undermines the risk of data access on the Dark Web. Moving forward, the university will be responsible for upgrading the IT infrastructure while navigating the increased scrutiny from media, students, and governing bodies.

Individual Risk: 2.142 = Severe Risk: Those impacted by the breach likely had their most sensitive personal information compromised. This information can have long-term consequences as cybercriminals often use stolen data to pull off future identity or financial crimes. Therefore, the victims should enroll in credit and identity monitoring services to ensure that their information is secure, and they should pursue any assistance necessary help protect their personal information.

Customers Impacted: 4,488

Effect on Customers: In many ways, the university’s response is cavalier, presuming that the damage from a data breach is limited to the immediate aftermath of the attack. Data breaches can have long-term consequences for victims, and impacted institutions have a responsibility to minimize the risk by providing the supportive services necessary to provide tangible identity protection and peace of mind.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: City of Lodi,California- UNITED STATES*

Exploit: Ransomware

Lodi, California: City located in San Joaquin County, California

Risk to Small Business: 1.888 = Severe Risk: Ransomware was delivered to city employees as an email attachment that appeared to be an invoice. The malware ultimately disabled the city’s phone lines, financial data systems, and other computer systems. Hackers demanded a $400,000 ransom in Bitcoin, which officials have declined to pay. The ransomware was first discovered in April, and, after several attempts to remove it from their system, it’s continued to plague their systems months later. While the city has cybersecurity insurance, it includes a $50,000 deductible, which means that there are only bad options for restoring network functionality.

Individual Risk: No personal information was compromised in the breach..

Customers Impacted: Unknown

Effect On Customers:This incident illustrates the complicated debate surrounding ransomware attacks. $400,000 is an expensive ransom, but local municipalities can quickly spend more as they endure the arduous process of recovering their systems. As Lodi demonstrates, this process can take months, and success isn’t a guarantee. Consequently, government agencies and organizations need to prioritize cybersecurity initiatives to strengthen their defensive posture before an attack occurs. In this case, a single malicious email will have significant financial consequences for the local government.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Poshmark Clothing - UNITED STATES*

Exploit: Unauthorized database access

Poshmark: Social commerce marketplace for buying and selling clothing, shoes, and accessories

Risk to Small Business: 2.222 = Severe Risk: Hackers gained access to the company’s database where they accessed customers’ personal information. The company hashed and salted users’ passwords, making it difficult for hackers to use this information to directly access user accounts. However, similar breaches at online retailers eventually saw their customers’ data sold on the Dark Web, giving Poshmark a heavy responsibility to identity the stolen information and to ensure its long-term integrity. In addition, the company is paying the expense of hiring a third-party cybersecurity team to update their protocols in the wake of the breach.

Individual Risk: 2.714 = Moderate Risk: Poshmark is used by customers in Canada and the United States, but only US-based accounts were impacted by the breach. For those impacted by the breach, their usernames, passwords, names, gender, and city of residence are compromised. In addition, some platform-related content, like clothing size, was also made available. Ensuring this data’s security is a long-term process that doesn't have an easy solution. Therefore, users should attain the monitoring services necessary to secure their information

Customers Impacted: Unknown

Effect On Customers: Research shows that customers are unlikely to return to a platform that compromises their personal data, making cybersecurity not just a technological issue but a bottom-line priority. Providing comprehensive care to those impacted by a breach allows companies to put their best foot forward toward restoring the customers’ confidence, and, hopefully, retaining their business.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Los Angeles Police Department - UNITED STATES*

Exploit: Unauthorized database access

Los Angeles Police Department: Local police department serving Los Angeles, California

Risk to Small Business: 1.666 = Severe: A hacker gained access to the department’s database housing information on thousands of recruits, compromising sensitive personal information for thousands of potential officers in the process. While the department is taking steps to protect their network going forward, they neither knew they were breached nor accounted for their officers’ data security before the incident occurred. Consequently, their officers’ personal information is available to untold bad actors.

Individual Risk: 2.428 = Severe: When hackers contacted the department, they revealed that the personal information included names, partial social security numbers, dates of birth, email addresses, and application credentials. The breach extends to officers, trainees, recruits, and applicants, and those impacted by the breach should attain the credit and identity monitoring services necessary to ensure that their information isn’t being used for nefarious purposes.

Customers Impacted: 20,000

Effect On Customers: Data breaches are a veritable PR nightmare for any company, and this is especially true when prized community members, like police officers, are victimized by the incident. Since this information can quickly make its way to the Dark Web, organizations can begin repairing the damage by verifying that this information isn’t being used to perpetuate further crimes. Moreover, offering supportive services, like comprehensive identity theft restoration, provides the support that victims need to recover from a data breach.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Georgia Department of Public Safety - UNITED STATES*

Exploit: Ransomware

Georgia Department of Public Safety: Government agency overseeing state law enforcement divisions

Risk to Small Business:  2.111 = Severe: A ransomware attack on the Georgia Department of Public Safety forced the institution to take all of its computer servers offline. The department is responsible for several law enforcement agencies, which were unable to use their systems to conduct their day-to-day operations. Fortunately, the department was prepared with a ransomware response plan that will equip them to restore operations without paying the ransom. However, as other incidents in recent months revealed, that doesn’t mean that recovery is free or even cheap. The opportunity cost associated with network outages and the IT repairs costs can quickly exceed ransom demands.

Individual Risk: No personal information was compromised in the breach

Customers Impacted: Unknown

Effect On Customers: This is the third ransomware attack on a Georgia-based government agency in the past month, costing precious public funds that could be spent on more beneficial projects. The pattern is certainly not restricted to Georgia, and organizations of every size and in every location should prioritize robust security awareness to address network vulnerabilities before an attack occurs.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Washoe County School District - UNITED STATES*

Exploit: Unauthorized database access

Washoe County School District: Public school district providing educational services to students in Washoe County, Nevada

Risk to Small Business: 2.111 = Severe: A data breach at one of the district’s contractors, Pearson, compromised students’ personally identifiable information. Even though the district isn’t directly responsible for the data breach, they will still incur the cost of providing credit and identity monitoring services to thousands of victims, and their already strapped budgets will be further strained by the recovery efforts.

Individual Risk: 2.714 = Moderate Risk: The data breach impacts students who attended the school district between 2001 and 2016, and it includes student names and dates of birth. Some staff names and email addresses were also accessed during the breach. Those impacted by the breach should enroll in the district-provided credit and identity monitoring services to ensure their information’s long-term integrity.

Customers Impacted: 144,000

Effect On Customers: Even when an organization isn’t directly responsible for a data breach, they are still charged with helping victims recover from the episode and for strengthening the cybersecurity standards going forward. Especially when minors are involved, knowing what happens to people’s information after it leaves your network is a good place to start.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


THREAT FOCUS: Ameritas Insurance - UNITED STATES*

Exploit: Phishing attack

Ameritas: Insurance company operating as a subsidiary of Ameritas Mutual Holding Company

Risk to Small Business: 1.777 = Severe: Several employees fell for a phishing scam and provided their credentials to hackers who used that information to access customer data. The insurance company disabled the affected accounts and issued a company-wide, mandatory password reset. The company’s quick actions certainly prevented the data breach from becoming more expansive, but even temporary access can allow hackers to inflict significant damage on a company’s data security. Because Ameritas failed to adequately prepare their employees for a phishing scam, they will now incur the significant cost of hiring an external security firm to shore up their data integrity, even as they face the less quantifiable reputational cost that always accompanies a data breach.

Individual Risk: 2.285 = Severe: Hackers accessed customers’ personally identifiable information, including names, addresses, email addresses, social security numbers, and policy numbers. Ameritas is offering one year of free credit and identity monitoring services, and anyone impacted by this data breach should enroll in these programs. At the same time, they should diligently monitor their accounts for unusual or suspicious activity.

Customers Impacted: Unknown

Effect On Customers: The cost of a data breach is higher now than ever before, which makes a preventable data breach even more egregious. Consequently, awareness training should be a top priority for every company. The expense of credit and identity monitoring services, reputational damage, and IT upgrades far exceeds the awareness training that can prevent phishing scams from compromising customer data.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


POSTSCRIPT:


Capital One Data Breach Impacts US and Canadian Customers 

An expansive data breach at the credit card juggernaut, Capital One Financial, has compromised the personal information for more than 100 million US and Canadian customers.  The breach exposed the personal data for more than six-million Canadians, making it one of the most significant data breaches in the country’s history. Capital One, which provides Mastercard credit cards for retailers like Costco Wholesale and Hudson Bay Company, noted that the data is primarily restricted to consumers and small businesses who applied for a credit card between 2005 and 2019.  The data includes names, addresses, postal codes, phone numbers, dates of birth, and incomes. For US customers, the stolen data also includes 80,000 linked bank account numbers and 140,000 social security numbers. The incident is just the latest wide-spread data breach impacting small businesses and consumers, making their preemptive data protection a must-have element of personal or organization data security. For example, our Dark Web monitoring services can identify if an organization’s data is made available on the Dark Web, providing them with an opportunity to enhance their security posture before an attack takes place.



Disclaimer*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

0 comments
bottom of page