Hacks, Attacks and Breaches: 11/11/2020 to 11/17/2020
Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
Exploit: Accidental Data Sharing
Delaware Division of Public Health: State Health Agency
Risk to Small Business: The Delaware Division of Public Health announced that in mid-September, a temp sent two emails containing COVID-19 test results for approximately 10,000 individuals to the wrong party. The August 13, 2020, email included test results for individuals tested between July 16, 2020, and August 10, 2020. The August 20, 2020, email included test results for individuals tested on August 15, 2020. Investigators have determined that these emails were sent by mistake, as the information was supposed to be sent to a member of the call center staff to assist individuals in obtaining their test results.
How it Could Affect Your Business: Human error remains the number one cause of a data breach. Security awareness training is the most effective way to prevent unfortunate employee errors.
Exploit: Unsecured Database
Vertafore Inc.: Insurance Company
Risk to Small Business: Information about 27.7 million Texas drivers has been exposed online and stolen from an unsecured database belonging to insurance company Vertafore Inc. after someone put three major company files on an unsecured storage server.
How it Could Affect Your Business: Bad data handling is a symptom of poor cybersecurity hygiene, and it can easily lead to bigger problems like ransomware and password compromise.
Exploit: Third Party Software
X-Cart: eCommerce Platform Creator
Risk to Small Business: X-cart discovered the danger of vetting errors when attackers exploited a vulnerability in a third-party software tool to gain access to X-Cart’s store hosting systems. Some stores went down completely, while others reported issues with sending email alerts. The incident is under investigation and service has been restored for clients.
How it Could Affect Your Business: Cyberattacks can come from unexpected quarters, like a vulnerability in third-party software that you rely on.
Exploit: Third Party Data Breach
Wildworks: Video Game Developer
Risk to Small Business: Wildworks, the developer of the online kid’s playground Animal Jam, announced a data breach involving a third-party vendor that exposed the information of millions of children on the Dark Web. The information appeared on the Dark Web as the booty of cybercrime gang ShinyHunters.
How it Could Affect Your Business: Third-party service providers may not have the same commitment to data security as you do. It pays to do your homework to avoid these problems whenever possible.