Hacks, Attacks and Breaches: 12/04/19 – 12/10/19
Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update. The Logically team provides top cyber security stories every week to keep you up-to-date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
Exploit: Phishing scam
McLaren Health Plan: Health maintenance organization
Risk to Small Business: A successful phishing attack on one of the company’s third-party vendors compromised patient data at McLaren Health Plan. The hackers used a compromised email account to send spam emails, putting patient data at risk. The exposure will inevitably lead to reputational damage, and the sensitive nature of the information breached will invite scrutiny from healthcare regulators along with the prospect of financial penalties.
How It Could Affect Your Business: Third-party partnerships represent an opportunity to expand your company’s capabilities but can also manifest themselves as cybersecurity risks. Given the increasingly onerous consequences of a data breach, cybersecurity standards should be top consideration when establishing such relationships. Better product or service offerings can be an advantage, but not if they come at the expense of data security.
Exploit: Malware attack
On the Border: Casual restaurant chain
Risk to Small Business: Hackers installed malware on the restaurant’s payment processing platform, which provided access to customers’ payment information from locations across 27 states. The attack occurred between April 10th and August 10th, and it did not include franchised restaurants or catering orders. Unfortunately, the breach wasn’t discovered until November 14th, giving hackers ample time to misuse customers’ personal information and financial data. Moreover, it’s unclear why the company waited several weeks to notify customers of the breach, a misstep that will certainly slow the recovery process.
How it Could Affect Your Business: Recovering from a data breach is a challenging process, as companies are tasked with demonstrating their data security improvements while also wooing back customers that inevitably abandon them after a breach. While the best option is to prevent a data security incident from occurring in the first place, companies can expedite the recovery process by supporting their customers at every turn. In this case, understanding what happened to payment data after it was stolen can go a long way toward mitigating the damage and restoring customer confidence.
Exploit: Ransomware attack
New Jersey Shakespeare Theatre: Theatre company dedicated to Shakespeare and classical works
Risk to Small Business: A ransomware attack disabled the company’s access to its ticketing system and patron database. The attack arrived as the company was scheduled to begin its holiday production, a significant draw for the theatre. The first showing was cancelled while the company developed an alternative ticketing method. Fortunately, customer data was fully encrypted and not viewable by hackers, but the Shakespeare Theatre can’t access this information. In response, customers are being asked to bring confirmation emails or ticket stubs to the performance so that the show can go on.
How It Could Affect Your Business: Ransomware attacks are uniquely expensive, due to the upfront cost of restoring technical services along with opportunity costs associated with lost capability. The prevalence of this threat is increasing the incentive for companies to ensure that their IT infrastructure doesn’t provide a foothold for criminals to inflict financial and reputational damage on their platform. Often employee accounts serve as the easiest targets for hackers to execute phishing attacks against, making this a good place to start when securing against malware.