Back to top

Hacks, Attacks and Breaches: 2/26/2020 to 3/04/2020

Suzanne Gassman

Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.

The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.

United States - Slickwraps

Exploit: Unprotected database. 
Slickwraps: Producer and distributor of hardware skins.

Risk to Small Business: The company’s databases lacked basic protections that exposed customer data to the internet. Slickwraps cited the long-term trust of its customers as a vital component of its business model, making this episode an especially problematic event for the business. The problem is compounded by the fact that an internet user tried to alert the company about the breach multiple times. Ultimately, Flickwraps discovered the breach after it was posted on Twitter.

How it Could Affect Your Business: Slickwraps has been extremely apologetic after the breach. However, this contrite posture is no replacement for simple steps that they could have taken to secure company and customer data from day one. Customers and regulatory authorities expect companies to follow basic best practices when dealing with sensitive data, and the company’s apologetic tone is unlikely to help avoid a negative fallout from the incident.

United States – NRC Health

Exploit: Ransomware
NRC Health: Management service provider.

Risk to Small Business: A ransomware attack has encrypted critical IT infrastructure and forced the company to shut down its remaining systems to prevent the malware from spreading. The company expects to restore its operations from backups, but the ransomware attack is significantly prohibiting productivity until this can be accomplished. Currently, no personal or company data was compromised, but clients are expressing concerns to the media about the possibility of a future breach because of this incident. Collectively, NRC Health is experiencing a drop in productivity, a damaged brand reputation, and, because of the nature of their business, regulatory scrutiny.

How it Could Affect Your Business: In 2020, companies are well aware of the risk posed by third-party partnerships, as these helpful affiliates are often a gateway to serious data breaches. In this case, NRC Health’s clients are openly expressing concern about the company, which could disrupt their work now while also diminishing opportunities in the future.

United States – Pacific Specialty

Exploit: Phishing scam.
Pacific Specialty: Insurance provider.

Risk to Small Business: Several employees fell for a phishing scam that compromised customers’ personal data. The attack allowed hackers to access some employee accounts between March 20, 2019 and March 30, 2019. However, the insurance provider wasn’t aware of the breach until November 7, 2019 and did not identify details until January 14, 2020. In response, the company has hired a cybersecurity team to update its data privacy practices and reset all employee login credentials while enabling two-factor authentication on its accounts. Nevertheless, the company will end up paying much more than they would have if they had invested in basic security solutions.

How it Could Affect Your Business: Phishing scams are a known threat to every company, and organizations that are committed to data security will take steps to prevent this common attack methodology from negatively impacting customer data. Selecting strong, unique passwords for every account and enabling two-factor authentication can thwart cybercriminals, even when employees act upon a phishing scam, making them an obvious security feature for every organization. Of course, they can only prevent a breach if they are implemented before an incident occurs.

United States – Clearview AI

Exploit: Unauthorized database access.
Clearview AI: Facial recognition software provider.

Risk to Small Business: Hackers obtained a copy of the company’s entire client list, which, given the sensitive nature of their work, is an especially egregious breach of data. In addition to the client list, hackers also obtained information identifying the number of accounts that clients set up and the number of searches conducted on the platform. In response, the company cited the inevitability of data breaches in the 21st Century, a platitude that is unlikely to placate the company’s clients. Indeed, Clearview AI is already enduring significant media scrutiny and customer blowback that could have significant implications for the company’s bottom line and prospects.

How it Could Affect Your Business: Data breaches may be an unfortunate reality in the 21st Century, but that doesn’t mean that they must be inevitable. Adjusting your defensive posture to address the most probable threats can significantly lessen the likelihood of a breach. At the same time, having the right policies and procedures in place to respond to a breach will mitigate the damage, allowing your company to meet any cybersecurity challenge.