Back to top

Hacks, Attacks and Breaches: 5/6/2020 to 5/12/2020

Suzanne Gassman

Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.

The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.

United States – Management and Network Service, LLC.

Exploit: Phishing scam  
Management and Network Services, LLC.: Managed care provider 

Risk to Small Business: Hackers accessed several employee email accounts containing patients’ personally identifiable information (PII) and protected health information (PHI). The breach, which occurred between April and July of 2019, wasn’t discovered until August 21, 2019. Although they haven’t detected data misuse, this extended duration could make it more difficult for victims to recover. In response, the company is updating its email security practices and implementing two-factor authentication to prevent a future incident.

How it Could Affect Your Business: Cybercriminals are capitalizing on the chaos of COVID-19 to send millions of phishing scams each day. Even one malicious message can have cascading consequences for your business, making employee awareness training a top priority for companies looking to keep their data secure. 

United States – GoDaddy

Exploit:  Unauthorized database access
GoDaddy: Domain service provider

Risk to Small Business: GoDaddy has reported an October data breach to California authorities after it identified an unauthorized individual operating within their platform. Although the company believes that files were not altered or modified, the company was forced to reset user account passwords and to provide a free year of its website security and malware service. It’s possible that the intruder is related to an earlier cybersecurity incident stemming from an employee who engaged with a phishing scam. The hosting platform often touts its small business services, and these organizations will now have to decide if a platform with multiple cybersecurity lapses is the best place for their digital services to reside.  

How it Could Affect Your Business: This incident highlights the growing cybersecurity threat posed by third-party partnerships, which SMBs often rely on to power their platforms and services. To protect account security, even in the event of a third-party cybersecurity incident, companies should enact simple but effective data security standards, like enabling two-factor authentication and requiring employees to use strong, unique passwords on all accounts.

United States – Storenvy

Exploit: Unauthorized database access
Storenvy: Online retailer 

Risk to Small Business: Hackers gained access to a company database containing customer information. This database was subsequently downloaded and posted online as a free resource. Making matters worse, the database contained plaintext passwords and other personal data that can quickly be used by bad actors to execute cybercrimes ranging from spear phishing scams to malware attacks. This is the company’s second data breach in two years, undermining its credibility at a critical time. Online shopping is experiencing a boon because of the COVID-19 pandemic, but customers are increasingly unwilling to do business with platforms that can’t protect their information.

How it Could Affect Your Business: Both now and in the future, online retail is becoming the preferred shopping experience. This is a significant opportunity for many companies, enabling them to reach a bigger and broader audience than ever before. Unfortunately, for companies that can’t protect their platforms, many customers will take their business elsewhere.