Back to top

Hacks, Attacks and Breaches: 7/8/2020 to 7/14/2020

Suzanne Gassman

Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.

The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.

United States – DataViper

Exploit: Unauthorized Database Access (Malicious Insider)
DataViper: Information Security  

Risk to Small Business: A malicious insider is the culprit in a data breach at information security firm DataViper. 8,200 databases containing the personal information of millions of users were snatched from the company’s data leak monitoring service. The hacker, purportedly a former employee of Night Lion who is using that name for Dark Web activity, claims to have spent three months inside DataViper servers while exfiltrating databases indexed for the DataViper data leak monitoring service. The hacker also posted ads on the Empire Dark Web marketplace where they put up for sale 50 of the biggest databases that they found inside DataViper’s backend.

How it Could Affect Your Business: Insider threats are a menace to every business. Our insider threats eBook helps companies spot and stop insider threats.  While most insider incidents at organizations are caused by unintentional threats like human error, malicious insider attacks count for more than 20% of insider incidents. Some malicious insiders sell company secrets or even their own credentials on the Dark Web.

United States – Benefit Recovery Specialists

Exploit: Malware
Benefit Recovery Specialists: Medical Billing and Debt Collection 

Risk to Small Business: A malware incident was just confirmed at Benefit Recovery Systems by the US Department of Health and Human Services’ Office for Civil Rights. Several computers at the Houston-based company were infected, leading to a breach that exposed thousands of customer records. In a breach notification statement posted on BRSI’s website, the company says that on April 30, it discovered a malware incident affecting certain company systems. The company stated that customer files containing personal information may have been accessed and/or acquired by the unknown actor between April 20 and April 30, 2020.  

How it Could Affect Your Business: Healthcare data is one of the hottest commodities in today’s data markets – especially COVID-19 related patient or research data. Plus, healthcare companies face steep fines for HIPPA violations like this, making it prudent for every healthcare organization to add data loss prevention and security awareness training as priorities before a breach.

Canada – Canadian Defense Academy

Exploit: Ransomware
Canadian Defence Academy: Military Training College System 

Risk to Small Business: Job seekers who used CNY Works as part of their search were recently informed that their personal information may have been compromised in a data breach caused by ransomware in December 2019. The agency noted that it had only begun notifying potentially affected clients in June 2020 because it did not discover that any personal information was affected until May 2020. 

How it Could Affect Your Business: By taking so long to investigate the incident and warn potential victims, CNY Works has left them at risk for identity theft. Data that enables identity theft is a valuable commodity in Dark Web markets and travels quickly, enabling bad actors to open credit accounts with the stolen information.