28 Feb Security Breach – 28 Feb 2025
Most organisations focus on networks, endpoints and cloud environments when discussing attack surfaces. However, users themselves are an attack surface that needs to be secured. With hybrid work becoming the norm and SaaS adoption on the rise, the attack surface is growing, creating more opportunities for cybercriminals to exploit vulnerabilities.
Cybercriminals exploit human vulnerabilities through phishing, social engineering and credential harvesting. Reducing the human attack surface is crucial for minimising risk. Well-designed security training programs change user behavior and significantly reduce security risks. Surprisingly, 45% of employees say they’ve never received security awareness training. Even more concerning, 1 in 4 organisations (25.7%) don’t get any cyber security training at all from their IT provider, leaving business users exposed to cyberthreats. Organisations must ensure training is engaging and continuous rather than a mere compliance checkbox.
Recent Breaches
United States – Hipshipper – Transportation & Logistics
Exploit: Hacking
Risk to Business: Severe: Hipshipper, a shipping platform used by eBay, Shopify and Amazon sellers, accidentally exposed over 14.3 million records containing personal customer information. Researchers discovered the unprotected AWS storage bucket in December 2024, but the issue remained unfixed until January 2025, leaving sensitive data exposed for at least a month. The leaked data includes shipping labels and customs forms with buyers’ full names, home addresses, phone numbers, mailing dates and parcel details. The breach raises concerns about potential fraud and identity theft risks for affected customers. Hipshipper has not yet commented on the incident. Experts urge impacted users to monitor their accounts for suspicious activity and be cautious of phishing attempts.
Canada – Rainbow District School Board – Education
Exploit: Hacking
Risk to Business: Severe: The Rainbow District School Board in Sudbury, Ontario, confirmed that a cyberattack exposed sensitive personal data of staff, students and parents. Affected data includes social insurance numbers, banking details, medical records, academic info and contact details spanning 2011 to 2024. The breach also exposed health and behavioral records of students in Intensive Support Programs since 2019, along with parents’ contact and employment info. Staff data from 2010 to the present, including addresses and medical leave records, were compromised. School photos from 2012-2025 were accessed but not linked to identities. The breach has been reported to local and provincial police.
Talk to a TCT team member today about implementing cyber security plan for your business.
Robert Brown
28/02/2025
Related Articles:
Common Cyber Threats in 2025
Essential Tips For Cyber Hygiene in 2025