Security Breach – 6 Dec 2024

Christmas shopping

Security Breach – 6 Dec 2024

As holiday shoppers flock to websites and brick-and-mortar shops, retailers are looking forward to the profits those sales will bring. What they’re not looking forward to is the prospect of a cyberattack during this all-important shopping season. Retail operations need to prioritise mitigating cyber-risk during this critical period, and many of them will be relying on their cyber defence system to overcome the myriad of cybersecurity obstacles that they face this time of year. Whether they’re selling gifts in the mall or selling goods online all retailers face a wide variety of cyberattack risks all year round. However, those risks become especially intense during the Christmas and New Year holiday shopping season. More traffic and more transactions create more opportunities for bad actors to strike than the rest of the year.

Recent Breaches

Japan – The Kumamoto Prefecture Anti-Violence Movement Promotion Center – Healthcare

Exploit: Human Error

Risk to Business: Moderate: The Kumamoto Prefecture Anti-Violence Movement Promotion Center, which offers free and confidential counseling to individuals threatened by Japan’s yakuza organisations, has disclosed that the people it treats may have had their personal information exposed in a data breach. The center revealed that an employee had fallen victim to a tech support scam in mid-November. In the incident, the employee unknowingly granted remote access to their computer. The Center is now warning the public not to respond to any suspicious contact requests by email or phone that may appear to come from its employees.

United States – Veteran’s Health Administration – Government

Exploit: Third-Party Data Breach

Risk to Business: Severe: The Veterans Health Administration (VHA) has reported a ransomware attack on DBP, a contracted medical transcription vendor, resulting in the exposure of protected health information for 2,302 veterans. While the breach encrypted one of DBP’s servers, an investigation confirmed that the attackers did not access any medical record data stored in the VA’s electronic health record system. The exposed data may include veterans’ full names, medical record details and Social Security numbers. Affected individuals will be notified directly via letters, according to VHA officials.

Talk to a TCT team member today about implementing cyber security plan for your business.

Robert Brown
6/12/2024

Related Articles:
How Password Managers Protect Your Accounts
Challenges of Data Lifecycle Management