Security Breach – 8 April 2022

Security and compliance awareness training is an investment that pays off.

Security Breach – 8 April 2022

Security and compliance awareness training is an investment that pays off.

When employees make the right choices when they’re faced with a security dilemma, companies benefit – and when they don’t, companies are in for a world of hurt. SMBs spend an average of $955,429 to restore normal business in the wake of a cyberattack, and penalties for compliance failures can easily run into the millions.

Security and compliance awareness training is a bargain in comparison. It also offers the kind of ROI that makes budget controllers sit up and take notice. A look at the benefits of training in dollars and cents makes it clear that it’s a company’s smartest security investment.

Recent Breaches

The New York City Department of Education

Exploit: Supply Chain Risk

Risk to Small Business: Moderate: The New York City Department of Education has discovered that the personal information of an estimated 850,000 students was exposed in a supply chain service provider data breach in January. That incident occurred at Illuminate Education, a California-based company that provides software to track grades and attendance. An agreement that the vendor had with NYC Schools called for the data to be encrypted, but it was discovered to not have occurred at the time of the breach. The incident is under investigation by New York state officials.

Risk to Exploited Individuals: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

Customers Impacted: Unknown

Japan – Morinaga – Confectioner

Exploit: Hacking

Risk to Small Business: Severe:  Candy company Morinaga has announced that it has had a data breach impacting its online store. The incident has potentially exposed the personal information of more than 1.6 million customers who bought products from the candy maker between May 1, 2018, and March 13, 2022. The company also disclosed that their initial investigation confirmed that several of their servers had been subjected to unauthorized access “and that access to some data had been locked,” although there has been no clarification as to whether or not this was a ransomware attack. The confectioner also noted that there may be minor production impacts.

Risk to Exploited Individuals: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

Customers Impacted:  Unknown

 

Talk to a TCT team member today about implementing cyber security and phishing training plan for your staff.

Robert Brown
8/04/2022

Follow us on LinkedIn:

Related Articles:
Failproof Strategies for Better Cybersecurity
Phishing is the number one data breach risk for businesses