Security Breach Update
11 July 2018

Overall a relative slow week in breaches, but not in the severity of the breaches!

A cyber-attack conducted against a small business hosting provider in Australia also highlights a “WORST case” scenario for a breach. I strongly encourage everyone to check out their website here for a sobering reminder of what a company crippled by a breach looks like.

When you cannot contact your customers to tell them that you have been breached, because you don’t even have a complete list of who your customers are… well, this is a good example of how damaging a breach can be.

Meanwhile global company, Google has been allowing third parties to read through people’s Gmail inboxes, according to a report by the Wall Street Journal.

While the creator of Gmail has promised to stop scanning emails on their platform to curate ads, the organization has been allowing third parties to access inboxes if the user has opted into email-based tools like travel itinerary planners. These third parties are not just using AI to snoop through messages either…oftentimes employees of the organization go digging for information themselves.

Recent Breaches

Australia – Cyanweb Solutions –Digital marketing and web provider based in Perth.
Exploit: DDos Attack, Web server compromise, data encryption/ ransomware & data destruction.
Risk to Small Business: Extreme/Total Devastation: This is a catastrophic event impacting Cyanweb and its 400 customers that relied on them for web hosting.
Risk to Exploited Individuals: Extreme/ Total Devastation: This breach may devastate the businesses that relied on Cyanweb. This will also impact those businesses downstream customers and the employees of the impacted businesses. The goal was maximum data loss/ total devastation.
Customers Impacted:  435 accounts. Only 12% of customer data survived the attack.

United States – ALERRT – A federally funded active shooter training centre for law enforcement.
Exploit: Negligence (no password required to access web server.)
Risk to Small Business: High: A breach that is a result of negligence dramatically reduces confidence in the company by consumers.
Risk to Exploited Individuals: Extreme: Compromised PII, password and correspondence that can be used to target and exploit individuals including law enforcement.
Customers Impacted:  65,000 officers, but this information could be harmful to anyone in the U.S. given how it could be used by domestic terrorists or other bad actors. 

UK – National Health Service – The public health services in the United Kingdom.
Exploit: Coding error/ misconfiguration leading to privacy violation.
Risk to Small Business: High: A breach of this size that essentially mislead those who specifically requested for their health information to be kept private would shake the trust of any customer. Privacy laws, including the EU’s GDPR, will impose harsh fines and penalties for similar incidents moving forward.
Risk to Exploited Individuals: High: The data was exposed externally and picked up by hackers.
Customers Impacted:  150,000 patient details.

Do you know if your business has had a data leakage?

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
11/07/2018

Follow us on LinkedIn:

Related Articles:
Types of Cyber Attacks
SonicWall Invents Real-Time Deep Memory Inspection Technology

Written by