Company cut off from Government Contracts after Data Breach
Last month, Perceptics, a maker of license plate readers used by the U.S. Customs and Border Patrol (CPB), endured a significant data breach that resulted in 65,000 files published to the Dark Web.
As a result, the company has been placed on a veritable government black-list, suspending Perceptics from procuring government contracts. Although the suspension is technically limited to the CPB, the notice, which cites “evidence of conduct indicating a lack of business honesty or integrity,” could shun the company from doing business with other government agencies.
Before the suspension, Perceptics had a 30-year working relationship with CPB, and their dissolution indicates the weight of unimpeachable cybersecurity standards for companies handling sensitive personal information on behalf of the government.
What’s more, Perceptics will still face administrative proceedings that will determine the company’s fate as it pertains to future work with the U.S. Government.
United States – Alive Hospice – Healthcare provider offering hospice and family support services
Exploit: Unauthorized email account access
Risk to Small Business: Severe: On May 6th, hackers gained access to an employee’s email account containing personally identifiable information for patients at Alive Hospice. Although the company quickly reset the account password, the intruder was able to view significant amounts of sensitive data. In this case, a single email account was able to compromise newsworthy amounts of patient data, while also interrupting business processes. Alive Hospice will incur the expense of credit and identity monitoring services, along with the less quantifiable reputational cost that accompanies a data breach.
Risk to Exploited Individuals: Severe: Although there is no indication that hackers have misused any company data, they did have access to patients’ names, contact information, dates of birth, social security numbers, driver’s license numbers, credit/debit card numbers, medical history information, treatment and prescription information, physician information, medical record number, Medicaid/Medicare numbers, health insurance information, and other in-house account details. Therefore, those impacted by the breach should enroll in the free credit and identity monitoring services being offered by Alive Hospice while remaining vigilant about monitoring their accounts for suspicious activity.
Customers Impacted: Unknown.
United Kingdom – St. John Ambulance – Non-profit providing first aid and emergency medical service training
Risk to Small Business: Severe: On July 2, the non-profit organization was affected by a ransomware attack that temporarily blocked St. John Ambulance from accessing training systems and customer data. The charity’s IT department was able to restore data from backups, claiming that normal operations were re-established in less than thirty minutes. This scenario underscores the importance of installing proactive cybersecurity measures, which enabled St. John Ambulance to avoid paying a ransom to recover their content.
Risk to Exploited Individuals: Severe: The personal information of everyone who opened an account or booked and attended a training course until February 2019 may have been compromised. Although St. John Ambulance expressed confidence that the information was not shared outside of the organization, hackers did gain access to names, course credentials, certificate information, invoicing details, and other course-related content. The company uses a third-party payment processing agent to execute transactions, so no payment information was compromised in the breach. Nevertheless, those impacted should carefully monitor their accounts for unusual activity.
Customers Impacted: Unknown
Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.
Protect your data, privacy and reputation, talk to a TCT sales team member today.
Follow us on LinkedIn: