Security Breach Update
11 June 2020

460 Million Records Reported Stolen in May460 Million Records Reported Stolen in May   

A tally of May cybersecurity instances found that 460 million records were compromised last month, marking another staggering total in an already-historic year for cybersecurity. However, the sum only represents the beginning of the problem, as many data breaches are going unreported as companies fear regulatory repercussions and customer blowback. In addition, many data breaches also expose reams of sensitive personal data, making it difficult to quantify the full scope of the problem.

For businesses, this information has two prominent implications.

First, there is a growing need to identify compromised data on the Dark Web. As more records are stolen and distributed in the dark corners of the internet, companies need eyes and ears to know if their information is among the mountain of stolen data.

Secondly, the sheer number of compromised records makes it more important than ever for organisations to put additional barriers between their IT infrastructure and bad actors. If your staffer is reusing a password from a compromised retail account or using their pets name to log in, that can put you at risk for a breach by making it easy for cybercriminals to find a way into your systems.

Total Computer Technology together with our partner Dark Web ID can help keep accounts secure by alerting you when your staff’s compromised information hits the Dark Web.

It is a cost-effective solution that gives you peace of mind and gives you an opportunity to mitigate threats (like your staffer’s unwittingly compromised login credentials) before they become disasters.

Recent Breaches

United States – Westech International – Nuclear maintenance subcontractor

Exploit: Ransomware

Risk to Small Business: Severe: Cybercriminals associated with the MAZE ransomware group infiltrated company data before encrypting certain networks. The stolen files were subsequently posted online. Westech International is working with cybersecurity experts to identify the scope of the incident and restore access to encrypted data. In the meantime, the company will likely face significant fallout as its business relies on an industry that demands the highest cybersecurity standards.

Risk to Exploited Individuals: Severe: The company did not detail the specific information compromised in the breach, but the incident includes company emails and payroll information, which likely contain personal and financial data. Anyone impacted by this breach should immediately notify their financial institutions while taking steps to protect their personal information against misuse.

Customers Impacted:  Unknown

New Zealand – Earthquake Commission – Crown Entity  

Exploit: Accidental data sharing

Risk to Small Business: Severe: The Earthquake Commission has come under public scrutiny after the organization accidentally shared peoples’ personal information with a company lawyer and their client. The organization was quick to blame an employee who failed to implement data security stopgaps intended to prevent such an error. The breach has been a PR disaster for the company, which has been slow to notify victims and repair the damage. As a result, the Earthquake Commission is experiencing media scrutiny and intense customer blowback as those angered by the incident speak publicly about their frustration with the company.

Risk to Exploited Individuals: Severe: The breach exposed customers personal data, including names, addresses, and payment details. Victims should carefully monitor their accounts for potential misuse, while continuing to press the company to take necessary steps to secure this information.

Customers Impacted:  8,000

United States – Joomla – Content management system

Exploit: Unsecured database

Risk to Small Business: Severe:  Developers failed to secure backup files on a cloud storage platform, leaving people’s personal data exposed to the internet. The storage platform doesn’t automatically encrypt data, but enabling these security features is simple, making this incident an unforced error that was easily preventable. While the platform has secured the database, this breach will test users’ loyalty at a time when people are more willing than ever to leave businesses that can’t protect their information.

Risk to Exploited Individuals: Severe:  The data breach exposed personally identifiable information, including names, addresses, phone numbers, website addresses, business titles, encrypted passwords, IP addresses, and newsletters subscription preferences. Users should update their Joomla account passwords and any other account credentials using the same details. In addition, they need to carefully monitor incoming messages as this information is often used in phishing scams.

Customers Impacted:  2,700

Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
11/06/2020

Follow us on LinkedIn:

Related Articles:
Small businesses suffer more than a quarter of all breaches
Cyber Insurance Agencies increase scrutiny of COVID-19 claims

Written by