16 Oct Security Breach – 17 Oct 2019
20,000 E-commerce Sites Could Be Compromised by Magecart
Providing an online shopping experience is increasingly critical for SMBs looking to stay ahead of the competition. Unfortunately, malware attacks are infecting the checkout page of many stores, compromising customer payment data and undermining companies’ efforts to attract business through their websites.
This reality became even more prescient this week when the notorious Magecart malware infected Volusion, a cloud hosting platform for online stores. Already, more than 6,500 stores have been compromised, and Volusion boasts a customer base of more than 20,000 companies, so the number of infected web stores might continue to grow.
Most prominently, Volusion hosts the Sesame Street Live online store, which was brought offline after the attack was revealed.
Now thousands of companies will be left grappling with the consequences of lost sales both now and in the future. Notably, this underscores the importance of understanding the specific cyberthreat landscape that most prominently impacts your business.
United States – Methodist Hospitals – Community-based healthcare system located in Gary, Indiana
Exploit: Phishing attack
Risk to Small Business: Extreme: A successful phishing attack against two employees compromised the private health data for thousands of patients. The incident occurred in June, but the healthcare provider didn’t finish investigating the breach until August. It’s unclear why the company waited two months before making the breach public. Regardless, Methodist Hospitals will face intense regulatory scrutiny due to the nature of information involved.
Risk to Exploited Individuals: Severe: The compromised data was accessed on June 12th or between July 1st and July 8th. It included patient names, addresses, health insurance information, Social Security numbers, government ID information, passport numbers, financial account numbers, payment card information, electronic signatures, usernames, and passwords. This incredibly expansive data set has great value on the Dark Web, as it can be used to perpetuate additional cybercrimes. Therefore, those impacted by the breach should take every precaution to protect their data, including contacting their financial institutions and enrolling in credit and identity monitoring services
Customers Impacted: 68,039
Canada – PAL Airlines – Economy airlines serving multiple locations
Exploit: Unauthorized database access
Risk to Small Business: Severe: A single employee email account was compromised, giving hackers access to sensitive customer and employee data. In response, the company is working with the federal authorities to determine the exact cause and scope of the incident. In the meantime, the airline is making efforts to contact customers, a necessary next step but one that is also unlikely to reduce the blowback resulting from lax cybersecurity standards.
Risk to Exploited Individuals: Moderate: Although hackers only accessed limited amounts of personal information, they did have access to customer and employee names, dates of birth, and credit card information. This data can quickly spread on hacker forums and Dark Web marketplaces, so those impacted by the breach should notify their financial institutions of the breach while also monitoring their accounts for unusual or fraudulent activity.
Customers Impacted: Unknown
Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.
Protect your data, privacy and reputation, talk to a TCT sales team member today.
Follow us on LinkedIn: