Security Breach – 17 Oct 2019

Security Breach – 17 Oct 2019

20,000 E-commerce Sites Could Be Compromised by Magecart20,000 E-commerce Sites Could Be Compromised by Magecart

Providing an online shopping experience is increasingly critical for SMBs looking to stay ahead of the competition. Unfortunately, malware attacks are infecting the checkout page of many stores, compromising customer payment data and undermining companies’ efforts to attract business through their websites.

This reality became even more prescient this week when the notorious Magecart malware infected Volusion, a cloud hosting platform for online stores. Already, more than 6,500 stores have been compromised, and Volusion boasts a customer base of more than 20,000 companies, so the number of infected web stores might continue to grow.

Most prominently, Volusion hosts the Sesame Street Live online store, which was brought offline after the attack was revealed.

Now thousands of companies will be left grappling with the consequences of lost sales both now and in the future. Notably, this underscores the importance of understanding the specific cyberthreat landscape that most prominently impacts your business.

Recent Breaches

United States – Methodist Hospitals – Community-based healthcare system located in Gary, Indiana

Exploit: Phishing attack

Risk to Small Business: Extreme: A successful phishing attack against two employees compromised the private health data for thousands of patients. The incident occurred in June, but the healthcare provider didn’t finish investigating the breach until August. It’s unclear why the company waited two months before making the breach public. Regardless, Methodist Hospitals will face intense regulatory scrutiny due to the nature of information involved.

Risk to Exploited Individuals: Severe: The compromised data was accessed on June 12th or between July 1st and July 8th. It included patient names, addresses, health insurance information, Social Security numbers, government ID information, passport numbers, financial account numbers, payment card information, electronic signatures, usernames, and passwords. This incredibly expansive data set has great value on the Dark Web, as it can be used to perpetuate additional cybercrimes. Therefore, those impacted by the breach should take every precaution to protect their data, including contacting their financial institutions and enrolling in credit and identity monitoring services

Customers Impacted: 68,039

Canada – PAL Airlines – Economy airlines serving multiple locations

Exploit: Unauthorized database access

Risk to Small Business: Severe: A single employee email account was compromised, giving hackers access to sensitive customer and employee data. In response, the company is working with the federal authorities to determine the exact cause and scope of the incident. In the meantime, the airline is making efforts to contact customers, a necessary next step but one that is also unlikely to reduce the blowback resulting from lax cybersecurity standards.

Risk to Exploited Individuals: Moderate:  Although hackers only accessed limited amounts of personal information, they did have access to customer and employee names, dates of birth, and credit card information. This data can quickly spread on hacker forums and Dark Web marketplaces, so those impacted by the breach should notify their financial institutions of the breach while also monitoring their accounts for unusual or fraudulent activity.

Customers Impacted:  Unknown

Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown

Follow us on LinkedIn:

Related Articles:
2019 on Pace to Set Data Breach Record
Goodbye Windows 7 – You’ve been great!

Log a Job: