24 May Security Breach – 24 May 2019
This week, hackers continue to phish for patient data from US healthcare providers, a British police website goes down, and Australians see a spike in credential stuffing attacks.
UK – British Transport Police
Exploit: Website hack
Risk to Small Business: Severe: A hack on the agency’s website, which is hosted by an external supplier, compromised the “latest news” section of its page. To continue providing timely updates to the public, officials redirected users to a Tumblr blog run by the police force. This informational website is not connected to the agency’s crime management or control systems, and operational capabilities were not diminished in any way.
Risk to Exploited Individuals: Severe: The agency indicated that a “small number” of staff details were made accessible during the breach, but they did not elaborate on the nature or scope of that information. Employees affiliated with the website should be vigilant about identity monitoring and credential use, as that information is the most likely to be compromised in such a breach.
Customers Impacted: Unknown.
Singapore – Red Cross
Exploit: Unprotected website access.
Risk to Small Business: Severe: A weak administrator password gave hackers access to the agency’s web form that allows potential blood donors to indicate their interest by supplying personal information, including blood type. The agency manually schedules donors using the provided information. In the wake of the attack, the organization brought the website offline and procured a third-party investigative firm to further examine the breach.
Risk to Exploited Individuals: Severe: Users who provided information to the Singapore Red Cross entered their names, contact number, email address, and blood type. Those impacted should procure identity monitoring services while also being mindful of their data’s potential misuse on the Dark Web.
Customers Impacted: 4,297
Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.
Protect your data, privacy and reputation, talk to a TCT sales team member today.
Follow us on LinkedIn:
Identity Theft is Real
The Rise of Security Attacks on Australian Businesses