Security Breach Update
25 January 2019

As phishing attacks evolve in sophistication, human resource and finance teams are becoming caught in the crosshairs.

Historically, such departments have been able to fend off poorly executed phishing campaigns.

However, as hackers get smarter, so do their tactics. By adopting the writing styles of executives on social media, they can produce “look-alike” language that is capable of fooling even the most careful employees.

Recent Breaches

United States – Tampa Bay Federal Credit Union
Exploit: Debit card spoofing.
Risk to Small Business: Severe: The debit card information of union members was recently spoofed, a technique in which cybercriminals input Bank Identification Numbers (BINs) to a software from the Dark Web that generates fake debit cards and links them to actual accounts.Thankfully, no members incurred any financial losses, but the credit union will be forced to cancel and reissue debit cards to thousands of account holders. Although there is a small risk of customer churn due to impatient members having to wait for new cards, the costs associated with card reissuance pose greater monetary risk for financial institutions.
Risk to Exploited Individuals: Severe: Since cards will be getting reissued, it is important for union members to closely monitor their mail and ensure that they receive their new debit cards.
Customers Impacted: Approximately 3,000, or 10% of all union members.

United Kingdom – Newcastle’s Royal Grammar School
Exploit: Email spam.
Risk to Small Business: Severe: In this incident, hackers attempted to scam parents of Newcastle students by asking them to pay school fees in bitcoin to receive a 25% discount. Since the attackers had access to the email addresses of parents, the Information Commissioner’s Office (ICO) is investigating to learn more and advising caution regarding future phishing attacks targeted towards schools.
Risk to Exploited Individuals: Severe: It is still unknown how hackers gained access to parents’ email addresses, which could put personal information at risk. However, it is unlikely that payment details were exposed.
Customers Impacted:  Yet to be determined.

New Zealand – 9 Websites – A consortium of nine company websites that have asked to remain anonymous.
Exploit: Massive online data breach originating from Collection One.
Risk to Small Business: Severe: In the aftermath of the recent mega-breach dubbed Collection One, nine New Zealand companies reported being compromised. Auckland florist Blooms Online, one of the companies affected by the breach, stated it was unaware of the breach until contacted by radio broadcaster RNZ. Although only emails and passwords were exposed, it remains to be seen if hackers will be able to leverage the data to orchestrate sophisticated fraud schemes targeted towards small businesses and customers.
Risk to Exploited Individuals: Moderate: Since the nine companies affected only exposed emails and passwords, the impact on individual consumers is minimal for now. However, it is important that consumers across the globe monitor their personal and payment accounts for suspicious activities and change their passwords in order to protect from future cyber-attacks resulting from this personal information leak.
Customers Impacted:  Unknown at this time.

Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
25/01/2019

Follow us on LinkedIn: 

Related Articles:
Phishing Emails – A Constant Threat
Cyberattacks: The Number One threat to Aussie Businesses

 

Written by