Security Breach Update
26 Sept 2019

2019 on Pace to Set Data Breach Record2019 on Pace to Set Data Breach Record

You could already guess that data breaches are increasing. Those presumptions are being confirmed by hard data as a new data breach report reveals that 2019 is poised to be the most destructive year yet when it comes to data integrity.

The 2019 Midyear Quickview Data Breach Report found that the number of data breaches that exposed records increased by 54% in the first half of the year. Concurrently, the number of records exposed in these breaches increased 52%.

The business sector is responsible for the vast majority of these compromised records, with nearly 85% originating with companies that collect and store user data.

This reality underscores the challenge of doing business in the digital age.

On one hand, big data is the lifeblood of the internet economy, and companies can lose a significant competitive edge if they decline to collect customer information.

However, when that data is compromised, it costs companies significant sums that can offset many of the advantages generated by this type of data collection.

Recent Breaches

Australia – Seek – Online employment marketplace

Exploit: Phishing attack

Risk to Small Business: Severe:  A phishing campaign is impersonating the company’s head of digital marketing. The email contains the subject line “files have been sent to you via Hightail,” and users who open the attachment are redirected to a phony Office365 page that prompts users to input their credentials. The campaign was likely instigated when the employee’s credentials were compromised in a previous breach, and while they are prioritizing communication, the phishing campaign could quickly lead to additional more invasive and harmful data loss events.

Risk to Exploited Individuals: Severe:  The credentials of anyone who opened this email and followed the prompts are undoubtedly compromised. These users should immediately contact their company’s IT department to notify them of the situation, and they should update their passwords to secure their account going forward. At the same time, they should be aware that this information can be leveraged to perpetuate additional attacks, and they should closely monitor their accounts for unusual activity.

Customers Impacted: Unknown

New Zealand – Lumin PDF – Cloud-based service PDF service provider

Exploit: Unauthorized database access

Risk to Small Business: Severe:  Hackers obtained and published a spreadsheet containing the personal information of every Lumin PDF user. The information was acquired from a database in April 2019, and it was published after repeated attempts to contact the company. Since then, the data was accessed by an additional hacking group, which left a ransom note for the company before deleting the data. The company’s slow response, given that they did not acknowledge the breach until September 17, reflects a general malaise about data security that most consumers would find completely unacceptable in 2019.

Risk to Exploited Individuals: Severe:  The compromised database was comprised of personal information for users until April 2019. This includes names, email addresses, gender and location data.

Most entries also included a Google access token, but nearly 119,000 included hashed passwords.

This information is accessible on the internet, and those impacted by the breach should assume that it will be deployed by bad actors to enact more damaging cybercrimes. Therefore, they should enrol in identity monitoring services to ensure the long-term veracity of their information and should be especially vigilant of any unusual account activity or communications.

Customers Impacted:  24.3 Million

Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
26/09/2019

Follow us on LinkedIn:

Related Articles:
Business Email Compromise Overtakes Ransomware with Insurance Claims
British Airways record $329m fine over data breach

Written by