Breach News

This week, a Tampa Bay Credit Union gets spoofed, Canada sees an uptick in data breaches, and HR/Finance employees get caught in the cross-hairs of cybercrime.

Dark Web ID Trends:
Top Source Hits: Domains (99%) 
Top Compromise Type: ID Theft Forums (99%)
Top Industry: High-Tech / IT
Top Employee Count: 11 – 50 Employees

United States – Tampa Bay Federal Credit Union 

correct severe gauge Exploit: Debit card spoofing.
Tampa Bay Federal Credit Union: Financial services provider.
Risk to Small Business: 1.777 = Severe
Customers Impacted: Approximately 3,000, or 10% of all union members.
>> Read full details on our blog.

United States – Black Rock

extreme gauge Exploit: Database leak.
BlackRock: World’s largest asset manager and issuer of exchange-traded funds (ETFs).
Risk to Small Business: 1.777 = Severe
Customers Impacted: Over 12,000 advisers and sales representatives.
>> Read full details on our blog. 

United States- Hanover County 

correct severe gauge Exploit: Click2Gov breach of online payment portal.
Hanover County: Small county in the Commonwealth of Virginia.
Risk to Small Business: 2 = Severe
Customers Impacted: To be determined.
>> Read full details on our blog. 

Canada – Health Sciences North

correct severe gauge Exploit: System infection via zero-day virus.
Health Sciences North (HSN): Academic health science center and hospital.
Risk to Small Business: 2.111 = Severe
Customers Impacted: 
To be determined. 
>> Read full details on our blog. 

Canada – Coast Capital Savings 

extreme gauge Exploit: Phishing, “brute force,” and social engineering fraud.
Coast Capital Savings: Federal credit union headquartered in Surrey.
Risk to Small Business:  2.111 = Severe
Customers Impacted: 140 members. 
>> Read full details on our blog. 

United Kingdom – Newcastle’s Royal Grammar School 

correct severe gauge Exploit: Email spam.
Royal Grammar School (RGS): British independent school located in Newcastle.
Risk to Small Business: 2.111 = Severe
Customers Impacted: To be determined 
>> Read full details on our blog. 

France – Adverline

correct severe gauge Exploit: Magecart attack, also known as web card skimming.
Adverline: Paris-based online advertising company.
Risk to Small Business: 1.888 = Severe
Customers Impacted: To be determined. 
>> Read full details on our blog. 

New Zealand – 9 Websites

correct moderate gauge Exploit: Massive online data breach originating from Collection One.
9 Websites: A consortium of nine company websites that have asked to remain anonymous.
Risk to Small Business: 2 = Severe
Customers Impacted: Unknown.
>> Read full details on our blog. 

In Other News:

An Emerging Target for Data Breaches: HR and Finance Employees
As phishing attacks evolve in sophistication, human resource and finance teams are becoming caught in the crosshairs. Historically, such departments have been able to fend off poorly executed phishing campaigns. However, as hackers get smarter, so do their tactics. By adopting the writing styles of executives on social media, they can produce “look-alike” language that is capable of fooling even the most careful employees.

Many times, employee data can command a higher price tag on the Dark Web than customer data, since it is more likely to include social security numbers, dates of birth, names of dependents, and other lucrative data that can be used in perpetuity, instead of a one-time payment card fraud. When it comes to phishing attacks, it’s important to remember that human users are the weakest link the security chain.

What We’re Listening To
Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast 
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP

A Note

Does anyone actually know how consumers are affected by a data breach?
If you take a peek into a recent newspaper, you’re likely to see the words ‘data breach’ flash across headlines. The conversation surrounding data privacy is becoming increasingly commonplace, yet surprisingly scarce in acknowledging the actual consequences or outcomes for affected consumers. Although we are able to speculate as to what might happen to consumers, we are usually left wondering what actually does.

This void in information results in our entire industry viewing only part of the problem, as we cannot understand the link between the efficacy of security measures and the level of harm caused to end-users. As a sector, we know very little regarding how hackers transform data breaches into financial gain for themselves. What can we do to solve this?

Tapping into the vast resources of law enforcement agencies, large banks, and major card providers. Through collaboration, they can offer financial forensics, fraud detection, and task forces that can help attribute breaches to thefts and fraud. Some would argue that investments and partnerships must be made to acquire such information, but enhancing awareness could be the match that lights the fire, illuminating the path towards global data accountability by consumers and businesses alike.


Want to see how exposed you are? We can check your corporate domain for Dark Web breaches!

About Vic Levinson
Telecommunications and IT professional with over 27 years experience in Business Technology Solutions. Specializing in managed technologies solutions : hosted VoIP, cyber security, help desk, remote monitoring and maintenance, cloud work space and - the works. Founded Prime Telecommunications in 1993 and providing business communications solutions. Cloud Applications- everything from hosted network security, hosted Disaster Recovery, hosted printer management, data centers and colocation solutions for businesses.

Comments are closed.

%d bloggers like this: