• A new CheckPoint report shows that 44 percent of all phishing attacks involve emails that use Microsoft as the spoofed brand. Microsoft was the brand used as bait in 19 percent of all forms of phishing last quarter. 
  • Barnes & Noble acknowledged what they initially thought was a systems error earlier in October turned out to be a cyberattack on some of its systems. 
  • Cyberthieves posted three million credit cards for sale on the dark web earlier in the month stolen from Dickey’s BBQ restaurant chain throughout 2019 and 2020. 
  • Darkside announced they donated $20,000 in bitcoins to two global charities. Darkside claims they do not attack schools, hospitals or governments, and instead focus on highly profitable, large corporations. 
  • If you are the victim of a phishing attack or data compromise, contact the Identity Theft Resource Center for no-cost assistance at 888.400.5530 or by live-chat on the company website. 

A new report reveals how frequently identity criminals use well-known brands to trick people into sharing their personal information. CheckPoint Security researchers say one company has jumped to the top of the heap when it comes to fake emails and fake websites involved in brand phishing attacks – Microsoft.  

Subscribe to the Weekly Breach Breakdown Podcast 

Every week, the Identity Theft Resource Center (ITRC) looks at some of the top data compromises from the previous week and other relevant cybersecurity news in our Weekly Breach Breakdown podcast. This week, we take a look at CheckPoint’s latest survey and what it means, as well as two data compromises that recently prompted consumer notices, and a ransomware group donating to charities.  

Brand Phishing Attacks 

There are different types of phishing attacks. What is a brand phishing attack? In this attack style, a cybercriminal imitates a well-known brand’s official website by using a web address and webpage design similar to the real thing. A link to the fake website is then sent to people by email, text message, or social media.

The fake webpage often contains a form intended to steal the credentials, payment details, or other personal information of the people caught in the phisher’s net.  

While many of the spoofed websites are fake with poor spelling or grammar, these emails, websites, texts and social media accounts are increasingly sophisticated and highly accurate imitations that even trained professionals don’t spot at first glance. 

Report Reveals Microsoft as the Top Spoofed Brand 

CheckPoint’s current report shows that 44 percent of all phishing attacks involve emails that use Microsoft as the spoofed brand. Forty-three percent of all types of phishing attacks involve fake websites, and Microsoft is again the number one brand used to lure unsuspecting users.

As tolled, Microsoft was the brand used as bait in 19 percent of all forms of phishing last quarter.  

However, Microsoft is not the only brand in the crosshairs of cybercriminals. The rest of the top ten brands currently being used in phishing campaigns include: 

  • Google (nine percent) 
  • PayPal (six percent) 
  • Netflix (six percent) 
  • Facebook (five percent) 
  • Apple (five percent) 
  • WhatsApp (five percent) 
  • Amazon (four percent) 
  • Instagram (four percent) 

How to Avoid a Phishing Attack 

The best way to avoid falling victim to all types of phishing attacks is to ignore unsolicited emails and texts that include links. If anyone receives a notice from a company where they do business, they should log in directly to their account to verify the message they received was real.

Anyone who gets a notice can also go to the company website directly and contact them. Under no circumstances should anyone click on a link or call a telephone number in an unexpected email.  

Barnes & Noble Data Compromise 

We also want to tell you about two recent data compromises that led to consumer notices. Barnes & Noble – the online brick and mortar bookseller – acknowledged what they initially thought was a systems error earlier in October was, in fact, a cyberattack on some of the company’s systems.

Customer email addresses, billing and shipping addresses, telephone numbers and transaction histories may have been involved in the security breach. Barnes & Noble says there is no evidence of a data exposure. However, they are not ruling out the possibility. 

Dickey’s BBQ Data Compromise 

The Barnes & Noble breach is different from the circumstances at the Dickey’s BBQ restaurant chain. Cyberthieves posted three million credit cards for sale on the dark web earlier in the month stolen from the popular eatery throughout 2019 and 2020. Security researchers believe 156 Dickey’s locations across 30 states likely had payment systems compromised by card-stealing software.  

“Darkside” Ransomware Group Tries to Claim its Legitimacy 

Finally, the ransomware group known as “Darkside” is trying its hand at brand building just like a legitimate company. This week Darkside announced they had donated $20,000 in bitcoins to two global charities. Darkside claims they do not attack schools, hospitals or governments, and instead focus on highly profitable, large corporations.  

Security researcher Chris Clements notes, “The most troubling realization here is that the cybercriminals have made so much money through extortion that donating $20,000 is chump change to them.”  

Neither of the two charities has acknowledged receiving the donation and say they will not keep it if it turns out to be true. 

notifiedTM 

For more information about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notifiedTM. It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.  

Contact the ITRC 

If you accidentally click on a link of a brand phishing attack or provide information to what you discover later was a fake website form, contact the ITRC toll-free at 888.400.5530 or live-chat with an expert advisor on the company website. An advisor will walk you through the steps to take to protect yourself from any possible identity misuse. 

If you receive a breach notice due to the Barnes & Noble or Dickey’s BBQ events or any other data compromise and you’d like to know how to protect yourself, contact the ITRC to speak with an expert advisor. Also, download the free ID Theft Help App to access advisors, resources, a case log and much more. 

Join us on our weekly data breach podcastto get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.  


Read more of our latest articles below

Identity Theft Resource Center® Reports 30 Percent Decrease in Data Breaches so Far in 2020

Election Scams Begin to Surface with the General Election Less than One Month Away

Recent Insider Attacks Stress the Importance of Smart Business Practices

While data breaches are down, a single ransomware attack at Blackbaud exposed information from at least 247 organizations that have issued their own breach notices 

SAN DIEGO, October 14, 2020 – Today, the Identity Theft Resource Center® (ITRC), a nationally recognized non-profit organization established to support victims of identity crime, released its U.S. data breach findings for the third quarter of 2020. 

According to the data breach analysis, publicly-reported U.S. data breaches have dropped 30 percent year-to-date compared to 2019. More than 292 million individuals have had their identities compromised so far in 2020, a 60 percent drop from 2019. Mass data breaches of personal information continue to decline while cyberattacks are up as threat actors focus on ransomware, phishing, and brute force attacks that use already available identity information to steal company funds and COVID-19 related government benefits. 

Despite the encouraging data breach numbers, a single ransomware attack at Blackbaud exposed information from at least 247 organizations that have issued their own breach notices as of September 30, 2020

Cyberattacks were the primary cause of data compromises reported in Q3 2020, with phishing and ransomware attacks the most common attack vectors. However, viewing Blackbaud as a series of attacks and not a single event, supply chain attacks were the most common exploit.

Download the Identity Theft Resource Center’s 2020 Third-Quarter Data Breach Analysis and Key Takeaways 

“It is encouraging to see the number of data breaches continue to decline in 2020,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center. “If data breaches continue at this pace for the remainder of 2020, we could see our lowest number of breaches since 2015.” 

While data breaches are dropping, the Blackbaud data breach has skewed the numbers significantly. Of the 247 organizations to issue breach notices to their customers, only 58 have disclosed the number of individuals impacted by the breach – 6,981,091. If the Blackbaud data breach is treated as a series of events, data breaches have only decreased by 10 percent compared to 2019.  

“If anyone gets a breach notice connected to the Blackbaud data breach, they should act immediately because their information could still be available,” Velasquez said. “Whenever someone receives a breach notice, they need to act quickly and decisively because of the risks that come with personal information being exposed.” 

For more information about recent data breaches, or any of the data breaches discussed in Q3, consumers and businesses should visit the ITRC’s new data breach tracking tool, notifiedTM. It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free. 

For consumers who have been victims of a data breach, the ITRC recommends downloading its free ID Theft Help app to manage the various aspects of an individual’s data breach case. 

Anyone can receive free support and guidance from a knowledgeable live-advisor by calling 888.400.5530 or visiting www.idtheftcenter.org to live-chat. 

About the Identity Theft Resource Center® 

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nationally recognized non-profit organization established to support victims of identity crime in resolving their cases, and to broaden public education and awareness in the understanding of identity theft, data breaches, cybersecurity, scams/fraud, and privacy issues. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its call center, website, social media channels, live-chat feature and ID Theft Help app. For more information, visit: https://www.idtheftcenter.org

Media Contact 

Identity Theft Resource Center 
Alex Achten  
Earned & Owned Media Specialist 
888.400.5530 Ext. 3611 
media@idtheftcenter.org  

  • Shopify and Instacart recently suffered data breaches from insider attacks, stressing the importance of not allowing too much access to employees. 
  • Consumers who receive a breach notice regarding either data breach should follow the advice. They should also change their username and password to any breached accounts, add two-factor authentication if possible, and watch for attempts like phishing emails looking to collect personal information. 
  • Businesses should reduce access and privileges based on an employee’s position, adopt a zero-trust framework, and put tools in place to track data movements.  
  • To learn more about the latest data breaches, visit the Identity Theft Resource Center’s (ITRC) data breach tracking tool, notifiedTM
  • If you believe you are a victim of a data compromise, contact the ITRC toll-free at 888.400.5530 or via live-chat on the company website. 

Not all data breaches are the result of professional cybercriminals hacking their way into a company. Sometimes, data compromises happen because of malicious insiders who want to make a quick buck. That’s what happened to Shopify, a popular online e-commerce platform used by small retailers and global brands alike.  

Subscribe to the Weekly Breach Breakdown Podcast  

Every week, the Identity Theft Resource Center (ITRC) looks at some of the top data compromises from the previous week, and other relevant cybersecurity news in our Weekly Breach Breakdown podcast. This week, we look back at the Shopify data breach in an episode titled “Shopify ’til You Drop.” 

About Shopify 

Shopify is a Canadian e-commerce company founded in 2006 that’s considered a go-to vendor for online retailers of all sizes worldwide. Shopify provides an e-commerce platform that supports over one million merchants in 175 countries. Some of the merchants include big names like Tesla, Sephora and Kylie Cosmetics. Shopify also has smaller mom and pop-type retailers. 

Shopify Data Breach 

As the ITRC reported at the beginning of the month, the Shopify data breach happened when two Shopify’s employees collected information from merchants on the Shopify platform. Information siphoned-off includes personal information about customers and their transactions, email addresses, names, physical addresses, products, and services purchased, as well as partial payment card information. 

In late September, Shopify notified the impacted merchants and posted a notice online informing website visitors of the data breach caused by the now-former malicious employees. Once Shopify security teams figured out what was happening, the number of compromised companies was nearly 200. 

How Does This Happen? 

Attacks from malicious insiders are not rare. However, they are not common, either. IBM’s 2019 data breach report shows that seven percent of all data events studied are from insiders intent on stealing information. 

When an insider attack happens, it’s almost always because companies allow rogue employees, contractors or partners too much access. Another problem is so many employees working remotely, making it difficult for cybersecurity teams to keep up with who is moving data and where. 

Other Recent Insider Attacks 

The Shopify data breach is not the only malicious insider attack in the past two months. Instacart and Tesla both disclosed similar incidents in the last 45 days.  

Instacart says two tech support vendor employees possibly reviewed more shopper profiles than necessary in their roles as support agents. Since the incident, Instacart notified around 2,200 shoppers of the data breach. 

One week after the Instacart compromise, Tesla announced the company was targeted by a Russian cybercrime organization that tried to recruit U.S. employees to install malware on a Tesla factory’s internal network. Rather than take the deal, the Tesla employee being recruited reported the attempt to Tesla and the FBI. 

What Consumers Should Do 

If anyone receives a breach notice from a Shopify or Instacart merchant, don’t ignore it. Consumers should take the advice in the letter and complete the following actions: 

  • Change your username and passwords for any breached accounts. Make sure you have a unique password for every account you have. 
  • Add two-factor authentication to your accounts, if possible. 
  • Watch out for phishing emails, texts, links to websites and other attempts to collect financial or other personal information.  

What Businesses Should Do 

Business leaders should consider some steps to take to protect their company and customers from insider threats. Those steps include: 

  • Reduce privilege access based on the employee and their position. Ensure they have access to the least amount of information needed to do their jobs and provide a good customer experience. 
  • Watch data movements across the entire company environment, whether employees are on or off the network.  
  • Adopt a zero-trust framework so your security team can better track who is coming in and out of your network.  
  • Put tools in place to give visibility into file movements, enabling your security team to verify that corporate intellectual property and sensitive data is not leaving the organization.  

notifiedTM  

For more information about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notifiedTM. It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free. 

Contact the ITRC 

If you received a breach notice due to the Shopify of Instacart insider attacks, or any other data compromise, and you’d like to know what steps to take to protect yourself, contact the ITRC to speak with an expert advisor toll-free at 888.400.5530. You can also live-chat with an advisor on the company website. Victims of a data breach can download the free ID Theft Help App to access advisors, resources, a case log and much more.  

Join us on our  weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform. 


Read more of our latest blogs below

Blackbaud Ransomware Attack Significantly Impacts Q3 Data Breach Trends

Shopify Data Exposure Affects Hundreds of Online Businesses

50,000+ Fake Login Pages for Top Brands from Credential Theft

  • Data breaches are down 30 percent in Q3 of 2020 compared to Q3 of 2019 when you look at the Blackbaud ransomware attack as a single event. 
  • Data breaches are down 10 percent in Q3 of 2020 compared to Q3 of 2019 when you look at the Blackbaud ransomware attack as a series of data breaches.  
  • Regardless of how the Blackbaud ransomware attack is viewed, the number of individuals impacted by a data breach is down nearly two-thirds.  
  • Anyone who believes they are a victim of a data breach is encouraged to contact the Identity Theft Resource Center to learn more about the next step to take. Victims can call toll-free at 888.400.5530 or live-chat with an expert-advisor on the company website. 

2020 has seen many different data breach trends. In the first half of 2020, the Identity Theft Resource Center (ITRC) reported a 33 percent decrease in data breaches and a 66 percent decrease in individuals impacted. The ITRC has compiled the Q3 2020 data breach statistics, and the number of compromises has dropped. However, there is one data breach that skews all the data. 

Two Ways to Look at the Numbers 

With the ongoing global pandemic and one particularly nasty ransomware attack against IT service provider, Blackbaud, reported in the third quarter, the Q3 numbers can be interpreted in two ways. 

Data Breaches Down 30 Percent Treating Blackbaud as a Single Event 

If we treat the Blackbaud attack as a single event, the number of data compromises reported so far in 2020 remains well below the 2019 trend line, with nearly a 30 percent decrease year-over-year. Looking at the rest of 2020, absent a significant data breach, 2020 could end with just over 1,000 data breaches. That would be the lowest number of breaches in five years, dating back to 2015. 

Data Breaches Down 10 Percent Treating Blackbaud as a Series of Breaches 

If the Blackbaud ransomware attack is treated as a series of data breaches, the year-over-year trend line changes significantly. However, the number of data breaches is still down in comparison to 2019. There have been 247 data breaches reported as a result of the Blackbaud ransomware attack. Once you add those to the overall number of data compromises, we go into Q4 with a 10 percent decrease in data breaches compared to this time last year.  

Individuals Impacted by Data Breaches Down Two-Thirds 

No matter how Blackbaud is categorized, one data point remains the same: the number of individuals who have been impacted in 2020 by an information breach. So far in 2020, roughly 292 million people have had their personal information compromised, nearly two-thirds fewer people than in 2019. The ITRC will have more information to share on our Q3 Data Breach Trends Report, which will be released later in October. We will also discuss the details on our sister podcast, The Fraudian Slip, in two weeks. 

Subscribe to the Weekly Breach Breakdown Podcast 

Every week, the ITRC looks at some of the top data compromises from the previous week, and other relevant cybersecurity news in our Weekly Breach Breakdown podcast. This week, we are looking at the Q3 data breach trends and the latest numbers.  

notifiedTM 

For more information about recent data breaches, or any of the data breaches discussed in Q3, consumers and businesses should visit the ITRC’s new data breach tracking tool, notified. It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free. 

Contact the ITRC 

If you receive a breach notice due to the Blackbaud ransomware attack or any other data compromise and want to know what steps to take to protect yourself, contact one of the ITRC expert advisors by phone toll-free 888.400.5530, or by live-chat on the company website. Victims of a data breach can also download the free ID Theft Help App to access advisors, resources, a case log and much more. 

Join us on our weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform. 


Read more of our latest news below

Shopify Data Exposure Affects Hundreds of Online Businesses

Dunkin Donuts Data Breach Settlement Highlights Busy Week of Data Compromise Updates

50,000+ Fake Login Pages for Top Brands from Credential Theft

  • Shopify recently announced that two support team members allegedly committed insider theft and obtained transactional records of at least 100 merchants.  
  • Data exposed in the Shopify data compromise includes names, physical addresses, email addresses, products, and services purchased. 
  • Businesses should consider reducing their privilege access based on the employee’s status, watch data movement across the company, and have tools to give visibility to file activities. 
  • Consumers should change their usernames and passwords for their Shopify account, keep an eye out for phishing emails, and act on a breach notification letter if they receive one. 
  • Anyone impacted by the Shopify data exposure can call the ITRC toll-free at 888.400.5530, or live-chat on the company website with an expert advisor.  

The E-commerce platform, Shopify, is used by online businesses and retail point-of-systems all over the world. One of the most notable companies is Kylie Cosmetics, Kylie Jenner’s well-known make-up company. Kylie Cosmetics is one of an unknown number of merchants, believed to be between 100 – 200 merchants, impacted by a recent Shopify data exposure. While information is still limited, there are important facts and tips for both consumers and businesses to know about this case of an insider threat.  

What Happened 

On September 22, Shopify announced that two members of their support team were engaged in a scheme to obtain customer transaction records from merchants. While there is no evidence of the data of the impacted merchants being utilized right now, the e-commerce company says they are only in the early stages of the investigation. Data exposed by the Shopify compromise includes email addresses, names, physical addresses as well as products and services purchased. 

According to MarketWatch, the order details do not include financial information like credit card information or additional personal information. Shopify says most of their merchants are not affected, and the ones that are have been notified. They say they will also be updating affected merchants as more information becomes available. 

How the Shopify Data Exposure Impacts Businesses 

More people are working from home now than ever due to COVID-19, which means remote workers may have more access privileges than usual with fewer security restrictions. The Shopify data exposure is a great example of the dangers of an organization offering employees too much access privilege. Security experts also say that insider threats are growing with more people getting accustomed to working from home. 

How Businesses Can Protect Themselves 

  • Reduce privilege access based on the employee and their position. 
  • Watch data movements across the entire company environment whether employees are on or off the network. 
  • Adopt a zero-trust framework so the security team can better track who is coming in and out of the network. 
  • Have tools in place that give visibility into file movements, enabling them to verify that corporate intellectual property and sensitive data is not leaving the organization. 

How the Shopify Data Exposure Impacts Consumers 

While only names, email addresses and address information were exposed, consumers affected by the Shopify data exposure could be at risk of receiving phishing emails or other emails that try to target financial information.  

What Consumers Should Do  

  • Change their usernames and passwords for their account. 
  • Watch out for phishing emails and other emails attempting to collect financial information or other personally identifiable information (PII). 
  • Watch for a breach notification letter. If they get one, it should not be ignored. Consumers need to act and follow the steps provided in the letter. Consumers should also take advantage of credit monitoring if it is provided and consider freezing their credit. 
  • While full payment information is not believed to be involved, it is still a good idea for consumers to regularly check their accounts for any suspicious activity.  

Contact the Identity Theft Resource Center 

Victims of the Shopify data exposure are encouraged to contact the Identity Theft Resource Center (ITRC) toll-free at 888.400.5530 or live-chat with an expert advisor on our website. Data breach victims can also download the ITRC’s ID Theft Help app to access resources, advisors, a case log and much more. 


Read more of our latest news below

iPhone 12 Chatbot Scam Begins to Spread Through Text Messages

Dunkin Donuts Data Breach Settlement Highlights Busy Week of Data Compromise Updates

50,000+ Fake Login Pages for Top Brands from Credential Theft

  • A recent report by Comparitech says that six percent of all Google Cloud environments are misconfigured and left open to the web for anyone to see.  
  • Dunkin Donuts settled in a lawsuit with the State of New York after being accused of not taking appropriate action in response to two cyberattacks dating back to 2015.
  • 217 Blackbaud users have announced they are impacted by the technology services provider data breach. The breach has affected at least 5.7 million individuals.
  • To learn about the latest data breaches, visit the Identity Theft Resource Center’s (ITRC) data breach tracking tool, notifiedTM. Consumers impacted by a data breach can call the ITRC at 888.400.5530 or live-chat with an expert advisor on the company website.

It’s a busy week in the world of data breaches. A report released reports six percent of all Google Cloud environments are misconfigured and left open to the web where anyone can view them; Dunkin Donuts paid a settlement over a series of cyberattacks that resulted in multiple Dunkin Donuts data breaches; There’s also an update in the data breach of Blackbaud.

Subscribe to the Weekly Breach Breakdown Podcast

Every week, the Identity Theft Resource Center (ITRC) looks at some of the top data compromises of the previous week in our Weekly Breach Breakdown podcast. This week, Dunkin, Blackbaud and Google Cloud highlight the list.

Misconfigured Google Cloud Environments

2020 has had its share of high-profile data events. Sar far in September, an estimated 100,000 customers of a high-end gaming gear company had their private information exposed from a misconfigured server. Another misconfigured server impacted 70 dating and e-commerce sites, leaking personal information and dating preferences. In Wales, personally identifiable information (PII) of Welsh residents who tested positive for COVID-19 was exposed when it was uploaded to a public server.

According to a recent research report published by Comparitech, six percent of all Google Cloud environments are misconfigured and left open to the web where anyone can view their contents. Amazon, the largest cloud provider, has also had issues with clients failing to secure their databases. There is no evidence that any of the data was stolen or misused by threat actors. However, the kinds of data Comparitech uncovered includes thousands of scanned documents such as passports, birth certificates and personal profiles from children. This is not considered a data breach. Rather, it is categorized as a data exposure because their information was not taken; it was just exposed on the internet. With that said, it is a poor cybersecurity practice that puts consumers at risk.

If anyone uses a cloud database in their business, they should make sure their information is secure, starting with a password.

Dunkin Donuts Data Breach Settlement

Dunkin, the company many know as Dunkin Donuts, experienced multiple data breaches where at least 300,000 customers’ information was stolen. A settlement from a lawsuit with the State of New York was reached due to the Dunkin Donuts data breaches. The lawsuit alleged that Dunkin Donuts failed to take appropriate action in response to two cyberattacks dating back to 2015.

The New York Attorney General says Dunkin Donuts failed to notify its customers of a 2015 breach, reset account passwords to prevent further unauthorized access, or freeze the store customer cards registered with their accounts. The State also claimed Dunkin Donuts failed to implement appropriate safeguards to limit future attacks.

The company was notified by a third-party vendor in 2018 that customer accounts had, again, been attacked. Although the company contacted customers after the 2018 Dunkin Donuts data breach, the State claimed the notification was incomplete and misleading.

Dunkin Donuts will pay the State $650,000, refund New York customers impacted by the data breach, and will be required to take additional steps to prevent further Dunkin Donuts data breaches.

Businesses with customers in New York should check to see if the State’s new privacy and cybersecurity law, known as New York SHIELD, applies to them. It has very specific notice requirements in the event personal information is exposed in a data breach.

Blackbaud Data Breach Update

The ITRC notified consumers of a data breach of Blackbaud in August. The technology services provider announced in July that data thieves stole information belonging to the non-profit and education organizations that use Blackbaud to process client information. The cybercriminals demanded a ransom, and Blackbaud paid it in exchange for proof the client information was destroyed.

Since the data breach of Blackbaud was announced, 217 different Blackbaud users of all shapes and sizes have reported their client’s information was impacted in the ransomware attack. Not every organization has listed how many people have been affected. However, the latest count from the organizations that have is 5.7 million individuals.

Blackbaud has not shared the number of customers with compromised information. Instead, they have relied on the customers to self-report it. Breach notices continue to be filed each day, and the ITRC will keep consumers updated on any future developments. 

notifiedTM

For more information about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notified. It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.

Contact the ITRC

If you believe you are the victim of an identity crime, or your identity has been compromised in a data breach, like the data breach of Blackbaud, you can speak with an ITRC expert advisor on the website via live-chat or by calling toll-free at 888.400.5530. Victims of a data breach can also download the free ID Theft Help app to access advisors, resources, a case log and much more.

Join us on our weekly data breach podcastto get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.


Read more of our latest news below

iPhone 12 Chatbot Scam Begins to Spread Through Text Messages

Unemployment Benefits Mail Fraud Scams Strike Across the U.S.

50,000+ Fake Login Pages for Top Brands from Credential Theft

  • Cense.Ai left a temporary data storage repository online, accessible to anyone with a web browser. It led to the exposure of nearly 2.6 million records, including sensitive data and other personally identifiable information (PII).
  • A recent data breach of Freepik, a photos and graphics website, happened when hackers used a known software vulnerability to gain access to one of its databases storing user data. It led to hackers obtaining usernames and passwords for 8.3 million users.
  • After detecting unauthorized access to certain devices, ArbiterSports learned an unauthorized party obtained a backup copy of a database with PII in a recent data breach. ArbiterSports reached an agreement with the unauthorized party to have the files deleted.
  • Victims of a data compromise can speak with an Identity Theft Resource Center expert advisor on the website via live-chat, or by calling toll-free at 888.400.5530.

August was another month full of data breaches, all tracked by the Identity Theft Resource Center (ITRC). Since 2005, the ITRC has compiled publicly-reported U.S. data breaches as part of our data breach tracking efforts. The ITRC tracks both publicly reported data breaches, and data exposures in a database containing 25 different information fields and 63 different identity attributes that are updated daily. Of the recent data breaches in August, Cense.Ai, Freepik and ArbiterSports are three of the most notable.

Cense.Ai

A recent Cense.Ai data exposure led to almost 2.6 million records, including sensitive data and other personally identifiable information (PII), accessible to anyone on the web. According to TechNadu, a database containing names, dates of birth, addresses, insurance records, medical diagnosis notes, clinics, insurance provider details, accounts, payment records and more was left online due to an error.

Security Researcher, Jeremiah Fowler, found two folders containing the sensitive data and managed to remove the port from the IP address of the Cense’s website. Fowler found that all individuals listed had been in a car accident. In most cases, there was also information like policy numbers, claim numbers and the date of the accident.

According to PCMag, Cense.Ai has not commented publicly about the exposure, and the company did not immediately respond to PCMag’s request for comment. Anyone affected by the Cense.Ai data exposure should monitor all of their accounts for any suspicious activity. If you find anything out-of-the-ordinary in your records, contact the appropriate company and take additional action if needed. 

Freepik

Freepik is a website that provides access to high-quality free photos and design graphics. In mid-August, the popular site announced that they suffered a data breach. According to the company’s statement, there was a breach from a SQL injection in Flaticon that allowed an attacker to get user information from their database. A little more than eight million users were affected. 4.5 million users had no hashed passwords due to exclusively federated logins (through Google, Facebook, etc.), and the hacker only obtained their email address. However, the additional 3.8 million users had both their email addresses and hashed passwords stolen. Freepik says they have taken extra measures to reduce their risk of a similar attack in the future. The company is also in the process of notifying all affected users.

Users who had their passwords stolen in this recent data breach should change their password and the password of any other accounts that share the same password. Also, switch to a nine to ten-character passphrase. They are easier to remember and harder for hackers to guess.

ArbiterSports

ArbiterSports is used by many for end-to-end activities management solution. However, some users of the officiating software company were notified of a data breach that exposed account usernames and passwords, names, addresses, dates of birth, email addresses and Social Security numbers. According to the company’s notification letter, ArbiterSports recently detected unauthorized access to certain devices in their network and an attempt to encrypt their systems.

After an investigation, the company learned the unauthorized party obtained a backup copy of a database made for business continuity reasons. The database contained PII for over 539,000 users. While ArbiterSports was able to prevent their devices from being encrypted, the unauthorized party still demanded payment in exchange for deleting the files. The two reached an agreement, and the files were deleted.

ArbiterSports is offering a free one-year membership of Experian’s IdentityWorks Credit 3B to detect possible misuse of personal information and to provide identity protection focused on identification and resolution of identity theft. Anyone affected should also change their username and password, as well as the username or password of any other accounts that share the same credentials. 

notifiedTM

For more information about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notified. It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.

Contact the ITRC If you believe you are the victim of an identity crime, or your identity has been compromised in a data breach, you can speak with an ITRC expert advisor on the website via live-chat, or by calling toll-free at 888.400.5530. Finally, victims of a data breach can download the free ID Theft Help app to access advisors, resources, a case log and much more.


Read more of our latest breaches below

Fortnite Gaming Data Being Sold for Hundreds of Millions of Dollars Per Year

Online Job Scams See Rise Amid Pandemic

“Meow” Attacks Lead to 4,000 Deleted Databases and Perplexed Security Experts

Fortnite is one of the most popular battle royale games on the market. People of all ages play the game to work their way towards the center of the map. However, there is one thing about Fortnite, and other games, that many gamers are not aware of: the massive amounts of gaming data that is collected and stolen.

Every week the Identity Theft Resource Center (ITRC) looks at the most interesting data compromises from the previous week, as well as what happens behind the scenes when someone attacks a company and steals personal or business information in our Weekly Breach Breakdown podcast. This week, we are taking a look at Fortnite in an episode titled “Let the Games Begin!”

The Financial Dominance of the Gaming Industry

What industry made more money in 2019? Video games or movies? The answer will probably surprise most people. Video games generate more revenue each year than movies and music combined. Despite Marvel’s Avengers: Endgame setting a new global box office record in 2019 at $2.7 billion in ticket sales, the film industry’s $42 billion pales in comparison to the more than $150 billion in video game revenue in 2019. The top video game of 2019, Call of Duty: Modern Warfare, racked up $1 billion in sales in the last two months of 2019 alone. Call of Duty is still the number one video game in terms of sales nearly a year later.

Data Risk

One of the reasons the game remains so popular is the same reason why video games represent a significant data risk: someone can play Call of Duty online for free and make in-game purchases. When someone goes to the movies, they don’t give away personal information to buy their ticket. However, when someone wants to play video games online, they have to share lots of data.

The Impacts on Fortnite

Nearly 2.7 billion people play video games, and at least 500 million of them play games online; 350 million just play Fortnite. While the online battle game is free to play, Fortnite makers gross $2.4 billion a year in in-game purchases. It’s what attracts data thieves; the combination of player gaming data and people willing to spend lots of money.

Research published by Night Lion Security calculates more than two billion online video game player profiles have been breached in 2020 based on the number sold, or for sale, in underground online forums. It adds up to roughly $1 billion in illicit gaming data sales each year. Of those, Fornite player account information is the most valuable at approximately $600 million per year.

Why? It’s not just personal information being stolen. Instead, its profile gaming data, including game achievements and player personas known as “skins.” With the right skin, a user can become an elite level player without having to play Fortnite or defeat hundreds of players to get to the top of the heap.

Night Lion notes that one highly prized skin commands as much as $2,500 on the black market. Between reselling elite and average player accounts, data thieves who specialize in Fortnite skins earn an average of $25,000 per week, nearly $1.3 million per year.

How Do Data Thieves Do It?

Cybercriminals use automated tools that compare login and password information from past data breaches to active Fornite accounts, at a rate of almost 500 accounts per second. To cover their tracks, the data thieves use masking tools that go for as little as $15 on the dark web.

What You Need to Do

The best security tools in the world cannot help protect gaming data if players use the same logins and passwords on more than one game account.

  • If you or a family member plays a popular video game, including Fortnite, make sure the game credentials are unique for each game
  • Also, create a unique passphrase and set up two-factor authentication to prevent misuse of your player profile and personal information

If you do not, it could be game over.

notifiedTM

For more information about the latest data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notified. It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.

Contact ITRC

If you believe you are the victim of an identity crime, or your identity has been compromised in a data breach, you can speak with an ITRC expert advisor on the website via live-chat, or by calling toll-free at 888.400.5530. Finally, victims of a data breach can download the free ID Theft Help app to access advisors, resources, a case log and much more.

Join us on our weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.


Read more of our latest articles below

There are different types of data breaches, but they all have frustrating, as well as potentially devastating impacts. On this week’s Weekly Breach Breakdown podcast, we are taking a look at the difference between a data breach that exposes consumer information and a data breach that reveals a company’s intellectual property or trade secrets; companies attacked by ransomware that do both is on the rise.

A Tale of Two Breaches

The current digital age can be viewed as the best of times and the worst of times, especially when it comes to data use, privacy and security. While many consumers enjoy unprecedented levels of convenience and prosperity, thanks to technology, there are also significant pitfalls. Despite billions of dollars in cybersecurity investments, personal and corporate information is exposed daily due to malicious and accidental events.

While many people view data breaches as personal information being stolen from companies about individuals, it is becoming more common for threat actors to target more than consumer data. Instead, many hackers are looking to get their hands on company secrets by landing a successful ransomware attack, leading to the company’s intellectual property being breached.

By August 15, more than 25 Fortune 500 companies were attacked by ransomware, where company intellectual property was at risk.

Nintendo

In July, the Identity Theft Resource Center (ITRC) posted about an attack on Nintendo, who refused to pay the data kidnappers’ ransom demands. As a result, the data thieves posted massive amounts of proprietary data on the internet, including game prototypes. At the time of the attack, it was believed to be a one-off. However, within days, two more global organizations found their company data being posted on the web for everyone to see after refusing to pay ransomware demands.

LG

Electronics and appliance manufacturer, LG, found source code for their mobile phones and laptops posted on a ransomware site. The ransomware group, Maze, released a statement that said they did not want to disrupt LG’s customers as part of the company’s data breach, so they opted to release the stolen intellectual property publicly rather than shut down LG’s systems.

Xerox

At Xerox, a digital document product company, information was released after the company refused to pay a ransom demand that involved customer service systems, but not customer information.

Carnival Cruise Lines & Jack Daniels

Just last week, household names like Carnival Cruise Lines and the makers of Jack Daniels Whiskey joined the list. In the case of Jack Daniels, the company claimed the attack was blocked. However, the attackers claim they were successful and threatened to release the data they stole.

Why the sudden increase in companies attacked by ransomware?

While there are multiple reasons why a company might fall prey to a ransomware attack, the new variable in the equation is people working from home as a result of the COVID-19 pandemic. A survey released this week by the security firm Malwarebytes indicates that companies are seeing more attempted, and successful, attacks aimed at exploiting the weaker security that is usually associated with remote workers.

The research spotlights why there is an increase in companies attacked by ransomware:

  • 20 percent of respondents have faced a security breach as a result of a remote worker
  • 24 percent have spent unbudgeted money to resolve a security breach or malware attack
  • 28 percent admit to using personal devices for work more than their company devices, which could open the door to cyberattacks
  • 18 percent say cybersecurity is not just a priority for their employees

If employees are working from home or managing a team of remote workers, they should make sure they are following best practices for protecting their personal information and company data. Anyone needing more information about how to protect their work information should ask their company’s IT security team or contact the ITRC for tips on how to protect their personal information.

notifiedTM

For more information about the latest data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notified.  It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.

If someone believes they are the victim of an identity crime, or their identity has been compromised in a data breach, they can speak with an ITRC expert advisor on the website via livechat, or by calling toll-free at 888.400.5530. Finally, victims of a data breach can download the free ID Theft Help app to access advisors, resources, a case log and much more.

Join us on our weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.


Read more of our latest news below

Being Able to Identify a Phishing Attack is More Important Now Than Ever

Netflix Email Phishing Scam Could Steal Credit Card Information

Hacked Dating Apps are a Popular Target for Social Engineering Scams

Updated as of 10/9/2020- The recent social-good relationship management software data breach has nonprofit organizations left to figure out what to do next. Blackbaud, a cloud software company, used primarily by nonprofits, announced that they were the victim of a ransomware attack. Also, according to a filing with the U.S. Securities and Exchange Commission, Blackbaud acknowledges that a ransomware attack in May that affected its clients could have exposed much more personally identifiable information (PII) – including banking details – than the company initially believed. The number of people affected is still unknown, and more information needs to be gathered to judge the attack’s actual scope.

However, the Identity Theft Resource Center (ITRC) has tracked 255 organizations and seven million people affected. People who engage with organizations that utilize Blackbaud could be at risk of scams and social engineering.  

What Happened

In May 2020, a ransomware attack was partially thwarted. However, the perpetrator copied a subset of data before being locked out. The hackers then offered to delete the data for an undisclosed amount of money. According to Blackbaud, they paid the ransom and received confirmation that the copy they removed had been destroyed. However, the confirmation was not detailed. Blackbaud says they have no reason to believe that any data went beyond the cybercriminal, was or will be misused.

The information exposed in the breach includes telephone numbers, email addresses, dates of birth, mailing addresses, donation dates, donation amounts and other donor profile information.

Right now, the following third-party vendors are reporting Social Security numbers being involved: The University of Detroit Mercy, Seeds of Peace, Crystal Stairs, Inc., Concord Academy, Bridgewater State University, Spectrum Health Lakeland, Vermont Student Assistance Corporation, Ball State University Foundation, William & Mary Business School Foundation, Salem State University, University of South Carolina Upstate Foundation, Shady Hill School, Berkshire Farm Center & Services for Youth, Inc., and Marywood University. 

There have also been notices of financial information and credit card information being exposed. Blackbaud is calling the incident a security incident.

How it Can Impact You

No one knows if there has been more PII stolen except for the hackers. Consumers impacted by the Blackbaud data breach could be at risk of scams (particularly giving and donation scams) and social engineering tactics. Multiple sectors were also impacted by the attack.

Healthcare Sector

Healthcare organizations all over the world use Blackbaud as their cloud software company. According to Blackbaud, 30 of the top 32 largest nonprofit hospitals are powered by their solutions. The ITRC has seen multiple data breach notices from healthcare organizations affected by the Blackbaud data breach. Since the breach impacted donors primarily, it could mean those individuals may be more susceptible to being targeted by fraudsters in the future. As of this writing, no personal health information (PHI) has been involved.

Education Sector

Blackbaud plays a significant role in the education sector. They offer school management software to K-12 schools, as well as universities. Some of the management software includes student information, learning management, enrollment management and school websites. Many schools and districts have acknowledged they were impacted by the Blackbaud data breach. Most of the information involved includes donor information, alumni information and student demographic information.

Nonprofit/NGO Sector

Blackbaud is a service that is primarily by nonprofits. Blackbaud offers an array of software services that cater to nonprofits worldwide, but are best known for their customer relationship management (CRM) tools. Many nonprofits use these to nurture their donors and fundraising. The range of types of nonprofits affected by the attack is vast. In fact, some Blackbaud nonprofits continue to come forward about whether or not they may have been impacted. Now, many nonprofits are trying to figure out their next steps for how to securely manage their CRM needs.  

What You Need to Do

The Blackbaud data breach and its impacts on businesses and consumers are specific to each affected entity and customer. Blackbaud has said that it notified its affected customers of the breach, and those customers should be notifying their impacted individuals. Depending on what information was exposed, the steps for those affected individuals could vary. Anyone who receives a notification letter regarding the Blackbaud data breach should not dismiss the letter and take the notice’s recommended steps.

The biggest threat, based on the data compromised, is social engineering. Employees of the nonprofit organizations impacted by the breach may receive emails that look like they are from an executive, in an attempt at spear phishing.

Donors and members of the nonprofit organizations impacted by the Blackbaud data breach may receive messages asking to provide their personally identifiable information (PII) to update their contact or financial information, either directly through the email or through a link that does not actually belong to the nonprofit they are affiliated with. If an employee comes across an email they find suspicious, they should go directly back to the person it claimed to come from and verify the validity of the message if it is internal. If it is someone claiming to be from outside the organization, it should be run by their manager, IT services, or someone familiar with the relationship.

Anyone who believes they were impacted by the Blackbaud data breach can call the ITRC toll-free at 888.400.5530. They can also live-chat with an expert advisor. Another option if the free ID Theft Help app. The app has resources for victims, a case log, access to an advisor and much more.


You might also like…

Being Able to Identify a Phishing Attack is More Important Now Than Ever

Netflix Email Phishing Scam Could Steal Credit Card Information

Hacked Dating Apps are a Popular Target for Social Engineering Scams