Posts

There are different types of data breaches, but they all have frustrating, as well as potentially devastating impacts. On this week’s Weekly Breach Breakdown podcast, we are taking a look at the difference between a data breach that exposes consumer information and a data breach that reveals a company’s intellectual property or trade secrets; companies attacked by ransomware that do both is on the rise.

A Tale of Two Breaches

The current digital age can be viewed as the best of times and the worst of times, especially when it comes to data use, privacy and security. While many consumers enjoy unprecedented levels of convenience and prosperity, thanks to technology, there are also significant pitfalls. Despite billions of dollars in cybersecurity investments, personal and corporate information is exposed daily due to malicious and accidental events.

While many people view data breaches as personal information being stolen from companies about individuals, it is becoming more common for threat actors to target more than consumer data. Instead, many hackers are looking to get their hands on company secrets by landing a successful ransomware attack, leading to the company’s intellectual property being breached.

By August 15, more than 25 Fortune 500 companies were attacked by ransomware, where company intellectual property was at risk.

Nintendo

In July, the Identity Theft Resource Center (ITRC) posted about an attack on Nintendo, who refused to pay the data kidnappers’ ransom demands. As a result, the data thieves posted massive amounts of proprietary data on the internet, including game prototypes. At the time of the attack, it was believed to be a one-off. However, within days, two more global organizations found their company data being posted on the web for everyone to see after refusing to pay ransomware demands.

LG

Electronics and appliance manufacturer, LG, found source code for their mobile phones and laptops posted on a ransomware site. The ransomware group, Maze, released a statement that said they did not want to disrupt LG’s customers as part of the company’s data breach, so they opted to release the stolen intellectual property publicly rather than shut down LG’s systems.

Xerox

At Xerox, a digital document product company, information was released after the company refused to pay a ransom demand that involved customer service systems, but not customer information.

Carnival Cruise Lines & Jack Daniels

Just last week, household names like Carnival Cruise Lines and the makers of Jack Daniels Whiskey joined the list. In the case of Jack Daniels, the company claimed the attack was blocked. However, the attackers claim they were successful and threatened to release the data they stole.

Why the sudden increase in companies attacked by ransomware?

While there are multiple reasons why a company might fall prey to a ransomware attack, the new variable in the equation is people working from home as a result of the COVID-19 pandemic. A survey released this week by the security firm Malwarebytes indicates that companies are seeing more attempted, and successful, attacks aimed at exploiting the weaker security that is usually associated with remote workers.

The research spotlights why there is an increase in companies attacked by ransomware:

  • 20 percent of respondents have faced a security breach as a result of a remote worker
  • 24 percent have spent unbudgeted money to resolve a security breach or malware attack
  • 28 percent admit to using personal devices for work more than their company devices, which could open the door to cyberattacks
  • 18 percent say cybersecurity is not just a priority for their employees

If employees are working from home or managing a team of remote workers, they should make sure they are following best practices for protecting their personal information and company data. Anyone needing more information about how to protect their work information should ask their company’s IT security team or contact the ITRC for tips on how to protect their personal information.

notifiedTM

For more information about the latest data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notified.  It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.

If someone believes they are the victim of an identity crime, or their identity has been compromised in a data breach, they can speak with an ITRC expert advisor on the website via livechat, or by calling toll-free at 888.400.5530. Finally, victims of a data breach can download the free ID Theft Help app to access advisors, resources, a case log and much more.

Join us on our weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.


Read more of our latest news below

Being Able to Identify a Phishing Attack is More Important Now Than Ever

Netflix Email Phishing Scam Could Steal Credit Card Information

Hacked Dating Apps are a Popular Target for Social Engineering Scams

Another week has gone by, and there are new data compromises for the Identity Theft Resource Center (ITRC) to educate businesses and consumers on. Since 2005, the ITRC has tracked publicly-notified U.S. data breaches and has tracked over 10,000 breaches since then; more recently, using 25 different information fields and 63 different identity attributes that are updated daily. On last week’s Weekly Breach Breakdown, we talked about the market price for consumer data in the dark corners of the internet where identities are bought and sold. This week, we are looking at the average cost of a data breach exposed to the public. We will also talk about the latest data breaches that reflect the trends in the new research. 

The 15th IBM Report on the average cost of a data breach was recently released, conducted by the Ponemon Institute. Reflecting some of the same trends the ITRC has reported, the IBM study shows that the global average cost of a data breach has dropped to $3.8 million – with the average being defined as a breach of 100,000 records or less. That is a drop of nearly a half-million dollars.

However, when you focus on the U.S. alone, the average cost of a data breach has gone up almost the same amount to an average of roughly $8.6 million. That continues the long-term trend of costs steadily increasing beyond the rate of inflation since 2005.

In regards to the calculation of the cost, costs include the following:

  • The actions required to detect and respond to a data breach
  • The costs of notifying the people whose information was stolen
  • Lost revenue and the costs of marketing and sales activities required to regain consumer trust lost as a result of the data breach
  • Legal fees, fines and settlement costs
  • Increased customer care support

Lost revenue is the single largest component at 40 percent of all breach-related costs. With all of that said, what is not included are the expenses associated with fixing the problem that caused the breach in the first place, and the changes needed to ensure it does not happen again. While it stands to reason that the bigger the breach, the bigger the costs, they are exceptionally bigger – 100 times bigger – if the number of records compromised is over one million records. If a data breach of 100,000 U.S. records costs $6.8 million, a one million record event could cost close to $900 million.

According to the IBM report, the number one cause for data breaches in 2020 at 19 percent is lost and stolen credentials – logins and passwords – which is also tied with misconfigured cloud environments. In other words, someone forgot to add the password to the cloud account, leaving information exposed on the web for anyone to see. Unpatched software accounts were in third place at a little over 15 percent, while malicious employees accounted for only seven percent of breaches reviewed by the Ponemon Institute. It is also worth noting that some security and human resource experts believe the number of attacks will only go up if pandemic-related layoffs increase.

Other key findings from the 2020 IBM Report regarding the average cost of a data breach include: 

  • 53 percent of the attacks in the 2020 report was financially motivated
  • The most expensive attacks occurred in the healthcare sector 
  • The average length of time between when a malicious attack starts and ends is 315 days – 10 and half months
  • Threat actors want consumer information – especially logins and passwords – more than any other data (80 percent of the time.) However, that is not the only data they want. Nearly a third of breaches in the IBM study were thefts of company intellectual property. 

Looking back at the top breaches this past week, Nintendo, the company that gave us Donkey Kong Mario Brothers, was the victim of a cyberattack where thieves dumped a large amount of data onto the web. While there was no personal information exposed, screenshots and prototypes of games were posted online. The Nintendo data breach reflects the IMB report’s findings that company intellectual property is also a target for cybercriminals. Intellectual property theft can have a significant impact on a company’s business performance.

A recent Garmin ransomware attack shut down customer access to multiple products and services, as well as manufacturing. It took Garmin, which makes GPS devices and fitness trackers, nearly a week to publicly acknowledge the attack, and services are still in the process of being restored. According to Garmin, no consumer information was compromised, and the ransomware involved is not known to steal data. Rather, the ransomware used in the Garmin ransomware attack is known just to hold data hostage.

Finally, there’s Drizly, the popular service for ordering adult beverages for delivery. The company was hacked, and information from an estimated 2.5 million accounts was placed into the dark web’s identity marketplaces. According to Drizly, no payment information or other sensitive customer data was breached. However, the cybercriminals say otherwise and are selling the stolen data for $14 per account. That makes all of the information worth at least $35 million.

For more information about the latest data breaches, people can subscribe to the ITRC’s data breach newsletter. Also, keep an eye out for the ITRC’s new data breach tracker NotifiedTM. It is updated daily and free to consumers. Businesses that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the ITRC’s three paid subscriptions. Subscriptions help ensure the ITRC’s free identity crime services stay free. Notified launches in August.

If someone believes they are the victim of identity theft or believes their information has been compromised in a data breach, they can call the ITRC toll-free at 888.400.5530 to speak with an expert advisor. They can also use live-chat. Finally, victims of a data breach can download the free ID Theft Help app to access advisors, resources, a case log and much more.

Join us on our weekly data breach podcastto get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.


You might also like…

Being Able to Identify a Phishing Attack is More Important Now Than Ever

Netflix Email Phishing Scam Could Steal Credit Card Information

EDP Ransomware Attack and Twitter Data Breach Put a Price Tag on People’s Personal Information

Another week has gone by, a week full of interesting publicly-reported U.S. data compromises. This week on the Identity Theft Resource Center’s Weekly Breach Breakdown podcast, we are focusing on cyberattacks and data breaches that help us put a price tag on people’s personal information – including EDP Renewables’ ransomware attack, a Twitter data breach that exposed Slack user information and much more.

In the 1980s, hacking started to become a thing. For the most part, hackers were young, smart and motivated by the challenge of breaking into the phone company or the Pentagon. As the ITRC’s COO and podcast host James Lee says, “the payout was street credibility.” Today, hackers are known as threat actors, and they are looking to steal people’s personal information simply because they are motivated by greed. Stealing someone’s personal information is not so much about breaking into someone’s bank account as it is stealing users’ login and passwords from a company to dupe them into paying a fake invoice (from said company) or infecting a company’s systems with ransomware.

Earlier this year, security research firm SentinelOne estimated that ransomware cost U.S. companies $7.5 billion in 2019. That number is expected to increase because the average ransom paid is going up. According to Security Boulevard, in six months between October 2019 and March 2020, the average ransom payment went from $44,000 to more than $110,000 an attack.

Originally, data thieves were content with just locking up a company’s files and walking away if they did not get paid or releasing the files back to the company if they did. Now, however, cybercriminals specializing in ransomware are using more sophisticated attack software and bolder tactics. Attackers are downloading sensitive personal information before they notify their victims instead of just sending a ransom note after locking files, turning a basic cyber hold-up into a classic data breach.

This past week, EDP Renewables, a European energy company that serves 11 million customers in the U.S., confirmed they were the target of a ransomware attack with a $14 million price-tag. Customer information was breached as part of the attack. In ransomware attacks, like EDP Renewables, the stolen information is used as leverage to force companies to pay the attackers. EDP Renewables did not pay. The demands like the one in the EDP Renewables ransomware attack make it easy to calculate the value cybercriminals put on identity information.

Another way to tell the value of personal information is to look at the price data commands in one of the Dark Web’s illicit marketplaces – where stolen information and identities are commerce. Earlier in July, data thieves posted a database of customer information from Live Auctioneers, an auction website that allows people worldwide to bid on auctioned items in real-time. The complete set of 3.4 million records are for sale starting at $2,500.

However, not all data is as valuable as other pieces of information. For example, a credit or debit card could be worth as much as $11 or as little as $1. Workspace tool Slack is learning their user information is not as valuable to data thieves, at least right now. A recent Twitter data breach exposed Slack user information. According to security researchers at KELA Group, 17,000 Slack credentials from 12,000 company workspaces are for sale on the dark web for a little as $0.50 and as much as $300. Despite the cheap low rate, no one is taking advantage of the Slack data from the Twitter data breach – posts offering the Slack credentials are nearly a year old. The reasons why cybercriminals are interested in some data and not interested in other data can vary. However, right now, data thieves are not interested in the Slack user information; because as popular as Slack is with users and Wall Street, Slack channels are rarely filled with the kinds of information cybercriminals want.

For more information about the latest data breaches, people can subscribe to the ITRC’s data breach newsletter. Keep an eye out for the ITRC’s new data breach tool, NotifiedTM. It’s updated daily and free for consumers. Businesses that need access to comprehensive breach information for business planning or due diligence can subscribe to unlock as many as 90 data points through one of three paid tiers. Subscriptions help ensure the ITRC’s free identity crime services stay free. Notified launches in August.

If someone believes they are a victim of identity theft or have been impacted by a data breach, they can call the ITRC toll-free at 888.400.5530 to speak with an expert advisor. They can also use live-chat. Finally, victims of a data breach can download the free ID Theft Help app to access advisors, resources, a case log and much more.

Join us on our weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.

You might also like…

Twitter Hack Serves as a Reminder of How Manipulative Bitcoin Scams Can Be

Cyber-Hygiene Tips to Keep Consumers Safe

USS Bonhomme Richard Charitable Giving Scam

Ransomware is something no one wants to end up with. It is a type of malicious software that is designed to deny access to data or a computer system until the hacker is paid. Ransomware is just one of many forms of malware, code that is developed by cyberattackers to cause damage to data and systems or gain unauthorized access. While there are many different types of ransomware, the operators behind the Maze ransomware attacks are some of the bad-actors at the core of many of these types of data compromises or phishing emails.

Maze is considered a sophisticated Windows ransomware type with the threat actors using it to ambush many organizations with demands of cryptocurrency payments in exchange for the stolen data. The impact of the Maze group and other similar ransomware exploits has led to a growing problem.

According to healthitsecurity.com, in May, the Maze operators published two plastic surgeons’ stolen data for sale on the dark web after a successful ransomware attack. A little over a month earlier Maze operators hit Chubb, a cybersecurity insurance provider for businesses that fall for data breaches. According to CRN, the Maze group just recently stole 100 GB of files from Xerox.

However, there are actions that consumers and businesses can take to reduce their chances of an attack:

  • Consumers should use reputable antivirus software and a firewall
  • People should consider using a virtual private network (VPN) when accessing public Wi-Fi or untrusted Wi-Fi
  • Consumers and businesses are both encouraged to make sure all systems and software are up-to-date and have the relevant patches
  • People should not provide any personal information in an email, phone call or text message they are not expecting
  • It is important that consumers do not click on any links from emails, text messages or instant messages they are not expecting; instead, they should go directly to the source

The Maze ransomware has impacted many; businesses and consumers should do what they can to protect themselves and their data.

Anyone who has questions or believes they are a victim of a Maze ransomware attack, or any sort of malware attack, can live-chat with an Identity Theft Resource Center expert advisor for tips.

They can also call toll-free at 888.400.5530. Finally, victims can download the free ID Theft Help App for instant access to advisors and resources.


You might also like…

Stalker Data Breach Leads to Sale of Users’ Credentials

Non-Traditional Data Compromises Make Up the Latest Week of Breaches

Mystery Shopper Scams Surface During COVID-19