12/30/2019 – 01/03/2020


Check if your account has been compromised on the dark web


Weekly Breach 2020-01

Weekly Breach: 12/30/19 – 1/3/2020

This week, ransomware brings bad news for employees, dating app users endure a serious privacy breach, and too many companies are giving in to criminals’ demands.

PayPal – Online Payment Platform

Breach: Phishing attack. Some PayPal users are receiving phishing emails purportedly notifying of unusual account activity and requiring users to verify their personal information to restore full account access. The hackers fabricate a sense of urgency by noting that user accounts will be disabled until they confirm their identity. Although the messages contain many tell-tale signs of a phishing scam, they pose a serious risk to PayPal customers and the company’s reputation.

Although recipients have to provide their personal information to be at risk, anyone who responds to this email has compromised nearly all of their personally identifiable information. If that’s the case, they should immediately report the activity to PayPal, as well as to their other financial institutions. Unfortunately, this information can be used to perpetuate more than just financial crimes, and those who were compromised should also enroll in an identity monitoring services to ensure that their information isn’t being misused in other ways.


Center for Healthcare Services – Mental health and substance abuse services provider

Breach: Ransomware. A ransomware attack disabled a server for the Center for Healthcare Services, and IT administrators brought the entire network offline to prevent information from spreading. The company was forced to put paper signs on the doors reminding employees not to turn on their computers, and services were mostly unavailable over the Christmas holiday. The healthcare services provider is soliciting support from the FBI and other agencies to help identify the attacker and restore their services.

Unfortunately, once ransomware takes root, companies are guaranteed to pay a hefty sum to restore their services and operations. Whether paying hackers to decrypt information or hiring cybersecurity specialists to restore from backups, the price tag can be enormous. When coupled with the opportunity costs that accompany system outages, the ROI on preventative measures becomes obvious in the face of ransomware and other attack vectors.

Shaw – Telecommunications provider

Breach: Stolen device. This month, Shaw customers were notified of a data breach stemming from a stolen device that was taken on June 22. The company computer included customer data. Although the episode was reported to the police when it occurred, it’s unclear why the company waited so long to notify customers of the incident. The breach is unlikely to significantly impact customer security, but their poor response will heighten the reputational damage and customer blowback that always follows a data breach.

Some customers’ personally identifiable information was available on the employee’s laptop, including names, account numbers, and a list of subscription services. In response, the company is encouraging those impacted by the breach to change their account passwords and to enable two-factor authentication to secure their data.

Ring – Video Doorbell and Security Camera Maker

Breach: Accidental data sharing. Security researchers discovered Ring users’ account credentials posted on the Dark Web. The information could provide hackers with front door access to customer accounts. Given the sensitive nature of their business, this type of access could be especially problematic for users. Moreover, the episode is the company’s second cybersecurity incident this year, which raises questions about their efficacy in an industry that demands excellence when it comes to data security and privacy.

 Usernames and passwords are often used to directly access user accounts where criminals can steal additional information or otherwise wreak havoc. While Ring told customers that they are actively monitoring for unusual account activity, users should update their passwords and enable two-factor authentication to ensure that hackers can’t deploy this readily available information to access their accounts.

Plenty of Fish – Dating Website

Breach: Accidental data sharing. Plenty of Fish users experienced a stunning data privacy breach when the platform’s mobile app was discovered to be displaying information that users set to private. The breach not only includes digital details about their dating lives but also real-world information that could place their safety at risk. Although developers quickly repaired the flaw after being notified by security researchers, their efforts cannot recoup any information already exposed, and the oversight will inflict serious damage on the platform’s reputation.

Personal details, including first names and postal codes, were openly available to anyone who knew where to look. Those impacted by the breach should be especially critical of communication on the platform, and they should always place their safety first when engaging with other users.

Germany, Frankfurt – Local Municipality

Breach: Malware. A deep-seated ransomware attack has forced authorities to shut down the city’s entire IT network. The city was infected with Emotet ransomware, which generates revenue by overtaking networks and renting access to other malware groups, including ransomware distributors. Although the malware was ultimately contained, it cost companies in time and money since they were unable to access critical web services during the outage.

Cyber attacks can cost companies in a myriad of ways. Not only is it expensive to repair damaged IT infrastructure, but the opportunity cost can be cascading, inflicting ever-growing costs on companies unlucky enough to fall victim to an attack. This reality should increase the impetus to review your organization’s defensive posture, as a failure in this regard can be incredibly expensive.

Primus Realty – Real Estate service provider

Breach: Accidental data sharing. A broad technological oversight allowed customer data acquired from tenancy applications to be published to the company’s website. This information was publicly available for more than a year, and, upon learning of the incident, customers took to the media to express their displeasure at the incident. In an era where data security is much more than just a footnote, this episode could cost Primus Realty, as it will certainly lead to brand erosion and customer defections.

The data breach included customers personal information, including their names, dates of birth, addresses, telephone numbers, driver license numbers, passport details, birth certificates, and Medicare numbers. In addition, various financial documents were made available online. Primus Realty is encouraging anyone impacted by the breach to notify their financial institutions of the episode and to enroll in identity monitoring services to ensure that their information isn’t being misused by hackers.

In Other News:


Too Many Business Are Paying Ransom Demands

Ransomware attacks have been one of the definitive cyber threats of 2019, and, despite their growing prominence, business leaders are still struggling to determine the most effective response. 

Unfortunately, many organizations are bending to hackers’ demands by paying the ransom to retrieve their data. In fact, the number of organizations giving in to extortion demands have more than doubled this year. In total, nearly 40% of businesses breached by a ransomware attack are paying criminals to decrypt company data. 

This trend goes against the recommendations of law enforcement agencies and many cybersecurity experts who fear that ransom payments will embolden criminals to continue attacking businesses, schools, and government facilities. In addition, as we’ve noted in this week’s newsletter, making a ransom payment doesn’t guarantee that data will be recovered.

Of course, even those that don’t pay the ransom will not escape unscathed, as the cost of recovery can be as steep as the ransom itself. However, SMBs do have the power to protect themselves. By ensuring that their software is up-to-date and that their accounts are secure through simple features like two-factor authentication, they can take away many of the footholds that hackers use to infect businesses with this costly malware.

Georgia Supreme Court Gives Data Breach Victims the Right to Sue

Data breaches carry all kinds of expenses that can do serious damage to a company’s bottom line. That reality became more prominent this week when the Georgia Supreme Court ruled that data breach victims could sue for damages. 

The verdict overturned an earlier ruling pertaining to a 2016 data breach at Athens Orthopedic Clinic, which endured a breach that compromised patients’ personally identifiable information that eventually made its way to the Dark Web. While the clinic moved to dismiss the case, the court ruled that victims could sue the company for damages.

Ultimately, the ruling underscores another financial front that businesses need to account for when considering the risks of a data breach, and it should encourage companies to get the support they need they need to ensure that they are keeping sensitive data secure.

Share this with a friend:

Check if Your Account Has Been Compromised on the Dark Web