Articles

Breach Week Cyber Security | Computer Rescue
Breachweek

Who Breached This Week? 05/03/20 – 11/03/20

United Kingdom – Loqbox

https://www.infosecurity-magazine.com/news/hackers-steal-customer-data-uk/

Exploit: Data compromise.

Loqbox: Credit score builder.

1.51 – 2.49 = Severe Risk

Risk to Small Business: 1.777 = Severe:

A cyberattack on February 20, 2020 compromised customers’ personal data and payment information but didn’t impact customer funds. The company admitted that the breach occurred because of a known vulnerability, raising questions about the priority of data security at the fintech startup. Now Loqbox is poised to experience significant customer blowback and regulatory scrutiny as it falls under the purview of Europe’s GDPR.

1.51 – 2.49 = Severe Risk

Individual Risk: 2 = Severe:

The breach included personal information that could be used to target customers with highly convincing spear phishing emails. In addition to customer names, hackers acquired their dates of birth, addresses, and phone numbers, plus financial data like partial credit card numbers, expiration dates, and bank account numbers. Those impacted by the breach should immediately notify their financial institutions and strongly consider enrolling in credit and identity monitoring services.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Over the past several years, data breaches have compromised billions of login credentials, giving hackers front-door access to your data and systems. Every company should add improved security to its login process by enabling simple, efficacious measures like two-factor authentication to keep accounts secure.

Computer Rescue IT Security to the Rescue: With multi-factor authentication, single sign-on, and identity management solutions protect your users’ login credentials and your data. Find out more info-  https://www.cr-it.co.uk/services/darkweb/

 


United Kingdom – Cathay Pacific

https://www.darkreading.com/attacks-breaches/cathay-pacific-hit-with-fine-for-long-lasting-breach/d/d-id/1337232

Exploit: Unauthorized database access.

Cathay Pacific: International airline.

1.51 – 2.49 = Severe Risk

Risk to Small Business: 2 = Severe:

Cathay Pacific was recently hammered with a fine totaling £500,000 as a result of its failure to identify and address a data breach that lasted for more than four years. While the ruling offers a 20% discount if Cathay Pacific pays the penalty by March 12, the penalty is still a significant financial hit to the international airline. The company was cited for multiple “security inadequacies” including failing to encrypt databases containing customers’ personal data, a slow response to a known security vulnerability, and lengthy communication delays that further jeopardized customer information.

1.51 – 2.49 = Severe Risk

Risk to Small Business: 2.428 = Severe:

The data breach included a treasure trove of Cathay Pacific customers’ personal data, including names, nationalities, birthdates, phone numbers, email addresses, mailing addresses, passport information, and other company-specific information. Those impacted by the breach should be sure to reset their airline account credentials and any other accounts using similar information. In addition, they should be aware that this kind of data is often used to develop sophisticated, personalized spear phishing attacks that further compromise personal information.

Customers Impacted: 9,400,000

How it Could Affect Your Customers’ Business: Regulatory penalties are on the rise as regulators and legislators seek to punish companies that incur a data breach without having adequate data security protocols or incident response plans in place. In this case GDPR’s governing body issued the fine, but governments around the world are imposing substantial fines on companies that fail to protect their customer data – and those fines are climbing every day.

Computer Rescue IT Security to the Rescue: With Compliance ManagerTM, any company can automate data privacy standards and documentation responsibilities, making compliance a simple, intuitive process for everyone. Click the link to get started today: https://www.cr-it.co.uk/services/darkweb/.

 

Find out if your details are on the Dark Web – For Free.

Compromised credentials are used to conduct further criminal activity. Employees often use the same password for multiple services, such as network login, social media, and SaaS business applications, exponentially increasing the potential damage from a single compromised credential. Limited visibility when credentials are stolen; over 75% of compromised credentials are reported to the victim’s organisation by a third party, such as law enforcement. Click here now for a preliminary FREE Dark Web Scan for your business