Breach Week Cyber Security | Computer Rescue
Breachweek

Who Breached This Week? 29/01/20 – 04/02/20

United Kingdom – Royal Yachting Association 
https://www.theregister.co.uk/2020/01/24/royal_yachting_association_data_breach/

Exploit: Unauthorised database access
Royal Yachting Association: Boating organisation

twib-severeRisk to Small Business: 1.777 = Severe: Hackers infiltrated the company’s network and downloaded a database containing customers’ personal information. The organisation identified the breach on January 17th and hired cybersecurity specialists to investigate the event and secure customer data. To prevent unauthorized account access, the Royal Yachting Association reset all customer passwords. Although the database contains information from several years ago, there are still many ways that bad actors can deploy this information in additional cybercrimes.
twib-severeIndividual Risk: 2.428 = Severe: The data breach compromised members’ personally identifiable information, including names, email addresses, and hashed passwords. No financial data was compromised. Those impacted by the breach should immediately reset their password on any accounts using these login credentials. In addition, they should carefully assess online communications, as this data can be used to craft spear phishing attacks that can dupe unsuspecting recipients into compromising even more personal information.

 

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Data breaches compromising usernames and passwords can have far-reaching consequences for an organisation, as this data can be used in many ways to make an already bad situation even worse. Moreover, cybercriminals can come up with many ways to misuse this information, and businesses need tools to stop its spread as soon as possible.

 

United Kingdom – SuperCasino
https://www.technadu.com/supercasino-breached-customer-info-leaked/90769/

Exploit: Unauthorised data access
SuperCasino: Online gambling platform

extreme gaugeRisk to Small Business: 1.888 = Severe: SuperCasino experienced a data breach that compromised users’ personally identifiable information. While the online gambling outfit identified and investigated the breach, their customer communications were blasé at best, minimizing the potential harm to customers’ data privacy. The company will likely endure intense scrutiny under GDPR and other privacy regulations, which could mean painful penalties alongside other financial implications of the data breach.
extreme gaugeIndividual Risk: 2.285 = Severe: SuperCasino claims that users’ financial data was not compromised in the event. However, hackers did access users’ names, usernames, email addresses, telephone numbers, residential addresses, and account activity data. SuperCasino is asking all users to reset their passwords and to reset passwords on any platforms that may use duplicate credentials. Victims are at a heightened risk for phishing attacks and other scam messages, so they should carefully scrutinize their online communications.

 

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Protecting against a data breach should be every company’s first priority but deploying an adequate response to an event needs to be a close second. Moreover, as data privacy regulation becomes the new norm, every organisation needs to consider the necessary steps to compliance that can prevent a breach or mitigate the consequences after an event occurs. Pre-planning for both of these contingencies can ensure that your organisation is ready to thrive in today’s digital environment.

 

Find out if your details are on the Dark Web – For Free.

Compromised credentials are used to conduct further criminal activity. Employees often use the same password for multiple services, such as network login, social media, and SaaS business applications, exponentially increasing the potential damage from a single compromised credential. Limited visibility when credentials are stolen; over 75% of compromised credentials are reported to the victim’s organisation by a third party, such as law enforcement. Click here now for a preliminary FREE Dark Web Scan for your business