InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Personally Identifiable Information (PII) refers to any information maintained by an agency that can be used to identify or trace a specific individual. In other words, it includes data points, such as social security number, date of birth, mother's maiden name, biometric data, tax identification number, race, religion, location data and other information, that can be used to deanonymize anonymous data.
If your organization handles PII, you must take steps to secure your customer data. Not only is it essential from a compliance standpoint, but with security breaches on the rise, you have to make sure customer PII is not being compromised. Risk Based Security revealed that by the end of 2020, a total of 36 billion records had been exposed and compromised. Of such data breaches, 60 percent are caused by insider threats or security threats that originate from within an organization. To make things worse, reports indicate that the number of insider incidents has increased by 47 percent over the last two years.
Let's deep dive into the potential risks that insider threats pose to PII, especially for healthcare and financial institutions, and how you can protect your organization against such threats.
An insider threat is a security risk that originates from within your organization and is usually someone with authorized access misusing data (intentionally or unintentionally) to harm your company or your customers. The culprit could be any individual who has authorized access to confidential and sensitive company information, right from your present or former employees to consultants, partners or contractors.
If you don't secure your employee or customer PII, you leave yourself vulnerable to data breaches. Insider-led data breaches are widespread and can happen in multiple ways – from a negligent employee inadvertently downloading malicious malware to a disgruntled contractor selling customer data on the Dark Web to make money.
Insider-led data breaches are hard to detect because the threat actors have legitimate access and are probably familiar with your cybersecurity defense tools as well. It is much easier for them to circumvent your defenses, access sensitive customer data and expose it.
As a healthcare or financial institution, if your customer PII is exposed, it can cause a great deal of trouble to both your company and your customers. Let’s look at some of the potential risks:
With the insider threat landscape constantly evolving, businesses need to step up and secure PII and other sensitive data more effectively. By failing to do so, you could end up putting the future of your customers, employees and company in grave danger. Here are a few tips to help you get started:
Unsure about how you can protect Personally Identifiable Information? Get in touch with us today!
Article curated and used by permission.
Â
Â
Data Sources:
If your organization handles PII, you must take steps to secure your customer data. Not only is it essential from a compliance standpoint, but with security breaches on the rise, you have to make sure customer PII is not being compromised. Risk Based Security revealed that by the end of 2020, a total of 36 billion records had been exposed and compromised. Of such data breaches, 60 percent are caused by insider threats or security threats that originate from within an organization. To make things worse, reports indicate that the number of insider incidents has increased by 47 percent over the last two years.
Let's deep dive into the potential risks that insider threats pose to PII, especially for healthcare and financial institutions, and how you can protect your organization against such threats.
Â
Potential Risks
An insider threat is a security risk that originates from within your organization and is usually someone with authorized access misusing data (intentionally or unintentionally) to harm your company or your customers. The culprit could be any individual who has authorized access to confidential and sensitive company information, right from your present or former employees to consultants, partners or contractors.
If you don't secure your employee or customer PII, you leave yourself vulnerable to data breaches. Insider-led data breaches are widespread and can happen in multiple ways – from a negligent employee inadvertently downloading malicious malware to a disgruntled contractor selling customer data on the Dark Web to make money.
Insider-led data breaches are hard to detect because the threat actors have legitimate access and are probably familiar with your cybersecurity defense tools as well. It is much easier for them to circumvent your defenses, access sensitive customer data and expose it.
As a healthcare or financial institution, if your customer PII is exposed, it can cause a great deal of trouble to both your company and your customers. Let’s look at some of the potential risks:
Risks to Your Company
Reputational damage
Financial loss
Ransomware costs
Operational standstill
Risks to Your Customers
Identity theft
Social engineering attacks
Blackmail campaigns
How to Secure PII
ÂWith the insider threat landscape constantly evolving, businesses need to step up and secure PII and other sensitive data more effectively. By failing to do so, you could end up putting the future of your customers, employees and company in grave danger. Here are a few tips to help you get started:
- Use behavioral analytics to set up unique behavioral profiles for all insiders and detect insiders accessing data not associated with their job functions.
- Implement access and permission controls to review, revise and restrict unnecessary user access privileges, permissions and rights.
- Review the PII data you have already collected, where it is stored and who has access to it, and then securely delete what is not necessary for the business to operate.
- Set up an acceptable PII usage policy that defines how PII data should be classified, stored, accessed and protected.
- Make sure your PII policy is compliant with different privacy and data regulations that apply to your business.
- Upgrade your storage holdings to ensure the data lives in a SOC2-protected data center.
- Cut down on inadvertent insiders by implementing mandatory cybersecurity and data security training programs.
- Make use of software that will help you protect PII.
Unsure about how you can protect Personally Identifiable Information? Get in touch with us today!
Article curated and used by permission.
Â
Â
Data Sources:
- https://www.securitymagazine.com/articles/94076-the-top-10-data-breaches-of-2020#:
- https://securityintelligence.com/posts/what-are-insider-threats-and-how-can-you-mitigate-them/
- https://techjury.net/blog/insider-threat-statistics/#gref
- https://www.databreachtoday.com/whitepapers/ponemon-institute-study-reputation-impact-data-breach-w-540
- https://www.csoonline.com/article/3434601/what-is-the-cost-of-a-data-breach.html
Electronic Arts (EA)
https://therecord.media/hackers-leak-full-ea-data-after-failed-extortion-attempt/Exploit: Hacking
Electronic Arts (EA): Video Game Maker
Risk to Business:Â 1.311 = Extreme
Hackers have leaked an estimated 751GB of compressed EA data containing FIFA 21 source code on a dark web forum. Initially, they released a cache of 1.3GB of FIFA source code on July 14 as part of a demand for payment to stop them from releasing the rest, but after EA refused to play ball, the rest was added. According to reports, the hackers used the authentication cookies to mimic an already-logged-in EA employee’s account and access EA’s Slack channel and then tricked an EA IT support staffer into granting them access to the company’s internal network, ultimately allowing them to download more than 780GB of source code from the company’s internal code repositories. EA says that no player information was ever at risk and they’ve fixed the problem internally.
How It Could Affect Your Business:Â Part of this hacking incident was powered by impersonation, which is a form of phishing, and is reminiscent of the 2020 Twitter hack that enabled cybercriminals to gain access to celebrity accounts by impersonating Twitter workers.
University of San Diego Health
https://www.bleepingcomputer.com/news/security/uc-san-diego-health-discloses-data-breach-after-phishing-attack/Exploit:Â Phishing
University of San Diego Health: Hospital System
Risk to Business:Â 1.663 = Severe
UC San Diego Health has disclosed a data breach after the compromise of some employees’ email accounts. UC San Diego Health discovered that cybercriminals had gained access to some of its employees’ email accounts through a phishing attack. The attackers may have accessed the personal information of patients, employees and students between December 2, 2020, and April 8, 2021.
Risk to Individual:Â 1.271 = Severe
Potentially impacted information includes: patients’ full name, address, date of birth, email, fax number, claims information (date and cost of health care services and claims identifiers), laboratory results, medical diagnosis and conditions, Medical Record Number and other medical identifiers, prescription information, treatment information, medical information, Social Security number, government identification number, payment card number or financial account number and security code, student ID number and username and password. The hospital will offer free credit monitoring and identity theft protection services through Experian IdentityWorks for one year and is contacting impacted individuals via mail.
How it Could Affect Your Business:Â Medical data is some of the hottest data to sell in dark web markets, earning cybercriminals a substantial profit and this hospital substantial fines under HIPAA and California Privacy regulations.
City of Grass Valley, CA
https://sacramento.cbslocal.com/2021/07/29/grass-valley-cyberattack-ransom/
Exploit: RansomwareCity of Grass Valley, CA: Municipality
Risk to Business:Â 2.223=Severe
Municipalities have been ripe targets for cybercriminals, and they’ve scored another payday in Grass Valley, California. City services except emergency services experienced outages and the city ultimately chose to pay the ransom, citing data privacy concerns for its citizens. Grass Valley officials said the Federal Bureau of Investigation (FBI) was contacted. Several state agencies are still investigating. Services were restored after the ransom payment. Federal agencies including CISA and the FBI strongly discourage paying ransoms which is illegal in many circumstances.
How it Could Affect Your Business:Â Cybercriminals have been striking municipalities and similar authorities frequently. Historically poor cybersecurity combined with a tendency to simply pay ransoms makes this a growth industry for cybercrime.
Calgary Parking Authority
https://calgaryherald.com/news/local-news/calgarians-personal-data-exposed-in-parking-authority-security-breachExploit: Misconfiguration
Calgary Parking Authority: Municipal Entity
Risk to Business:Â 1.705 = Severe
Calgary Parking Authority recently experienced a breach that exposed the personal information of vehicle owners. A misconfigured server containing computer-readable technical logs, payments, parking tickets, driver personal data and more was discovered in the wild by researchers. Reports say that the server, used to monitor the authority’s parking system for bugs and errors, was left on the internet without a password in a security blunder.
Individual Risk:Â 1.622 = Severe
Data exposed includes drivers’ full names, dates of birth, phone numbers, email addresses and postal addresses, as well as details of parking tickets and parking offenses, including license plates and vehicle descriptions, and in some cases the location data of where the alleged parking offense took place. The logs also contained some partial card payment numbers and expiry dates.
How it Could Affect Your Business: It’s hard enough to stay ahead of hackers without giving them an easy payday by making sloppy mistakes. Building a strong security culture is vital for keeping systems and data safe.
Homewood Health
https://bc.ctvnews.ca/unknown-number-of-british-columbians-personal-information-for-sale-online-after-health-company-extorted-1.5525715Exploit: Nation-State Hacking
Homewood Health: Healthcare Provider
Risk to Business:Â 1.926 = Severe
Ontario-based Homewood Health has disclosed that it fell victim to hacking earlier this year. The organization has begun contacting companies and agencies whose information may be compromised, including BC Housing, TransLink and the Provincial Health Services Authority. The organization is blaming the breach on the state-sponsored Chinese hackers Hafnium.
Customers Impacted:Â Unknown
How it Could Affect Your Business:Â Cyberattacks against service providers have been steadily increasing as cybercriminals strike at lynchpins to gain access to even more valuable data.
D-BOX
https://cyberintelmag.com/attacks-data-breaches/entertainment-company-d-box-recovers-from-ransomware-cyberattack/Exploit:Â Ransomware
D-BOX: Gaming Specialty Electronics
Risk to Business:Â 1.919 = Severe
Canadian immersive entertainment technology provider D-BOX said it was gradually resuming its activities following a ransomware attack. The company said it had worked with incident response experts to determine that the impact was limited to internal systems and that its services to studios and theatre operators were not affected. All services have now been restored. The company has stated that it believes that its policy of segmentation between internal and customer-focused systems helped protect its clients.
Customers Impacted:Â Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation state threat actors. Every business needs to be ready for it.
The Netherlands – Raven Hengelsport
https://www.theregister.com/2021/07/27/azure_blob_raven_hengelsport/Exploit:Â Misconfiguration
Raven Hengelsport: Specialty Fishing Supply
Risk to Business:Â 1.602 = Severe
Dutch fishing supply specialist Raven Hengelsport left details of around 246,000 customers visible to anyone on a misconfigured Microsoft Azure cloud server for months. That server, hosting 18GB of company data covering at least 246,000 customers across 450,000 records, was discovered by security researchers and had purportedly been wide open for months. Even after researchers attempted to contact the company it took a long time for them to do anything about it.
Individual Risk:Â 2.416 = Moderate
The bonanza of information contained customer IDs, delivery dates, discounts, shipping fees, payments and shipment tracking numbers as well as PII like names, surnames, addresses, genders, phone numbers, email addresses and business names.
How it Could Affect Your Business: Mistakes like this are only compounded by blunders in the response. It shows clients that you aren’t concerned about their security if you aren’t concerned about yours.
Electronic Arts (EA)
https://therecord.media/hackers-leak-full-ea-data-after-failed-extortion-attempt/Exploit: Hacking
Electronic Arts (EA): Video Game Maker
Risk to Business:Â 1.311 = Extreme
Hackers have leaked an estimated 751GB of compressed EA data containing FIFA 21 source code on a dark web forum. Initially, they released a cache of 1.3GB of FIFA source code on July 14 as part of a demand for payment to stop them from releasing the rest, but after EA refused to play ball, the rest was added. According to reports, the hackers used the authentication cookies to mimic an already-logged-in EA employee’s account and access EA’s Slack channel and then tricked an EA IT support staffer into granting them access to the company’s internal network, ultimately allowing them to download more than 780GB of source code from the company’s internal code repositories. EA says that no player information was ever at risk and they’ve fixed the problem internally.
How It Could Affect Your Business:Â Part of this hacking incident was powered by impersonation, which is a form of phishing, and is reminiscent of the 2020 Twitter hack that enabled cybercriminals to gain access to celebrity accounts by impersonating Twitter workers.
University of San Diego Health
https://www.bleepingcomputer.com/news/security/uc-san-diego-health-discloses-data-breach-after-phishing-attack/Exploit:Â Phishing
University of San Diego Health: Hospital System
Risk to Business:Â 1.663 = Severe
UC San Diego Health has disclosed a data breach after the compromise of some employees’ email accounts. UC San Diego Health discovered that cybercriminals had gained access to some of its employees’ email accounts through a phishing attack. The attackers may have accessed the personal information of patients, employees and students between December 2, 2020, and April 8, 2021.
Risk to Individual:Â 1.271 = Severe
Potentially impacted information includes: patients’ full name, address, date of birth, email, fax number, claims information (date and cost of health care services and claims identifiers), laboratory results, medical diagnosis and conditions, Medical Record Number and other medical identifiers, prescription information, treatment information, medical information, Social Security number, government identification number, payment card number or financial account number and security code, student ID number and username and password. The hospital will offer free credit monitoring and identity theft protection services through Experian IdentityWorks for one year and is contacting impacted individuals via mail.
How it Could Affect Your Business:Â Medical data is some of the hottest data to sell in dark web markets, earning cybercriminals a substantial profit and this hospital substantial fines under HIPAA and California Privacy regulations.
City of Grass Valley, CA
https://sacramento.cbslocal.com/2021/07/29/grass-valley-cyberattack-ransom/
Exploit: RansomwareCity of Grass Valley, CA: Municipality
Risk to Business:Â 2.223=Severe
Municipalities have been ripe targets for cybercriminals, and they’ve scored another payday in Grass Valley, California. City services except emergency services experienced outages and the city ultimately chose to pay the ransom, citing data privacy concerns for its citizens. Grass Valley officials said the Federal Bureau of Investigation (FBI) was contacted. Several state agencies are still investigating. Services were restored after the ransom payment. Federal agencies including CISA and the FBI strongly discourage paying ransoms which is illegal in many circumstances.
How it Could Affect Your Business:Â Cybercriminals have been striking municipalities and similar authorities frequently. Historically poor cybersecurity combined with a tendency to simply pay ransoms makes this a growth industry for cybercrime.
Calgary Parking Authority
https://calgaryherald.com/news/local-news/calgarians-personal-data-exposed-in-parking-authority-security-breachExploit: Misconfiguration
Calgary Parking Authority: Municipal Entity
Risk to Business:Â 1.705 = Severe
Calgary Parking Authority recently experienced a breach that exposed the personal information of vehicle owners. A misconfigured server containing computer-readable technical logs, payments, parking tickets, driver personal data and more was discovered in the wild by researchers. Reports say that the server, used to monitor the authority’s parking system for bugs and errors, was left on the internet without a password in a security blunder.
Individual Risk:Â 1.622 = Severe
Data exposed includes drivers’ full names, dates of birth, phone numbers, email addresses and postal addresses, as well as details of parking tickets and parking offenses, including license plates and vehicle descriptions, and in some cases the location data of where the alleged parking offense took place. The logs also contained some partial card payment numbers and expiry dates.
How it Could Affect Your Business: It’s hard enough to stay ahead of hackers without giving them an easy payday by making sloppy mistakes. Building a strong security culture is vital for keeping systems and data safe.
Homewood Health
https://bc.ctvnews.ca/unknown-number-of-british-columbians-personal-information-for-sale-online-after-health-company-extorted-1.5525715Exploit: Nation-State Hacking
Homewood Health: Healthcare Provider
Risk to Business:Â 1.926 = Severe
Ontario-based Homewood Health has disclosed that it fell victim to hacking earlier this year. The organization has begun contacting companies and agencies whose information may be compromised, including BC Housing, TransLink and the Provincial Health Services Authority. The organization is blaming the breach on the state-sponsored Chinese hackers Hafnium.
Customers Impacted:Â Unknown
How it Could Affect Your Business:Â Cyberattacks against service providers have been steadily increasing as cybercriminals strike at lynchpins to gain access to even more valuable data.
D-BOX
https://cyberintelmag.com/attacks-data-breaches/entertainment-company-d-box-recovers-from-ransomware-cyberattack/Exploit:Â Ransomware
D-BOX: Gaming Specialty Electronics
Risk to Business:Â 1.919 = Severe
Canadian immersive entertainment technology provider D-BOX said it was gradually resuming its activities following a ransomware attack. The company said it had worked with incident response experts to determine that the impact was limited to internal systems and that its services to studios and theatre operators were not affected. All services have now been restored. The company has stated that it believes that its policy of segmentation between internal and customer-focused systems helped protect its clients.
Customers Impacted:Â Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation state threat actors. Every business needs to be ready for it.
The Netherlands – Raven Hengelsport
https://www.theregister.com/2021/07/27/azure_blob_raven_hengelsport/Exploit:Â Misconfiguration
Raven Hengelsport: Specialty Fishing Supply
Risk to Business:Â 1.602 = Severe
Dutch fishing supply specialist Raven Hengelsport left details of around 246,000 customers visible to anyone on a misconfigured Microsoft Azure cloud server for months. That server, hosting 18GB of company data covering at least 246,000 customers across 450,000 records, was discovered by security researchers and had purportedly been wide open for months. Even after researchers attempted to contact the company it took a long time for them to do anything about it.
Individual Risk:Â 2.416 = Moderate
The bonanza of information contained customer IDs, delivery dates, discounts, shipping fees, payments and shipment tracking numbers as well as PII like names, surnames, addresses, genders, phone numbers, email addresses and business names.
How it Could Affect Your Business: Mistakes like this are only compounded by blunders in the response. It shows clients that you aren’t concerned about their security if you aren’t concerned about yours.
Florida Department for Economic Opportunity (DEO)
https://stpetecatalyst.com/zaps/floridas-deo-warns-of-unemployment-data-breach-affecting-nearly-58000/Exploit: Hacking
Florida Department for Economic Opportunity (DEO): State Government Agency
Risk to Business:Â 2.550 = Severe
Records from more than 58,000 Florida unemployment accounts have been stolen in a data breach. The information was stolen in a suspected malicious insider incident, although details are sketchy. The stolen information was contained in the DEO’s online unemployment benefit system, called CONNECT, and the records stolen fall between April 27 and July 16, 2021. The incident is still under investigation.
Individual Risk:Â 1.663= Severe
Exposed information includes social security numbers, bank account information and other personal details that users may have stored in CONNECT. The DEO purchased a year’s subscription of LifeLock Identify protector services for all those affected.
How It Could Affect Your Business: Personal data is the cybercriminal’s bread and butter, especially when financial information is involved because it is quickly saleable in the busy dark web data markets.
Yale New Haven Health
Exploit:Â Third-Party Data BreachYale New Haven Health: Medical System
Risk to Business:Â 1.716 = Severe
Patients at Yale New Haven Health are being warned that their information has been stolen in an incident at a third-party vendor, Elekta. That company facilitates cancer treatments and was the victim of a ransomware attack just a few weeks ago that is rippling out to catch many medical institutions. Yale New Haven Health contends that hackers had no access to patient medical records, and a very small number of customers had financial information stolen.
Risk to Individual:Â 2.601 = Severe
Officials said that certain demographic information such as names, addresses, phone numbers, emails, Social Security numbers, treatment locations and preferred languages were included in the Elekta databases impacted by the breach. A small group of people may have had their financial information exposed. Anyone with information that could have been exposed will be notified by mail and people who may have had their financial information exposed will be offered complimentary credit monitoring service.
How it Could Affect Your Business:Â Medical data is some of the hottest data to sell in dark web markets, earning cybercriminals a substantial profit and this company a substantial HIPAA fine.
Mobile County, Alabama
https://www.wkrg.com/news/mobile-county-commission-notifies-employees-of-data-breach/
Exploit: HackingMobile County, Alabama: Local Government
Risk to Business:Â 2.223=Severe
The Mobile County Commission has officially notified county employees of a computer system breach where employee data and sensitive information were at risk the county has announced that certain computer systems were subject to unauthorized access on May 24, 2021, culminating in employee information at risk. This is a developing situation as the investigation winds down. The county had initially stated that no sensitive information was exposed.
Individual Risk:Â 2.223=Severe
Mobile County alerted all employees, more than 1,600 people, that their information may have been exposed including Social Security numbers, dates of birth and other sensitive information. Also at risk, health insurance contract numbers for employees subscribed to receive health coverage and routing numbers for employees enrolled in direct deposit with the county.
How it Could Affect Your Business:Â Even a small amount of data is attractive to data thieves who especially love vital information and financial data.
United Kingdom – Guntrader
https://www.theregister.com/2021/07/23/guntrader_hacked_111k_users_sql_database/Exploit: Hacking
Guntrader: Gun Ownership Management System
Risk to Business:Â 1.705 = Severe
Hackers hit a website used for buying and selling firearms in the UK making off with a 111,000-entry database containing partial information from a CRM product used by gun shops across the UK. The SQL database powered both the Guntrader.uk buy-and-sell website and its electronic gun shop register product, comprising about 111,000 users and dating between 2016 and 17 July this year. The Information Commissioner’s Office was informed and an investigation is underway.
Individual Risk:Â 1.622 = Severe
The database that the hackers scored provided a wealth of information about firearms enthusiasts in the UK including names, mobile phone numbers, email addresses, user geolocation data, and more including bcrypt-hashed passwords.
How it Could Affect Your Business:Â Hackers are always in the market for fresh data, and this kind of information will net them a hefty profit fast.
Florida Department for Economic Opportunity (DEO)
https://stpetecatalyst.com/zaps/floridas-deo-warns-of-unemployment-data-breach-affecting-nearly-58000/Exploit: Hacking
Florida Department for Economic Opportunity (DEO): State Government Agency
Risk to Business:Â 2.550 = Severe
Records from more than 58,000 Florida unemployment accounts have been stolen in a data breach. The information was stolen in a suspected malicious insider incident, although details are sketchy. The stolen information was contained in the DEO’s online unemployment benefit system, called CONNECT, and the records stolen fall between April 27 and July 16, 2021. The incident is still under investigation.
Individual Risk:Â 1.663= Severe
Exposed information includes social security numbers, bank account information and other personal details that users may have stored in CONNECT. The DEO purchased a year’s subscription of LifeLock Identify protector services for all those affected.
How It Could Affect Your Business: Personal data is the cybercriminal’s bread and butter, especially when financial information is involved because it is quickly saleable in the busy dark web data markets.
Yale New Haven Health
Exploit:Â Third-Party Data BreachYale New Haven Health: Medical System
Risk to Business:Â 1.716 = Severe
Patients at Yale New Haven Health are being warned that their information has been stolen in an incident at a third-party vendor, Elekta. That company facilitates cancer treatments and was the victim of a ransomware attack just a few weeks ago that is rippling out to catch many medical institutions. Yale New Haven Health contends that hackers had no access to patient medical records, and a very small number of customers had financial information stolen.
Risk to Individual:Â 2.601 = Severe
Officials said that certain demographic information such as names, addresses, phone numbers, emails, Social Security numbers, treatment locations and preferred languages were included in the Elekta databases impacted by the breach. A small group of people may have had their financial information exposed. Anyone with information that could have been exposed will be notified by mail and people who may have had their financial information exposed will be offered complimentary credit monitoring service.
How it Could Affect Your Business:Â Medical data is some of the hottest data to sell in dark web markets, earning cybercriminals a substantial profit and this company a substantial HIPAA fine.
Mobile County, Alabama
https://www.wkrg.com/news/mobile-county-commission-notifies-employees-of-data-breach/
Exploit: HackingMobile County, Alabama: Local Government
Risk to Business:Â 2.223=Severe
The Mobile County Commission has officially notified county employees of a computer system breach where employee data and sensitive information were at risk the county has announced that certain computer systems were subject to unauthorized access on May 24, 2021, culminating in employee information at risk. This is a developing situation as the investigation winds down. The county had initially stated that no sensitive information was exposed.
Individual Risk:Â 2.223=Severe
Mobile County alerted all employees, more than 1,600 people, that their information may have been exposed including Social Security numbers, dates of birth and other sensitive information. Also at risk, health insurance contract numbers for employees subscribed to receive health coverage and routing numbers for employees enrolled in direct deposit with the county.
How it Could Affect Your Business:Â Even a small amount of data is attractive to data thieves who especially love vital information and financial data.
United Kingdom – Guntrader
https://www.theregister.com/2021/07/23/guntrader_hacked_111k_users_sql_database/Exploit: Hacking
Guntrader: Gun Ownership Management System
Risk to Business:Â 1.705 = Severe
Hackers hit a website used for buying and selling firearms in the UK making off with a 111,000-entry database containing partial information from a CRM product used by gun shops across the UK. The SQL database powered both the Guntrader.uk buy-and-sell website and its electronic gun shop register product, comprising about 111,000 users and dating between 2016 and 17 July this year. The Information Commissioner’s Office was informed and an investigation is underway.
Individual Risk:Â 1.622 = Severe
The database that the hackers scored provided a wealth of information about firearms enthusiasts in the UK including names, mobile phone numbers, email addresses, user geolocation data, and more including bcrypt-hashed passwords.
How it Could Affect Your Business:Â Hackers are always in the market for fresh data, and this kind of information will net them a hefty profit fast.