InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
With the cyberthreat landscape getting more complicated with every passing minute, cybersecurity deserves more attention than ever before. Fully trusting applications, interfaces, networks, devices, traffic and users without authentication is no longer an option. Misjudging and misplacing your trust in a malicious entity can lead to severe breaches that can damage your business. Zero Trust Security practices, however, can go a long way towards helping small and medium-sized businesses (SMBs) minimize cybersecurity risks and prevent data breaches.
Zero Trust was introduced in 2010 by John Kindervag, a former Forrester analyst. The concept has since gained wide acclaim and approval as a trusted framework for cybersecurity. The Zero Trust approach trusts nothing within or outside its perimeter and insists on verifying everything attempting to connect to the company systems before granting access. In simple terms, the National Institute of Standards and Technology (NIST) refers to it as a “never trust, always verify” approach.
Implementing Zero Trust Security within your business can help guard against data breaches, downtime, productivity loss, customer churn and reputation damage. Over 70% of businesses planned for the deployment of Zero Trust in 2020 and it is even more critical for SMBs in an era where workforces and networks are becoming heavily distributed.1
Three Misconceptions and Facts About Zero Trust Security
Misconception: Zero Trust Security is only for enterprises.
Misconception: Zero Trust Security is too complex.
Misconception: The cost of implementing Zero Trust is too high.
Still Not Convinced?
Let’s look at a few statistics that should convince you of the seriousness of today’s cyberthreat landscape as well as the need for a Zero Trust approach:- Human error causes close to 25% of data breaches.2
- Experts predict that ransomware attacks will occur every 11 seconds in 2021.3
- Over 40% of employees are expected to work from home post-pandemic.4
- Phishing attacks have increased by over 60% since the pandemic started.5
If you’re not equipped with a solid defense against cyberthreats, you may regret it later when a breach happens. Chances are your current approach to cybersecurity falls short of stopping cybercriminals from accessing your network. The Zero Trust approach can change all that.
Adopting Zero Trust Security within your business does not mean you throw away your existing security tools and technologies. In fact, according to NIST, Zero Trust Security must incorporate existing security tools and technologies more systematically.
Build an effective Zero Trust model that encompasses governance policies—like giving users only the access needed to complete their tasks—and technologies such as:
- Multifactor authentication
- Identity and access management
- Risk management
- Analytics
- Encryption
- Orchestration
- Scoring
- File-system permissions
Article curated and used by permission. Source:
- com
- IBM 2020 Cost of Data Breach Report
- JD SUPRA Knowledge Center
- Gartner Report
- Security Magazine Verizon Data Breach Digest
Experts estimate that humans produce 2.5 quintillion bytes of data every day.1 That is a lot of information. However, having a poor backup strategy can wipe out all or vast portions of your data in a single click. From accidental deletions and malicious attacks to natural disasters, there are multiple ways by which you can lose your business data. Therefore, make sure a robust backup and disaster recovery (BDR) solution is an integral part of your business.
When you lose crucial data permanently, the consequences can be devastating. Some costly aftereffects of data loss are:
Financial institutions must comply with requirements put forward by:
That said, survival in the hospitality industry can be tough. We live in an era where people check public ratings of a hotel room, even if they only plan on staying just one night. A minor dent in reputation could be an enormous blow to a hospitality business.
All critical data like credit card information and customers’ Personally Identifiable Information (PII) must be handled with care to avoid satisfaction issues and regulatory fines. Hence, backup and disaster recovery are an essential part of hospitality.
Article curated and used by permission.
When you lose crucial data permanently, the consequences can be devastating. Some costly aftereffects of data loss are:
- Productivity Disruptions: Companies hit by an incident face an average of close to 200 hours per year of downtime.2
- Loss of customer trust: One-third of customers end their association with a business following a severe data-loss incident.2
- Regulatory penalties: The penalties may vary based on the regulatory bodies governing your industry, and they can cost millions of dollars.
Healthcare
There can be severe complications when data loss happens in the healthcare industry:- If a patient’s health records go missing when needed, a life-saving surgery could get delayed or denied.
- Without the billing records, a hospital cannot process payments.
- Regulatory bodies like HIPAA slap hefty fines on hospitals for carelessly handling data. HIPAA can impose penalties anywhere between $100 to $50,000 for an individual violation, with a maximum fine of $1.5 million per calendar year of neglect.4
Finance
A robust backup and disaster recovery solution is an important part of any financial institution’s growth and survival.Financial institutions must comply with requirements put forward by:
- Regulations like the Gramm-Leach-Bliley Act (GLBA)
- Financial agency regulatory agencies like the Financial Industry Regulatory Authority (FINRA)
- International regulators such as the Financial Conduct Authority (FCA)
- The Securities and Exchange Commission (SEC)
Hospitality
The information generated in the hospitality industry is in a precarious position. This is because the hospitality industry often invests less in backup and disaster recovery than other industries.That said, survival in the hospitality industry can be tough. We live in an era where people check public ratings of a hotel room, even if they only plan on staying just one night. A minor dent in reputation could be an enormous blow to a hospitality business.
All critical data like credit card information and customers’ Personally Identifiable Information (PII) must be handled with care to avoid satisfaction issues and regulatory fines. Hence, backup and disaster recovery are an essential part of hospitality.
Adopt BDR Before It Is Too Late
Avoiding data loss at any cost is vital for your business to survive and thrive. It is, therefore, highly recommended to have the right BDR provider to maintain control of business-critical data. If you are confused about how to take the first step, do not worry. We are here to help. Our BDR expertise can help your business sail smoothly without being caught in the whirlpool of data loss. Contact us now to learn more.Article curated and used by permission.
Sources:
Techjury.net
IDC Report
IBM Cost of Data Breach Report
National Library of Medicine
Experts estimate that humans produce 2.5 quintillion bytes of data every day.1 That is a lot of information. However, having a poor backup strategy can wipe out all or vast portions of your data in a single click. From accidental deletions and malicious attacks to natural disasters, there are multiple ways by which you can lose your business data. Therefore, make sure a robust backup and disaster recovery (BDR) solution is an integral part of your business.
When you lose crucial data permanently, the consequences can be devastating. Some costly aftereffects of data loss are:
Financial institutions must comply with requirements put forward by:
That said, survival in the hospitality industry can be tough. We live in an era where people check public ratings of a hotel room, even if they only plan on staying just one night. A minor dent in reputation could be an enormous blow to a hospitality business.
All critical data like credit card information and customers’ Personally Identifiable Information (PII) must be handled with care to avoid satisfaction issues and regulatory fines. Hence, backup and disaster recovery are an essential part of hospitality.
Article curated and used by permission.
When you lose crucial data permanently, the consequences can be devastating. Some costly aftereffects of data loss are:
- Productivity Disruptions: Companies hit by an incident face an average of close to 200 hours per year of downtime.2
- Loss of customer trust: One-third of customers end their association with a business following a severe data-loss incident.2
- Regulatory penalties: The penalties may vary based on the regulatory bodies governing your industry, and they can cost millions of dollars.
Healthcare
There can be severe complications when data loss happens in the healthcare industry:- If a patient’s health records go missing when needed, a life-saving surgery could get delayed or denied.
- Without the billing records, a hospital cannot process payments.
- Regulatory bodies like HIPAA slap hefty fines on hospitals for carelessly handling data. HIPAA can impose penalties anywhere between $100 to $50,000 for an individual violation, with a maximum fine of $1.5 million per calendar year of neglect.4
Finance
A robust backup and disaster recovery solution is an important part of any financial institution’s growth and survival.Financial institutions must comply with requirements put forward by:
- Regulations like the Gramm-Leach-Bliley Act (GLBA)
- Financial agency regulatory agencies like the Financial Industry Regulatory Authority (FINRA)
- International regulators such as the Financial Conduct Authority (FCA)
- The Securities and Exchange Commission (SEC)
Hospitality
The information generated in the hospitality industry is in a precarious position. This is because the hospitality industry often invests less in backup and disaster recovery than other industries.That said, survival in the hospitality industry can be tough. We live in an era where people check public ratings of a hotel room, even if they only plan on staying just one night. A minor dent in reputation could be an enormous blow to a hospitality business.
All critical data like credit card information and customers’ Personally Identifiable Information (PII) must be handled with care to avoid satisfaction issues and regulatory fines. Hence, backup and disaster recovery are an essential part of hospitality.
Adopt BDR Before It Is Too Late
Avoiding data loss at any cost is vital for your business to survive and thrive. It is, therefore, highly recommended to have the right BDR provider to maintain control of business-critical data. If you are confused about how to take the first step, do not worry. We are here to help. Our BDR expertise can help your business sail smoothly without being caught in the whirlpool of data loss. Contact us now to learn more.Article curated and used by permission.
Sources:
Techjury.net
IDC Report
IBM Cost of Data Breach Report
National Library of Medicine
United States – Utility Trailer Manufacturing
https://www.freightwaves.com/news/trailer-maker-utility-targeted-in-ransomware-attackExploit: Ransomware
Utility Trailer Manufacturing: Trailer Fabrication
Risk to Business: 1.655= Severe
California-based Utility Trailer Manufacturing was hit by the Clop ransomware gang. As proof of the hit, the gang released 5 gigabytes of data to the dark web this week. The company has not been clear on the impact of the breach beyond saying that client data including payment records were not accessed and manufacturing remains normal.
Individual Risk: 1.507= Severe
While the company is staying mum about the content of the breach, researchers have determined that an extensive amount of sensitive personal data about employees, including payrolls and human resources information was included in the incident after finding it on the dark web. Past and present employees should be alert for identity theft and spear phishing attempts.
How It Could Affect Your Business: A new ransomware attack is launched every 40 seconds, and every business is in the line of fire. Making sure that you have all the bases covered and taking smart precautions like increased security awareness training can help reduce risk.
United States – Alaska Department of Health and Social Services
https://www.govinfosecurity.com/alaska-health-department-services-affected-by-malware-attack-a-16708Exploit: Malware
Alaska Department of Health and Social Services: Regional Human Services Agency
Risk to Business: 1.833= Severe
The Alaska health department’s website was taken offline Monday evening and will be unavailable to the public for an indeterminate amount of time as IT teams work to investigate and recover from a malware attack. COVID-19 immunization and most data dashboards are maintained by an outside contractor and are still operational. The department’s main website, background check system, the state of Alaska’s vital records system, Alaska’s behavioral health and substance abuse management system and the state’s system for schools to report vaccine data to public health have all been impacted.
Customers Impacted: Unknown
How it Could Affect Your Business: Malware that takes important systems offline can seriously impact an organization’s operations, costing a fortune in remediation, investigation and recovery. Government targets have been especially appealing to cybercriminals due to their notoriously weak security.
United States – Bergen Logistics
https://www.hackread.com/logistics-giant-leaks-data-lolz-when-alerted/Exploit: Unsecured Database
Bergen Logistics: Shipping & Fulfillment
Risk to Business: 2.812= Moderate
Security researchers recently discovered an exposed database belonging to Bergen Logistics. The Elasticsearch server contains a trove of 467,979 login credentials and shipment records relevant to the company’s customers. Bergen Logistics handles import/export, picking and packing for clients in the fashion industry. the company also direct ships to customers of online marketplaces and e-commerce stores.
Individual Risk: 2.772= Moderate
The exposed data for customers includes names, addresses, order numbers and details, email and contact information and plaintext passwords to customer accounts. This data could be used for spear phishing attempts.
How it Could Affect Your Business: There are enough ways to suffer a cybersecurity incident without causing them through negligence, even though employee error is still the number one cause of a data breach. Making sure to cover the bases with basics goes a long way toward improving security.
United Kingdom – One Call
https://www.doncasterfreepress.co.uk/news/one-call-cyber-attack-all-you-need-to-know-about-hackers-darkside-and-insurance-boss-john-radford-3244076Exploit: Ransomware
One Call: Insurer
Risk to Business: 1.606 = Severe
Insurer OneCall admitted last week that a ransomware attack disrupted its core IT system and forced it to shut down its servers. The attack was perpetrated by the notorious DarkSide gang, which purportedly went dark after the Colonial Pipeline fiasco. the hackers are demanding a ransom of more than $20k. The company has released no clear information on what data was stolen or how long the investigation and recovery will take, although news outlets are reporting customer and financial data as potentially stolen by the gang.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the preferred weapon of cybercriminals, especially those in major gangs. Increased security awareness training is a must for every client because it makes organizations up to 70% less likely to experience damaging cybersecurity incidents like this one.
United Kingdom – FastTrack Reflex Recruitment
https://www.hackread.com/uk-recruitment-firm-exposed-applicants-data/Exploit: Misconfiguration
FastTrack Reflex Recruitment: Staffing Firm
Risk to Business: 1.882 = Severe
FastTrack Reflex Recruitment is the latest company to join the ranks of businesses that have had data leaks due to misconfigured AWS S3 buckets. The leaky bucket contained CVs for applicants and also included PII. Experts counted 21,000 client files (including duplicates), equating to 5GB of data,
Individual Risk: 1.780 = Severe
In the bucket, applicant CVs were exposed including attached identity documents like passports, work permits, identity card numbers and similar documents. In many cases, names, addresses, social media profile URLs, contact information DOBs and photos were also exposed
How it Could Affect Your Business: Simple failures in setup like this are a symptom of low standards and a sloppy cybersecurity culture. They’re also a quick way into disaster as this will not only cost money to fix, it will also incur penalties under GDPR and similar legislation.
Ireland – Ardagh Group
https://portswigger.net/daily-swig/packaging-vendor-ardagh-admits-cyber-attack-disrupted-operationsExploit: Ransomware
Ardagh Group: Packaging Manufacturer
Risk to Business: 1.699 = Severe
Glass and metal packaging giant Ardagh Group was snarled in a suspected ransomware attack. The company said that metal and glass packaging facilities remained operational, but the attack has caused shipping delays and interruptions. Investigation and remediation are underway, and the company expects to have everything back online by the end of the month.
Customers Impacted: Unknown
How it Could Affect Your Business: Make sure your clients are taking every possible precaution against ransomware because 61% of organizations worldwide experienced a damaging ransomware incident in 2020.
New Zealand – Waikato District Health Board
https://www.theregister.com/2021/05/19/new_zealand_hospitals_taken_down/Exploit: Ransomware
Waikato District Health Board: Regional Healthcare Agency
Risk to Business: 1.115 = Extreme
Waikato District Health Board (DHB) had most of its IT services go offline Tuesday morning as the result of a suspect Conti ransomware attack, severely impacting services at six of its affiliate hospitals. Only email service has escaped the shutdown. With patient notes inaccessible, clinical services were disrupted and surgeries postponed. Phone lines went down and hospitals were forced to accept urgent patients only, using pencil and paper records. Service disruptions are expected to continue for several days.
Customers Impacted: Unknown
How it Could Affect Your Business: Attacks on healthcare targets have been at the top of the cybercriminals playbook since the beginning of the global pandemic, and they represent a threat to public health, not to mention overstressing already burned-out hospital staffers.
India – Air India
https://www.bleepingcomputer.com/news/security/air-india-data-breach-impacts-45-million-customers/Exploit: Third Party Data Breach
Risk to Business: 2.001 = Severe
Air India disclosed a data breach impacting 4.5 million of its customers following the hack of airline passenger service system provider SITA in February 2021. Dozens of airlines around the world had data exposed in that ransomware incident and the fallout is still shaking out. The airline confirmed that the breach involved personal data and credit card information registered between August 2011 and February 2021 by Air India or its subsidiaries.
Risk to Business: 2.113 = Severe
The exposed data is reported to include passenger details like name, date of birth, contact information, passport information, ticket information, Star Alliance, and Air India frequent flyer data as well as credit card numbers.
How it Could Affect Your Business: Third-party and supply chain data breaches like this one are becoming all too common as clever cybercriminals go for data-rich targets – and the problem will only get worse thanks to booming dark web data markets.
India – Domino’s Pizza India
https://ciso.economictimes.indiatimes.com/news/user-info-linked-to-18cr-dominos-orders-leaked/82899181Exploit: Hacking
Domino’s Pizza India: Restaurant Chain
Risk to Business: 1.774 = Severe
Customer and employee information has been exposed in a hacking incident at Domino’s Pizza India. Security researchers discovered 13TB of employee files and customer details exposed on the dark web. The data leak may be connected to another breach of the pizza chain earlier in April. Jubilant FoodWorks, operator of the chain, said that customers’ financial information remains safe.
Risk to Business: 1.671 = Severe
It is unclear what if any payment data was snatched, but personal information for customers including order dates, addresses, names, order invoices and similar data is available. The hackers claim to also have employee data, but that is unconfirmed.
How it Could Affect Your Business: Personal data is the most desirable information for cybercriminals right now, and every company needs to take precautions to keep them out of databases.
Japan – Mercari
https://www.bleepingcomputer.com/news/security/e-commerce-giant-suffers-major-data-breach-in-codecov-incident/Exploit: Supply Chain Data Breach
Mercari: E-commerce Platform
Risk to Business: 1.922 = Severe
In another big supply chain hit this week, Japanese marketplace Mercari has been compromised as a result of the recent Codecov breach. earlier this year, code coverage tool Codecov disclosed that it had been a victim of a supply-chain attack that lasted for two months and allowed cybercriminals to meddle with its popular Bash Uploader, opening hundreds of companies up to risk. Mercari announced that tens of thousands of customer records, including financial information, were exposed to external actors due to the Codecov breach.
Individual Risk: 1.942 = Severe
In the final tally, 17,085 records related to the transfer of sales proceeds to customer accounts were exposed including bank code, branch code, account number, account holder (kana) and transfer amount; 7,966 records on business partners of “Mercari” and “Merpay,” including names, date of birth, affiliation, e-mail address, and other data were exposed. 2,615 records on employees were also impacted including those working for a Mercari subsidiary. The data is comprised of names of some employees as of April 2021, company email address, employee ID, telephone number, date of birth and other PII plus details of past employees, some contractors and employees of external companies who interacted with Mercari.
How it Could Affect Your Business: Third-party data breaches like this one are the future of business. Reliance on outsourced service providers gives cybercriminals an easy way to scoop up data or snatch access credentials for multiple targets in one fell swoop.
United States – Utility Trailer Manufacturing
https://www.freightwaves.com/news/trailer-maker-utility-targeted-in-ransomware-attackExploit: Ransomware
Utility Trailer Manufacturing: Trailer Fabrication
Risk to Business: 1.655= Severe
California-based Utility Trailer Manufacturing was hit by the Clop ransomware gang. As proof of the hit, the gang released 5 gigabytes of data to the dark web this week. The company has not been clear on the impact of the breach beyond saying that client data including payment records were not accessed and manufacturing remains normal.
Individual Risk: 1.507= Severe
While the company is staying mum about the content of the breach, researchers have determined that an extensive amount of sensitive personal data about employees, including payrolls and human resources information was included in the incident after finding it on the dark web. Past and present employees should be alert for identity theft and spear phishing attempts.
How It Could Affect Your Business: A new ransomware attack is launched every 40 seconds, and every business is in the line of fire. Making sure that you have all the bases covered and taking smart precautions like increased security awareness training can help reduce risk.
United States – Alaska Department of Health and Social Services
https://www.govinfosecurity.com/alaska-health-department-services-affected-by-malware-attack-a-16708Exploit: Malware
Alaska Department of Health and Social Services: Regional Human Services Agency
Risk to Business: 1.833= Severe
The Alaska health department’s website was taken offline Monday evening and will be unavailable to the public for an indeterminate amount of time as IT teams work to investigate and recover from a malware attack. COVID-19 immunization and most data dashboards are maintained by an outside contractor and are still operational. The department’s main website, background check system, the state of Alaska’s vital records system, Alaska’s behavioral health and substance abuse management system and the state’s system for schools to report vaccine data to public health have all been impacted.
Customers Impacted: Unknown
How it Could Affect Your Business: Malware that takes important systems offline can seriously impact an organization’s operations, costing a fortune in remediation, investigation and recovery. Government targets have been especially appealing to cybercriminals due to their notoriously weak security.
United States – Bergen Logistics
https://www.hackread.com/logistics-giant-leaks-data-lolz-when-alerted/Exploit: Unsecured Database
Bergen Logistics: Shipping & Fulfillment
Risk to Business: 2.812= Moderate
Security researchers recently discovered an exposed database belonging to Bergen Logistics. The Elasticsearch server contains a trove of 467,979 login credentials and shipment records relevant to the company’s customers. Bergen Logistics handles import/export, picking and packing for clients in the fashion industry. the company also direct ships to customers of online marketplaces and e-commerce stores.
Individual Risk: 2.772= Moderate
The exposed data for customers includes names, addresses, order numbers and details, email and contact information and plaintext passwords to customer accounts. This data could be used for spear phishing attempts.
How it Could Affect Your Business: There are enough ways to suffer a cybersecurity incident without causing them through negligence, even though employee error is still the number one cause of a data breach. Making sure to cover the bases with basics goes a long way toward improving security.
United Kingdom – One Call
https://www.doncasterfreepress.co.uk/news/one-call-cyber-attack-all-you-need-to-know-about-hackers-darkside-and-insurance-boss-john-radford-3244076Exploit: Ransomware
One Call: Insurer
Risk to Business: 1.606 = Severe
Insurer OneCall admitted last week that a ransomware attack disrupted its core IT system and forced it to shut down its servers. The attack was perpetrated by the notorious DarkSide gang, which purportedly went dark after the Colonial Pipeline fiasco. the hackers are demanding a ransom of more than $20k. The company has released no clear information on what data was stolen or how long the investigation and recovery will take, although news outlets are reporting customer and financial data as potentially stolen by the gang.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the preferred weapon of cybercriminals, especially those in major gangs. Increased security awareness training is a must for every client because it makes organizations up to 70% less likely to experience damaging cybersecurity incidents like this one.
United Kingdom – FastTrack Reflex Recruitment
https://www.hackread.com/uk-recruitment-firm-exposed-applicants-data/Exploit: Misconfiguration
FastTrack Reflex Recruitment: Staffing Firm
Risk to Business: 1.882 = Severe
FastTrack Reflex Recruitment is the latest company to join the ranks of businesses that have had data leaks due to misconfigured AWS S3 buckets. The leaky bucket contained CVs for applicants and also included PII. Experts counted 21,000 client files (including duplicates), equating to 5GB of data,
Individual Risk: 1.780 = Severe
In the bucket, applicant CVs were exposed including attached identity documents like passports, work permits, identity card numbers and similar documents. In many cases, names, addresses, social media profile URLs, contact information DOBs and photos were also exposed
How it Could Affect Your Business: Simple failures in setup like this are a symptom of low standards and a sloppy cybersecurity culture. They’re also a quick way into disaster as this will not only cost money to fix, it will also incur penalties under GDPR and similar legislation.
Ireland – Ardagh Group
https://portswigger.net/daily-swig/packaging-vendor-ardagh-admits-cyber-attack-disrupted-operationsExploit: Ransomware
Ardagh Group: Packaging Manufacturer
Risk to Business: 1.699 = Severe
Glass and metal packaging giant Ardagh Group was snarled in a suspected ransomware attack. The company said that metal and glass packaging facilities remained operational, but the attack has caused shipping delays and interruptions. Investigation and remediation are underway, and the company expects to have everything back online by the end of the month.
Customers Impacted: Unknown
How it Could Affect Your Business: Make sure your clients are taking every possible precaution against ransomware because 61% of organizations worldwide experienced a damaging ransomware incident in 2020.
New Zealand – Waikato District Health Board
https://www.theregister.com/2021/05/19/new_zealand_hospitals_taken_down/Exploit: Ransomware
Waikato District Health Board: Regional Healthcare Agency
Risk to Business: 1.115 = Extreme
Waikato District Health Board (DHB) had most of its IT services go offline Tuesday morning as the result of a suspect Conti ransomware attack, severely impacting services at six of its affiliate hospitals. Only email service has escaped the shutdown. With patient notes inaccessible, clinical services were disrupted and surgeries postponed. Phone lines went down and hospitals were forced to accept urgent patients only, using pencil and paper records. Service disruptions are expected to continue for several days.
Customers Impacted: Unknown
How it Could Affect Your Business: Attacks on healthcare targets have been at the top of the cybercriminals playbook since the beginning of the global pandemic, and they represent a threat to public health, not to mention overstressing already burned-out hospital staffers.
India – Air India
https://www.bleepingcomputer.com/news/security/air-india-data-breach-impacts-45-million-customers/Exploit: Third Party Data Breach
Risk to Business: 2.001 = Severe
Air India disclosed a data breach impacting 4.5 million of its customers following the hack of airline passenger service system provider SITA in February 2021. Dozens of airlines around the world had data exposed in that ransomware incident and the fallout is still shaking out. The airline confirmed that the breach involved personal data and credit card information registered between August 2011 and February 2021 by Air India or its subsidiaries.
Risk to Business: 2.113 = Severe
The exposed data is reported to include passenger details like name, date of birth, contact information, passport information, ticket information, Star Alliance, and Air India frequent flyer data as well as credit card numbers.
How it Could Affect Your Business: Third-party and supply chain data breaches like this one are becoming all too common as clever cybercriminals go for data-rich targets – and the problem will only get worse thanks to booming dark web data markets.
India – Domino’s Pizza India
https://ciso.economictimes.indiatimes.com/news/user-info-linked-to-18cr-dominos-orders-leaked/82899181Exploit: Hacking
Domino’s Pizza India: Restaurant Chain
Risk to Business: 1.774 = Severe
Customer and employee information has been exposed in a hacking incident at Domino’s Pizza India. Security researchers discovered 13TB of employee files and customer details exposed on the dark web. The data leak may be connected to another breach of the pizza chain earlier in April. Jubilant FoodWorks, operator of the chain, said that customers’ financial information remains safe.
Risk to Business: 1.671 = Severe
It is unclear what if any payment data was snatched, but personal information for customers including order dates, addresses, names, order invoices and similar data is available. The hackers claim to also have employee data, but that is unconfirmed.
How it Could Affect Your Business: Personal data is the most desirable information for cybercriminals right now, and every company needs to take precautions to keep them out of databases.
Japan – Mercari
https://www.bleepingcomputer.com/news/security/e-commerce-giant-suffers-major-data-breach-in-codecov-incident/Exploit: Supply Chain Data Breach
Mercari: E-commerce Platform
Risk to Business: 1.922 = Severe
In another big supply chain hit this week, Japanese marketplace Mercari has been compromised as a result of the recent Codecov breach. earlier this year, code coverage tool Codecov disclosed that it had been a victim of a supply-chain attack that lasted for two months and allowed cybercriminals to meddle with its popular Bash Uploader, opening hundreds of companies up to risk. Mercari announced that tens of thousands of customer records, including financial information, were exposed to external actors due to the Codecov breach.
Individual Risk: 1.942 = Severe
In the final tally, 17,085 records related to the transfer of sales proceeds to customer accounts were exposed including bank code, branch code, account number, account holder (kana) and transfer amount; 7,966 records on business partners of “Mercari” and “Merpay,” including names, date of birth, affiliation, e-mail address, and other data were exposed. 2,615 records on employees were also impacted including those working for a Mercari subsidiary. The data is comprised of names of some employees as of April 2021, company email address, employee ID, telephone number, date of birth and other PII plus details of past employees, some contractors and employees of external companies who interacted with Mercari.
How it Could Affect Your Business: Third-party data breaches like this one are the future of business. Reliance on outsourced service providers gives cybercriminals an easy way to scoop up data or snatch access credentials for multiple targets in one fell swoop.