Data Breaches Affecting Small Businesses

Data breaches are increasing. In just one year they’ve risen by 424%. Just in the last week, we learned about five severe-level exploits affecting small businesses in the U.S. These are just the ones we were told about; there are many more. We’re providing this information in an effort to keep you informed.

What Were These Breaches?

Emuparadise: This is a retro gaming emulator website. An outdated compromised password hashing algorithm was exploited by hackers, causing user data to be compromised. By failing to update their cybersecurity standards, Emuparadise will now face reputational erosion and incur significant costs associated with interrupted business processes and recovery. 1,131,229 of their customers were affected.

Lake City Florida: A malware attack delivered “triple threat” ransomware that targeted the City’s network systems, rendering many city services inaccessible. Although emergency services such as police and fire are operational, city email accounts, land-line phones, and credit card services were disabled. In the meantime, the city has been forced to write bills, receipts, and other services by hand. It’s a reminder that ransomware attacks are uniquely dangerous because they not only cost money to repair, but those impacted run the risk of disrupting business processes or losing valuable data. We don’t know yet how many people were affected.

U.S. Customs and Border Protection:  A subcontractor violated the department’s policy and transferred copies of license plate and traveler images to their network where they were stolen in a malicious cyber attack. In response, the agency is monitoring the Dark Web for evidence of this data, and they are reevaluating their cybersecurity and privacy standards. Of course, these initiatives are simpler and more palatable when they are done proactively, rather than after an incident occurs. Consequently, the agency will now have to endure increased governmental oversight and media scrutiny. 100,000 customers were affected.

Auburn Food Bank: A ransomware attack struck the non-profit, charitable organization, encrypting all but one of its computers. This particular ransomware, GlobalImposter 2.0, cannot be decrypted, and victims must contact the hackers to negotiate a ransom. However, Auburn Food Bank is refusing to negotiate. Instead, they are seeking donations to replace their technology, which is roughly equal to the ransom demands. We don’t know how many people were affected.

Evite: Hackers were able to access Evite’s network, which allowed them to download an inactive data storage file that contained the personal information of millions of their customers. Despite being notified of the breach on April 15th, the company is only now acknowledging the breach. Their slow response time and lax security standards will now require them to incur the fees of third-party cybersecurity analysts as well as cascading reputational costs that are difficult to quantify and even more challenging to repair. In the meantime, the company is encouraging users to reset their passwords, a modest first step for such a traumatic incident. 10 million customers were affected.

What’s The Bottom Line With Each Of These Breaches?

Emuparadis: A data breach predicated on outdated security standards is an unnecessary and self-inflicted wound that is entirely avoidable. Instead, every organization should routinely evaluate their cybersecurity standards, ensuring that they reflect industry standard best practices.

Lake City Florida Breach: City officials believe that personal data, including online payment information, was not compromised in the breach. However, residents should monitor their accounts for suspicious activity.

U.S. Customs and Border Protection Breach: Local governments are a top target for hackers, and ransomware is becoming a commonly deployed method for extorting valuable city resources away from citizens. Therefore, every local government needs a comprehensive ransomware response plan before an incident occurs. Ransomware attacks are often initiated by phishing scams, signaling the importance of cybersecurity awareness and training at the front line.

Auburn Food Bank: Ransomware attacks are frequently initiated through phishing emails, but this incident occurred at 2:00 A.M. when no employees were in the office. Keeping in mind that such threats can arrive at any time and any place, organizations must prepare a response plan proactively and continuously evaluate their cybersecurity posture.

Evite: When organizations are compromised in a data breach, their response becomes a critical metric in restoring their users’ trust. In this case, the company was slow to respond to the breach, delaying their messaging by several months. When exposed information makes its way to the Dark Web, timing is of the essence, and understanding what happens to the information accessed in the data breach can provide employees or customers with confidence in the integrity of their personal information or credentials. Partnering with Managed I.T. Service Provider can provide the insight necessary to achieve this.

What Should You Do?

Because cybercriminals typically post breached data on the Dark Web, it’s a good idea to sign up for Dark Web Monitoring. There’s only so much you can do on your own, but HitsTech can help. Our global, cyber-surveillance monitoring solution puts strategies in place to combat any type of threat.

To do this, we use Dark Web ID, a commercial solution designed to detect compromised credentials that surface on the Dark Web in real-time, offering your business a comprehensive level of data theft protection. It’s an enterprise-level service tailored to businesses like yours.

This Dark Web Monitoring solution keeps tabs on the shadiest corners of the online world 24 hours a day, 7 days a week, no exceptions.

We’ll be happy to show you how Dark Web Monitoring works so you can protect your business.

We also strive to share important and relevant news and information with area professionals. Take a look at some of our recent articles, and you’ll see what we mean. We know you’ll find something of interest to read through. Here are a few examples to get started:

The #1 Security Threat to Local Small Businesses

Important Warning From The FBI

What Are The Latest Phishing Scams?

Need More Information?

HitsTech is focused on bringing the right information technology solutions to organizations throughout North Carolina.
We welcome you the read some of our latest blog posts and technology articles.