Another week, another list of data breaches to read and learn from.
This week Betanews ran a story citing Verizon’s yearly Data Breach Investigations Report of 2019 that discovered over a third, 34%, of data breaches were the result of “insider threat actors.”
These insider threats could simply be unhappy employees, or more sinisterly could be employees selling data to make money. Or even, who have secretly joined a company to steal information or be destructive.
Though the 34% figure seems high and its worth seeing if the trend continues into this year’s report the threat is a real one. Data breaches do occur because of internal human threats. Company’s can help to protect themselves against insider threats, however, by conducting more thorough background checks and, a popular solution today, implementing “zero trust,” policies. This means that no one person or device is intrinsically trusted by a company to handle data and that passwords and identity verification must be constantly checked.
Let’s look at this past week’s data breaches hitting the news and their causes where we have them.
– Watch our free taster sketch “Phishing Emails in Real life” from our hilarious Sketches security awareness training series
P&N Bank, Australia
Australia’s P&N Bank has informed its customers of a data breach where personally identifiable information (PII) and sensitive account information was exposed. ZDNet reporting indicates the bank warned customers of an “information breach” which has occurred via its customer relationship management (CRM) platform. It says the information “appears to have been accessed as a result of online criminal activity.”
The entry point for the attack is believed to be a hosting company and the issue occurred whilst the bank was performing a server upgrade.
As well as the personal and sensitive information, and financial information, account balances and “records of interactions,” have been exposed. P&N Bank says, “upon becoming aware of the attack, we immediately shut down the source of the vulnerability.” It is also working with its regional police force and federal authorities to investigate the attack.
Columbus Metropolitan Library, Ohio, USA
A breach has been discovered affecting nearly one hundred library employees in Columbus Ohio. It’s a particularly severe breach as it appears that cybercriminals gained access to personal information and then successfully managed to use it to open bank accounts.
The breach was revealed after one worker discovered a fake bank account in their name. The discovery led to more revelations from employees and the fraud is now being investigated. The library is looking into the cause of the breach with spokesperson Greg Dodd saying:
“We do take the safety and security of all of our staff very seriously. So we immediately filed a police report.”
The cybercrime appears to be sophisticated rather than opportunistic with the criminals depositing money gained from payday loans then withdrawing it via debit cards. The library is putting a plan of action in place for affected employees which includes fraud protection. The library has stressed that customers have not been affected.
SouthEast Eye Specialists Group, Tennessee, 13,000 patient records
In yet another healthcare industry breach SouthEast Eye Specialists Group has this week notified 13,000 patients that their health information may have been exposed in a breach that occurred last year. Officials, as per reports by Beckers Hospital Review, discovered an employee’s email had been accessed by an unauthorized third party. The group secured the account and brought in computer forensic experts to investigate the breach.
Social Security numbers and treatment information may have been exposed but as yet there is no indication that patient information has been misused or even viewed. A news release says:
“While there is no indication that an unauthorized party accessed or viewed patient information or evidence of patient information being misused, SEES Group remains committed to protecting patients’ information and has taken steps to prevent a similar event from occurring in the future, including reviewing and revising its information security policies and procedures.”
LimeLeads, 49 million records
Just breaking is the news that 49 million user records from B2B contact data finding platform LimeLeads is available for sale on an underground hacking forum. The data includes names, email addresses and company details.
Reporting so far points to a failure to setup a password for an internal server leaving anyone on the internet able to access the data. Bitglass CTO Anurag Kahol, commented on the issue for Digital Journal, saying:
“Week after week, we witness companies leaving sensitive data vulnerable in the cloud due to simple mistakes and misconfigurations. In this particular case, a failure to password protect an internal server led to over 49 million user records being made available for sale on the dark web – exposed data included full names, emails, phone numbers, and other personally identifiable information.”
Kahol adds that those affected are now “vulnerable to fraud and phishing attacks for the foreseeable future,” adding that:
“Unfortunately, cybercriminals can leverage tools that detect abusable misconfigurations within IT assets like Elasticsearch databases, making it easier and easier to find and exploit vulnerabilities.”
A glance through our previous data breach summaries will show this is not the first breach related to an Elasticsearch database.
Interested in learning more about how security awareness training can help your organisation? Sign up for a free demo of the world’s most interactive security awareness training.
Subscribe to the Proofpoint Blog