All posts by Cole Lunz

Agari Turns the Table on ‘London Blue’ Hacking Campaign

Alerts, Data Breaches, Data Security Tips, InfoSec, Phishing, Security, ,

A hacker group known as “London Blue” has compiled a list of 35,000 chief financial officers, including some at the world’s biggest banks and mortgage companies, with the intent to target them with bogus requests to transfer money.

CFO-Targeting Phishing Campaign

The “London Blue” hackers are the latest group to specialize in “business email compromise” (BEC) campaigns, according to the cyber threat detection company Agari, which found a list of 50,000 targets, mostly accounting department employees.

This past July the FBI warned that this type of scam, where a chief financial officer is rushed into transferring money to an unknown account, is on the rise and had cost companies more than $12 billion since 2013; with the total number of victims reaching over 78,000. Continue reading Agari Turns the Table on ‘London Blue’ Hacking Campaign

OCR Announces Six-Figure HIPAA Settlement

Data Breaches, Enforcement Actions, HIPAA, OCR, ,

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a $125,000 settlement with Allergy Associates of Hartford, P.C., a three-physician allergy practice in Connecticut, for HIPAA Privacy Rule violations.

Alleged HIPAA Violation

According to OCR’s press release and corrective action plan, a patient of Allergy Associates contacted a reporter about a dispute between the patient and a doctor regarding the patient’s service animal. The reporter contacted the doctor for comment and the doctor was alleged to have impermissibly disclosed the patient’s protected health information to the reporter.

While the allergy practice had HIPAA policies and procedures in place, the physician did not adhere to the policies.  Further, once OCR uncovered the issue, it also found that the practice failed to sanction the physician involved in accordance with its policies. Continue reading OCR Announces Six-Figure HIPAA Settlement

Ransomware: A Crippling and Ever-Present Threat

Alerts, Data Breaches, Data Security Tips, Did You Know, Ransomware, Surveys, Studies and Reports, ,

Ransomware continues to cast a long shadow, dominating the cyberthreat landscape for small and medium-sized businesses (SMBs), according to a recent report from Datto.

Ransomware was the most common cyberattack experienced by SMBs in 2018, with companies facing these attacks more than viruses or spyware.

Datto’s Report

The report surveyed 2,400 managed service providers (MSPs) that provide IT support for roughly half a million SMBs worldwide. It found that ransomware attacks occur frequently and are, unsurprisingly, expected to increase.

More than 55% of those surveyed said their clients experienced a ransomware attack in the first six months of 2018, and 35% said their clients were attacked multiple times – often in the same day. 92% of MSPs said they predict the number of attacks will continue at current or increased rates. Continue reading Ransomware: A Crippling and Ever-Present Threat

Data in the Clouds: Cloud Storage Offers Businesses Flexibility & Convenience

Best Practices, Data Security Tips, Guidance & Best Practices, Internet of Things, Uncategorized, ,

Is on-premise storage a thing of the past? Is all storage inevitably moving to the cloud? If you’re in IT, you are no doubt keeping a close eye on the shift taking place in data storage infrastructure.

Organizations are increasingly adopting cloud storage options because they need more capacity, flexibility and a better way to manage storage costs. Additionally, many industries are taking advantage of remote-work options, giving their employees the ability to complete their tasks from home or while on the go.

It’s not surprising then that many businesses are supplementing their current storage with cloud data storage. Continue reading Data in the Clouds: Cloud Storage Offers Businesses Flexibility & Convenience

Survey Shows Data Breaches Lead to Poor Customer Retention

Data Breaches, Data Security Tips, Did You Know, Guidance & Best Practices, InfoSec, Surveys, Studies and Reports, Uncategorized, , , ,

Data breaches are a common occurrence, with organizations large and small falling victim to online attackers. The impact of a data breach is not just the economic loss of data; a breach also leads to the loss of customer loyalty as well.

Ping Identity recently released the results of its 2018 Consumer Survey: Attitudes and Behavior in a Post-Breach Era, unveiling consumer sentiments and behaviors toward security and brands impacted by data breaches.

Survey Results

The collected data highlights the importance of protecting customer data, with the survey finding that 78 percent of respondents would stop engaging with a brand online after a data breach. Continue reading Survey Shows Data Breaches Lead to Poor Customer Retention

New Data Breach Reporting Requirements in Canada

Alerts, Data Breaches, Data Security Tips, Enforcement Actions, New Laws, , , ,

The Office of the Privacy Commissioner of Canada (OPC) recently released official guidance for reporting data breaches pursuant to Canada’s new data breach reporting law. A change in Canada’s law, effective November 1st, requires companies subject to Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) to report data breaches in certain instances and keep records of all breaches. The guidance relates to how to determine what breaches must be reported to the OPC, and what kind of notice you need to give individuals. The guidance also relates to the obligation to keep records of breaches and what information needs to be included.

Qualifying a Reportable Breach

A “breach of security safeguards” refers to the loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of a company’s security safeguards or a failure to establish security safeguards. Continue reading New Data Breach Reporting Requirements in Canada

Cathay Pacific Airline Breach Affects 9.4 Million Customers

Alerts, Data Breaches, Data Security Tips, ,

Hong Kong-based Cathay Pacific airline recently announced that its computer systems were compromised. The data breach was detected in March and compromised the personal data of roughly 9.4 million passengers. The exact attack vector is unknown.

Airline’s Response

Cathay, who is currently investigating the incident, confirmed information such as phone numbers, dates of birth, passport numbers, and frequent flier numbers were exposed. Additionally, the airline added that 27 credit card numbers had also been acquired in the breach.

“We are very sorry for any concern this data security event may cause our passengers. We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures,” said the airline’s chief executive, Rupert Hogg. Continue reading Cathay Pacific Airline Breach Affects 9.4 Million Customers

Dissecting 2018’s Mid-Year Data Breach Statistics

Alerts, Data Breaches, Data Security Tips, Did You Know, GDPR, InfoSec, , , ,

After the first six months of 2018, 4.5 billion data records have already been compromised according to a recent report. Data breaches have affected businesses large and small, from Adidas (two million records compromised) to Facebook (up to two billion accounts affected) to municipal airports and accounting firms, and 2018 has already seen more than its fair share of massive global data breaches.

The Gemalto Report

Digital security specialist Gemalto revealed in a new report that 945 data breaches led to a staggering 4.5 billion data records being compromised worldwide in the first half of 2018.

Although the total number of breaches were down from the same period the year before, the number of records compromised were up over 130 percent as the severity of individual incidents increased. Continue reading Dissecting 2018’s Mid-Year Data Breach Statistics

California Becomes First State to Pass IoT Security Law

Alerts, California, Data Breaches, Enforcement Actions, Internet of Things, New Laws, , ,

California continues to pass tighter laws in the cybersecurity world.

California Governor Jerry Brown recently signed into law bill No. 327 which requires connected device manufacturers to include “reasonable” security features for those devices sold in California. With passage of this new law, California becomes the first state in the nation to adopt such legislation.

What the Law Requires

Beginning on January 1, 2020, the law will require a manufacturer of a connected device to equip the device with reasonable security features that are “appropriate to the nature and function of the device” and appropriate to the type of information collected by the device. It also mandates that any maker of an Internet-connected, or “smart” device ensures the device has “reasonable” security features that “protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.” Continue reading California Becomes First State to Pass IoT Security Law

Uber Settles Data Breach Investigation for $148 Million

Data Breaches, Data Security Tips, Did You Know, Guidance & Best Practices, Uncategorized, , ,

On September 26th, Uber agreed to pay a record $148 million to settle allegations that the company intentionally concealed a major data breach in 2016.

The settlement ends a multistate investigation that found the ride-hailing company paid hackers $100,000 to conceal the breach, which exposed the names, email addresses, and cellphone numbers of 57 million users.

Uber failed to notify the 57 million individuals of the data breach and only provided public notice of the breach a year after it happened in late 2016.

Uber’s Response

Uber said in a November 2017 statement from CEO Dara Khosrowshahi that the breach was carried out by two hackers outside the company. The hackers accessed user data on a third-party, cloud-based service the company uses to store information. The hackers, however, were not able to download users’ Social Security numbers, bank account information, credit card numbers, dates of birth, and trip history, according to the company. Continue reading Uber Settles Data Breach Investigation for $148 Million