United States – DailyQuiz

https://therecord.media/8-3-million-plaintext-passwords-exposed-in-dailyquiz-data-breach/

Exploit: Hacking

DailyQuiz: Entertainment App

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.655= Severe

The personal details of 13 million DailyQuiz users have been leaked online after a hacker breached the app developer’s database. Millions of user passwords were stored in that database unsafely in a plain text format and were subsequently stolen. Researchers recently discovered that the DailyQuiz database was up for sale in dark web data markets.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.711= Moderate

Users should be aware that their passwords have been compromised and change any accounts that share that password as well as updating their DailyQuiz accounts.

Customers Impacted: 13 million

How It Could Affect Your Business: Weak password storage is symptomatic of low cybersecurity safety standards and shows clients that you don’t take their data privacy seriously.

 

 

United States – Rehoboth McKinley Christian Health Care Services (RMCHCS)

https://portswigger.net/daily-swig/us-healthcare-non-profit-reports-data-breach-impacting-200-000-patients-employees

Exploit: Hacking

Rehoboth McKinley Christian Health Care Services (RMCHCS): Health Non-Profit

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.833= Severe

Rehoboth McKinley Christian Health Care Services (RMCHCS) has reported a data breach reported caused by improper access to data impacting around 200,000 patients and employees. RMCHCS operates a 60-bed acute care hospital and four clinics providing emergency care, cancer care, and hospice and pediatric services in Arizona and New Mexico. The company did not say how the data was improperly accessed.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.833= Severe

RMCHCS states that the breached material includes names, dates of birth, postal addresses, telephone numbers, and email addresses, as well as Social Security, driver’s license, passport and (for Native Americans) tribal ID numbers. Healthcare-specific details of patient care were also involved, but it’s not consistent across accounts. Healthcare data potentially impacted may include medical record numbers, dates of service and healthcare provider names; prescription, treatment, and diagnosis information; and billing and claims information, including financial account information.

Customers Impacted: 200,000

How it Could Affect Your Business: Data theft is always a problem, but theft of medical data is a disaster for healthcare orgs that will have to pay major fines for security failures.

 

 

United States – Bose

https://www.hackread.com/logistics-giant-leaks-data-lolz-when-alerted/

Exploit: Ransomware

Bose: Audio Equipment Maker

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.812= Moderate

Audio manufacturing titan Bose disclosed a data breach following a ransomware attack that hit the company’s systems in early March. In a regulatory filing, the company explained that a small amount of employee data had been potentially exposed as had several unnamed spreadsheets. No customer or other proprietary data was reported as compromised but the investigation is still ongoing.

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.812= Moderate

According to the company, a very small amount of employee personally identifying data and payroll data was compromised. Current and former employees should be alert to spear phishing and identity theft.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is evolving, meaning every incident stands a chance of containing an even harder to stop new variant that could do lasting damage.

 

 

United States – JBS SA

https://www.cnn.com/2021/06/01/tech/jbs-usa-cyberattack-meat-producer/index.html

Exploit: Ransomware

JBS SA: Meat Processor

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.221 = Extreme

International meat supplier JBS SA has been hit by a ransomware attack. The world’s largest meat producer, Brazil-based JBS has operations in 15 countries and serves customers worldwide including the US, Australia and Canada. The company is in contact with federal officials and has brought in a “top firm” to investigate and remediate the incident which is potentially tied to nation-state cybercrime. JBS stated that the attack only impacts some supplier transactions and no data was stolen.

Individual Impact: No sensitive personal or financial information was reported as compromised in this incident and the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is the preferred weapon of cybercriminals, especially of the nation-state variety, for its potential for business disruption without even stealing data.

 

 

Canada – Canada Post

https://globalnews.ca/news/7894760/canada-post-data-breach/

Exploit: Third Party Data Breach

Canada Post: Postal Service

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.882 = Severe

A supplier’s malware attack is responsible for a nasty data breach at Canada Post affecting 44 of the company’s large business clients and their 950,000 receiving customers. The exposure comes from Commport Communications, an electronic data interchange (EDI) solution supplier that manages shipping data for business customers, informed Canada Post that address data associated with some of their customers had been compromised in May 2021. Canada Post has announced that only shipping information pertaining to less than 50 corporate customers was involved.

Individual Impact: No sensitive personal or financial information has been declared compromised in this incident and the investigation is ongoing.

Customers Impacted: 44 companies and an estimated 950,000 individual addresses

How it Could Affect Your Business: Third-party and supply chain data breaches like this one are becoming all too common as clever cybercriminals go for data-rich targets – and the problem will only get worse thanks to booming dark web data markets.

 

 

Australia – TPG Telecom

https://www.zdnet.com/article/a-pair-of-tpg-trustedcloud-customers-were-breached/

Exploit: Hacking

TPG Telecom: Communications Technology

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.115 = Extreme

TPG Telecom has announced that it had the data of two unnamed large customers improperly accessed on its legacy TrustedCloud hosting service. It added it did not believe any other customers were impacted by the breach. The service was part of a 2011 acquisition by the telecom and is set to be decommissioned in August 2021. An investigation is underway and authorities have been informed.

Individual Impact: At this time, no sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business: Attacks on older systems are often easy money for cybercriminals looking for data to sell with a low overhead and fast turnaround time.

 

 

Japan – Net Marketing Co.

https://www.japantimes.co.jp/news/2021/05/22/business/tech/omiai-dating-app-hack-japan/

Exploit: Hacking

Net Marketing Co.: App Creator

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.922 = Severe

Japanese app company Net Marketing Co. said Friday that the personal data of 1.71 million users of one of its apps has been compromised in a hacking incident. The company is the operator of the popular dating app Omiai. Net Marketing said that Omiai customer information provided to the company between January 2018 and last month has been accessed on more than one occasion by unauthorized parties and PII on users may have been stolen.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.942 = Severe

The company notes that assorted user data, including names, identity cards, addresses, email addresses and face photos, was likely leaked due to unauthorized access to its server. Customers that use the Omiai app should be cautious for spear phishing and identity theft risk.

Customers Impacted: Unknown

How it Could Affect Your Business: Personal data like this is a hot commodity in booming dark web data markets. Failing to protect it adequately makes it catnip for cybercriminals.