Weekly Cybersecurity Recap February 17
Table of Contents
- By Steven
- Feb 17, 2023
We've seen some pretty extreme breaches in the last week, but it is likely to worsen as the year progresses. As people, we must remember that human error is the most likely thing to happen. We must hold ourselves accountable and do our best to stay as safe as possible, even when we're not being victimized. Online safety is almost as important as real-life safety, especially considering how much personal information is online. Let's look at why we should stay extra safe based on the breaches that took place this week.
Namecheap
Namecheap is one of the world's biggest domain hosts and has millions of customers. The hack resulted from an unauthorized party accessing the company's email. After this, the hacker began sending out phishing emails impeccably disguised as part of the Namecheap website. A tip for avoiding scams like this is to use a password manager; if the site is actually a part of whatever company you're trying to log into, the password and username will auto-fill, and vice versa.
Pepsi Bottling Ventures
This hack only affected employees, though they are still at incredibly high risk (we would like to say that when we say only employees, we aren't saying they are any less important, but it does narrow down the people that panic about the breach). The company isn't nearly as large as others we've seen breached, but it is a good-sized company (as it was 2013's "beverage bottler of the year) and employs many people. The hacker accessed a lot of employee information, including names, social security details, financial information, and more.
The method of this hack was a phishing attack. It was described as "sophisticated and highly targeted," and affected an abundance of individuals. Though the hack initially included only a single employee's information, the hack later progressed. The hacker gained access to the company's email list and sent phishing scams to most people on the list, thus gaining access to an unknown number of individuals' Reddit login credentials.
The Center for Autism and Related Disorders
The CARD announced a data breach that resulted from a human error. A third-party company accidentally caused a glitch that resulted in invoices being sent to unauthorized individuals. The parents and guardians of the affected individuals were immediately notified about the breach, and everyone who received an incorrect invoice was urged to destroy the papers. No financial information, insurance details, phone numbers, or emails were involved, which is a relief, as it leaves the patients at lower risk and makes the breach less detrimental.
Jackson Lewis PC
Jackson Lewis PC is a law firm that recently filed a notice with the California Attorney General's Office. The breach was no hack; an individual broke into the law office and stole two hard drives, though the information contained in these hard drives was undisclosed in the filing. Anyone who had their information involved in the hack received an individual letter that detailed what information was impacted.