Weekly Cybersecurity Recap November 25

Anyone paying even little attention to cybersecurity knows that medical practices and services are some of the most targeted institutions in the world.

This week, our lineup is pretty hard-hitting. Some of the biggest names in, well, everything, have been hacked, with a combined victim total of well into the millions.

MailChimp has been hacked repeatedly over the years; there is very little surprise in the breach, though one thing should be considered.

A car manufacturer may not be the first thing that comes to mind when someone says there's been a data breach, though it is a highly sought-after target.

It seems like we're reporting on a new breach involving medical practices every week. From the smallest insurance company in the world to the biggest hospitals in the U.S., medical institutions will always be a primary target.

At this point, many T-Mobile users are appalled. When talking about a hack on the company that has access to your most personal pictures, accounts, and conversations, people don't want to be able to say "again" casually.

Ransomware is one of the most devastating cyber threats of the modern age. Predators use ransomware as an extreme attack vector with the same goal as centuries-old blackmailing outlaws; extort money.

Ransomware is an evolving malware code that has kept online predators swimming in money for decades. Due to the massive amounts of money being scammed each year from individuals and businesses, many predators are flocking to get in on the ransomware payouts. 

2023 has definitely gone off with a bang. In the last few weeks, two of the biggest names in online business were hacked, as well as an insulin provider, respiratory therapist, and yet another of California's departments.

Credential stuffing occurs when one hack, usually a surprisingly small one, offers a hacker the ability to steal someone's login credentials for one site, profile, or account and attempts to use it to gain access to other accounts in the same person's name.

Every company that has to do with medical information or practices, from insurance to pharmaceuticals, will never stop being a target for hackers.

Near the end of 2022, we saw a rapid and alarming rise in costly mistakes, mostly emails sent to unauthorized parties. Not only can this ruin employees' lives and careers, but thousands (if not millions) of people have been affected by this trend.

Medical institutions have been facing a heightened risk of data breaches. We've seen constant reporting of hospitals, insurance companies, and therapy offices being hacked, and there is little we can do to stop it.

Credential stuffing attacks are more common than one might think. This type of attack occurs when a hacker or other form of criminal finds personal credentials, usually log-in and account information, and uses that information to attempt to access your other accounts.

We gather a few numbers and information throughout our lifetimes that must be protected at all costs. A social security number is the first and most crucial piece of information we use in every area of our lives.

We can all remember opening that first computer on Christmas day. Then we turned it on, and wave after wave of nonsensical advertisements competed for space on the monitor.

As the new year kicks off, hackers seem to have made their resolutions to "make this year even bigger than years past. " We've already seen schools and hospitals thrown off their axes.

Every single one of us has wanted to open that email that says we won a trip to the Bahamas, but we know it's a scam. Some wear better disguises, like an important email from your place of work, but we still get the vacation emails because they work.

Ransomware groups are rising to prominence in more recent years than ever before. Two hundred years ago, this equivalent would have been kidnapping a member of high society and demanding a ransom.

Experian is one of the largest credit bureaus in the world. It serves over a billion people, about 235 million of whom are Americans.

LockBit ransomware gang was, as of September 2022, the most prolific ransomware group in the world. It has hundreds of confirmed attacks around the globe, and if they truthfully claimed this attack, it can only spell trouble for the California government and residents. 

No other number carries importance for Americans the same as their Social Security number (SSN). You need an SSN to get the many benefits Americans are entitled to.

Throughout history, manipulation of human behavior has been used by some of the vilest people imaginable. It has also been used in some everyday applications.

Vice Society is a Russian ransomware group that targets public and private education systems. The group was responsible for the Los Angeles Unified School District (LAUSD) hack, which affected more than 300,000 teachers and students from LA. They were also behind various hacks and breaches that left multiple colleges and universities crippled through 2021 and 2022.

First things first: Happy New Year from our team at IDStrong!   As far as hacks go, this year hasn't started at the best pace, but we like to remain on the bright side.

We've seen a lot of hacks over the years, but a fast-food chain is not one that you immediately think of. A hacker is more likely to attack a credit bureau, hospital, or school system in search of the information they want, but if you think about it, Five Guys isn't that bad of a target.

Over the years, Twitter has become a thriving online metropolis of sorts. Over 450 million people use the worldwide platform, making it the 16th largest social media platform.

People familiar with data security are aware of the problems associated with hospital security. It doesn't matter how extensive the hospital's systems are, how hard it is to hack, or how many precautions are in place.

There are a lot of places you would never think of as being a target for hackers. However, when these places, companies, or platforms are hacked, we're never really surprised.

Cyberstalking has taken on a life of its own with the internet, email, and other similar forms of communication. Predators no longer need to map out a target's routine; they simply attach an electronic tracking device and maliciously harass another person. 

Gift cards are a great way to give others presents if they have run out of time or just do not know what gift to buy. Gift cards can be purchased everywhere, from grocery stores to the merchants who issue them.

Creditors have several ways to collect bad debts from people who do not pay their bills. One of the last and most harsh options is wage and bank account garnishment.

Anyone that knows anything about cybersecurity – even the most basic knowledge – knows that most cybercrimes motives are money (a ransomware attack), fame (teapotuberhacker, the teenage boy responsible for the Grand Theft Auto VI and Uber breaches in mid-2022), and political statements (Anonymous).

We've talked the last few weeks about the holiday crime rate and how it rises above most of the rest of the year. We've talked about how hospitals and schools are prime targets for hackers because of the plethora of information they contain.

Steel River System is a debt collector based out of Pennsylvania. We can't help but laugh at the situation; a real-life debt collector – no scams included with your phone call – was a target for a hacker.

We're about two-thirds of the way through our holiday hack spree, and it doesn't seem to be slowing down. Another financial company has been added to the ever-growing list, making it difficult for anyone with an online or cyber presence to trust anything or anyone online.

We often talk about how hospitals, schools, banks, and credit bureaus are some of the most prominent targets for hackers. However, we also talk about how sometimes, the most obvious place to be hacked takes eons to get hacked.

During this day and age, all hospitals are fair game. What we wouldn't think about are things like an ambulance provider. However, it does make sense.

People familiar with cybersecurity are aware of the rise in hospital hacks and breaches over the last few years. Those that try to make themselves aware of many data incidents will be astonished by the sheer number of hospitals and schools on those lists.

Now that we're reaching the end of 2022, the holidays have hit, and so has the winter hack spike. This so-called spike has yet to actually be researched, but it is a common theory that there is a massive swell in both real life and cybercrime around the winter holidays.

Anyone that's been keeping up with cybersecurity posts inside of 2022 knows that hospitals are one of the number one targets for hackers worldwide.

We're sure we all remember the Los Angeles Unified School District hack. It was all over news stations for weeks as the teachers, students, and parents dealt with the largest education data breach in history.

Data breaches are a fickle thing; they can affect millions of individuals, or they can affect barely anyone. They can be ransomware attacks, phishing scams, credential stuffing, firewall cracking, etc.

Emory Healthcare, a part of Emory University, is Georgia's most significant hospital system. Unfortunately for its patients and employees, it has found itself on the ever-growing list of hospitals victimized by data breaches.

Suncoast Skin Solutions has suddenly found itself on a rapidly growing list: companies hit by ransomware attacks. It's a surprisingly easy list to make it onto.

The first reverse mortgage was created in 1961 by Nelson Haynes of Deering Savings and Loan in Portland, Maine. The mortgage was created to help an elderly wife stay in the home after her husband passed away suddenly.

Credit profiles are a significant part of everyday life for business and personal. The long, fascinating, and twisted history of financial scores, claims to encapsulate a person's attitude toward credit and debt.

Long gone are the days of a tall, dark, and mysterious gentleman and his colleagues in ski masks breaking into an office building and digging through files.

Insurance companies are often highly sought after; at least, they are in the criminal world. They hold an extensive amount of information, and when information has fallen into the wrong hands, it could lead to a wide array of problems, most notably identity theft.

If you're one of our avid readers, you may remember how over 2022's black Friday season, many financial companies were targeted by hackers.

As we've stated in past posts, financing companies are incredibly high on the target list for hackers. Financial companies have access to tons of PII (personally identifying information), making them perfect for hackers.

Power companies are an underrated target for hackers worldwide. To sign up for power services, you need to offer the company your name, social security number (SSN), address, and other forms of ID, among other things.

Unethical, or black hat, hackers have very little qualms against who they'll hack. Often, they'll go with either the easiest target or the most rewarding one, as most criminals do.

Packages and letters sent to others through commercial postal services such as the United States Postal Service can now be tracked using an 8 to 40-digit code.

It's no secret that having bad credit can make it harder to get approved for a credit card. But what if you need a credit card to help improve your credit score?

The holidays are closing in: we repeat, the holidays are closing in! This is not a drill! While the holidays mean too much cooking, wrapping, and estranged-family exposure, that's not the only thing you should worry about.

Not all companies have the budget to hire an entire HR or financial department, let alone both. Most people have gotten ads for HR services; those on free Spotify have probably heard the Bambee ad about a hundred times.

Here's a fun fact; financial information is a high-selling item on the dark web. Most people think it's something like addresses or social security numbers, but surprisingly, it's not.

Over the last few years, health systems have seen a considerable rise in cybersecurity incidents. According to CyberCrime Magazine, the healthcare industry will likely spend up to $125 billion on cybersecurity between 2020 and 2025.

Throughout 2022, we've seen a massive uptick in insurance providers, schools, and hospitals becoming victims of data breaches.

Stanley Street Treatment and Resources, or SSTAR, is a healthcare and rehab provider with locations in Massachusetts and Rhode Island.

Progressive organizations and tech-savvy individuals must proactively develop fundamental rules protecting their digital infrastructure.

Identity theft and fraud have a long history of deception while destroying people's lives. The term Identity theft was first coined in 1964.

Global password manager LastPass suffered from a data breach in August 2022, that was said to not involve anything more than source code.

Breaches during this week were all over the place, and they are showing no signs of slowing down. Many breaches this year tend to be "take the data now, and figure out what to do with it later", in terms of approach.

Investment broker, dealer, and advisor Ingalls & Snyder, LLC, comes from New York City, NY. They employ just under 100 people and generate approximately $17M annually while managing about $8B in financial assets.

Columbia Grain International, LLC, is based out of Portland, OR. They employ nearly 200 people but also work with over 8,000 farmers around the world.

Healthcare Management Solutions, known as a healthcare-related consulting company from West Virgini, has over 100 employees and brings in nearly $20M annually.

A credit score is an invisible number, yet it often feels like it controls our lives. It determines what we can buy and how much we'll have to pay.

Businesses can make every effort to beef up corporate network security, but those improvements mean very little if criminals choose to break into an already connected device.

Michigan-based manufacturing company Wright & Filippis dates back to 1944. It employs nearly 300 people and brings in over $30M in revenue.

While we took this week to reflect on what we're thankful for, devious individuals were not taking a break. There were still several data breaches, plus settlements from some corporate giants that took place.

Gateway Rehab is a rehabilitation center focused on helping those who struggle with addiction recover. It operates 10 different out- and in-patient rehab facilities throughout Pennsylvania.

Mortgage bank HomeTrust Mortgage is based out of Houston, TX, but has 13 separate locations in several other states – Colorado, New Mexico, Florida, Oklahoma, Alabama, Georgia, and Tennessee.

Forefront Dermatology has offices throughout the United States but is based out of Wisconsin. In May 2021, it suffered an enormous data breach impacting nearly 2.

The US Government uses many companies as outside contractors to help fulfill its wide variety of needs. One of those contractors is Booz Allen Hamilton, who had contractors match up with military, intelligence, and government needs due to their high-level clearances.

Google is known as one of the top tech giants that nearly everyone knows. However, over the years, the company's breadth has led it to believe that it did not have to always follow the same rules as other companies.

The My Life Foundation is a foundation dedicated to bettering the lives of individuals with intellectual disabilities. It works to help them get jobs and better their quality of living.

Last week we talked about the calm before the storm; the massive influx of hacks and breaches that come hand in hand with the holidays hadn't yet started, and all we could report on were lawsuits (of which there were many).

It's a misconception that we only need to be on guard for ill-intentioned strangers when it comes to scams. An attack can bloom inside any social circle, no matter how tightly knit that group may be.

We've all heard the saying, "the best things in life are free. " But are they? The recipient of a free car still has to pay the tax on it.

Las Vegas, Nevada-based insurance provider Three Rivers Provider Network offers insurance across the US. Unfortunately, on October 31, 2022, it announced a data breach that affected an unknown number of individuals. 

CWGS Group, the holding company that owns Camping World and Good Sam Club, announced a data breach on November 7, 2022. The breach has limited information available, which strikes many as odd; the investigation had been going on for months before CWGS sent the notifications.

United Veterinary Clinic (UVC) has more than 100 locations in 23 states. The clinic employs over 4,000 veterinarians, vet techs, customer service representatives, and other necessary employees.

TransUnion is one of the three largest credit bureaus in the world. It serves over one billion people yearly, 200 million of these American customers.

Doral, Florida-based cruise line Carnival Cruise faces the consequences of four data breaches in three years. The NYDFS is suing for five million dollars, even after a previous settlement of $1.

Alright, everyone, it's official; we've found the eye of the hurricane. Just before the holidays begin, we find ourselves in that lull, just before the massive hacks start to spike around Black Friday. 

Ohio vision company EyeMed is facing the consequences of breaches in 2020. The State Attorney General of New York, Attorney General Letitia James, reached a settlement with the company over two years after the attack.

Milwaukee hospital, Aurora St. Luke's Medical Center, has suffered a massive data breach that involves 16,906 individuals. Contrary to initial speculation, the violation has nothing to do with the ransomware attack that hit its parent company, Aurora Advocate Health, in October 2022.

In 2018, Chegg became the victim of a massive hack that affected 40 million individuals. These were a combination of employees, outsider contracts, and students.

Meta Pixel is a targeted ad platform that has been growing in popularity in recent years. In mid-September 2022, we reported a breach to multiple hospitals across the US, many of which were the biggest names in medicine.

For most people, the internet is a poorly guarded vault holding all their personal data. Cybercriminals are constantly creating new ways to bypass security and steal that information.

It's no secret that banks operate on risk versus reward policies. Money lenders impose corresponding penalties on the loan conditions if an individual or group is likely to default on it.

Over the last few years, GitHub breaches have become more common. Everything from international car companies to file storing databases like Dropbox are affected.

Over 30,000 businesses get hacked each day. In 2021 alone, there were 22 billion records breached. Think about that for a second; 7.

Drizly delivers wine, beer, spirits, and other liquors to adults over the drinking age. This helps to keep intoxicated drivers off the streets, making roads safer.

Bed Bath and Beyond operates in Puerto Rico, Mexico, Canada, and the US. It may be known for its assortment of perfumes and bath bombs, but the company sells everything from coffee makers to faux rabbit fur bedspreads.

US Bancorp is incorporated in Delaware but headquartered in Minneapolis, Minnesota. It is one of the largest banking institutions in the US and is the parent company of the US Bank National Association.

Twilio is a company that provides communication technology. Twilio's tech is programable to increase the efficiency and usability of specific communication methods and can even customize it for an individual or company.

No longer can you head to your local coffee shop on a Saturday morning and safely browse the internet. Evil Twin attacks mimic a legitimate network and trick the user into logging in by posing as a legitimate internet source.

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

The dark web, also known as "darknet" is a portion of the internet that lies outside the boundaries of traditional search engines.

Your Wi-Fi network is another handy access point that hackers use to infiltrate your computers, steal your identity, and grab your personal details.

Six databases that were owned by Friend Finder Networks, Inc. suffered a massive data breach in 2016, which cost 412 million users their accounts.

In this highly digital age, it is near impossible to erase all information online about yourself, but you can do a lot to remove online information and minimize your risk of identity theft or worse. 

The main difference between a credit freeze and credit lock is that while freezing your credit you restrict access to your credit report.