The Week in Breach News: 12/30/20 – 01/05/21

This Week in Breach News:

It may be a new year, but cybercriminals are up to the same old tricks around the world. Old-fashioned hacking nails Kawasaki, T-Mobile and Promutuel, don’t miss our 2021 cybersecurity pitfall predictions (and recommended mitigations), time is running out to register for the BullPhish ID relaunch event and kick your 2021 off with some positive mojo using our Lucky 7 Cybersecurity Planning Resources!

Dark Web ID’s Top Threats This Week

Top Source Hits: ID Theft Forum
Top Compromise Type: Domain
Top Industry: Education & Research
Top Employee Count: 501+

The Week in Breach News – United States 

United States – Whirlpool

Exploit: Ransomware

Whirlpool: Appliance Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.311 = Severe

The Nefilim ransomware gang struck at Whirlpool, stealing data but not impacting manufacturing operations. The gang claims that the files it published were obtained from Whirlpool during a ransomware attack in December 2020. The leaked data appeared to be proprietary and staff information including documents related to employee benefits, accommodation requests, medical information requests, background checks, and more.

Individual Risk: No personal or consumer information was reported as impacted in this incident at this time but the incident is still under investigation.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: While using ransomware to disrupt manufacturing or operations has been in vogue recently, it’s still a favored tool for cybercriminals to use in a classic data grab.

ID Agent to the Rescue: Don’t just hope that you’re not a target – get your business ready to fight back against ransomware threats with our eBook “Ransomware 101”. GET THE BOOK>>

United States – GetSchooled

Exploit: Unsecured Database

GetSchooled: Education Non-Profit 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.302 = Severe

An unsecured database at education charity operation GetSchooled left personally identifiable information exposed for more than 900K students, ranging from 10-year-olds to college students. GetSchooled is an arm of the Bill and Melinda Gates Foundation that encourages educational achievement for students in need through gamification, personalized support, and content development. The database was left open and exposed for approximately one month.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.271 = Severe

The exposed information includes personally identifiable information of students including children, teenagers and young adults. Some of the information left exposed in this incident was very detailed including full addresses, schools, phone numbers and emails, graduation details, ages, genders.

Customers Impacted: 930,000

How it Could Affect Your Customers’ Business Failing to secure a database is a rookie mistake, and especially embarrassing (and dangerous) for a charity that primarily serves minors.

ID Agent to the Rescue: Make sure everything that should be locked down is with secure identity and access management using Passly that seamlessly integrates with more than 1k apps. SCHEDULE A DEMO>>

United States – Door Controls USA

Exploit:  Ransomware

Door Controls USA: Door Parts Distributor 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.083 = Severe

Hackers have leaked more than 140 GB of confidential and proprietary information from Texas-based Door Controls USA after the company failed to pay a requested ransom. The information is sorted into two categories, with one containing assorted documents related to company financials and accounting information including credit card statements, while the other is dedicated to sensitive research and development data, blueprints, schematics, product plans, and manufacturing instructions for a variety of door parts.

Individual Impact: No personal data was reported as exposed in the incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Information like this can live forever on the Dark Web. Manufacturing data like blueprints spec sheets, research and development files, schema, product plans and similar specific product information is a hot seller in Dark Web markets

ID Agent to the Rescue: Dark Web ID helps protect businesses from Dark Web danger by watching for protected credentials to appear in Dark Web markets 24/7/365 and alerting your IT team if they appear. SEE DARK WEB ID IN ACTION>>

United States – T-Mobile

Exploit: Hacking

T-Mobile: Mobile Device Network Provider 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.383 = Severe

T-Mobile has found itself embroiled in a “malicious hacking incident” that has resulted in data exposure for an estimated 200,000 clients. The company said in a statement that Customer proprietary network information (CPNI) was accessed and may have included phone numbers, the number of lines on the account and call-related information.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.280 = Severe

T-Mobile maintains that only a small fraction of its clients were impacted in the incident, and the company has sent text messages to the affected account holders. T-Mobile customers should be cautious about potential phishing attempts through text or email using this data.

Customers Impacted: 200,000 estimated

How it Could Affect Your Customers’ Business: It’s not all ransomware these days – good old-fashioned hacking is still a risk that every business faces. When information like this makes its way to the Dark Web, it makes hackers’ jobs easier.

ID Agent to the Rescue: Are your company credentials just waiting to be found in Dark Web data markets? Find out before cybercriminals do with 24/7/365 Dark Web monitoring. SEE DARK WEB ID IN ACTION>>

United States – Aetna

Exploit: Malicious Insider

Aetna: Insurance Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.928 = Severe

Aetna is in hot water after a debacle that involved a contractor BEC and phishing in an explosive insider incident. On Sept. 28, Aetna was informed that an EyeMed email account was accessed by an unauthorized individual and that phishing emails were sent to addresses contained in the mailbox. The email account contained information about individuals who previously or currently receive vision-related services through EyeMed, including Aetna customers.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.122 = Severe

The information that may have been accessed included names, addresses, dates of birth and vision insurance accounts/identification numbers. In some cases, full or partial Social Security numbers, birth or marriage certificates, medical diagnoses and conditions, treatment information or financial information may have been accessed. Customers of Aetna that use EyeMed should be wary of potential spear phishing and identity theft. EyeMed is mailing letters to affected individuals and has established a dedicated call center to answer any questions and concerns. It is also offering free credit monitoring and identity protection services for two years.

Customers Impacted: 500,000 estimated

How it Could Affect Your Customers’ Business: Insider threats are one of the most overlooked high-damage cybersecurity threats. No one wants to believe that their employees are out to get them, but even non-malicious insiders can do massive damage fast.

ID Agent to the Rescue: Learn to spot and stop insider threats with our resource package including the ebook “Combating Insider Threats“! DOWNLOAD IT NOW>>

cybersecurity new year's resolutions

Want to Borrow Our Sales and Marketing Teams? OK!

Get expert sales and marketing help to power up your MSP in a flash with Powered Services Pro. LEARN MORE>>

The Week in Breach News – Canada

Canada – Promutuel Assurance

Exploit: Hacking

Promutuel Assurance: Insurance Company 

cybersecurity news gauge indicating extreme risk

Risk to Business: 2.771 = Extreme

A convoluted hacking incident has done so much damage at Promutuel Assurance that it is still impacting operations. The company has disclosed that this incident has widely affected its IT environment leading to a total shutdown of systems. Restoration, recovery and investigation efforts are underway, and some services have already been revived.

Individual Impact: No personal data was reported as exposed in the incident at this time, but that may change as the investigation progresses.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: It only takes one cyberattack to bring a business to a screeching halt. Make sure all of your cybersecurity bases are covered and don’t leave anything to chance.

ID Agent to the Rescue: Are your customers aware of the danger that their business faces from today’s threats? Are they ready to do something about mitigating it? If you need a little backup to help you seal the deal to upgrade their security solutions, we’re happy to lend a hand with Goal Assist. LEARN MORE>>

Our partners typically realize ROI in 30 days or less. See why nearly 4,000 MSPs in 30 countries choose to grow with ID AGENT solutions and support. BECOME A PARTNER>>

The Week in Breach News – United Kingdom & European Union

Belgium – General Medical Laboratory (AML) 

Exploit: Ransomware

General Medical Laboratory (AML): Medical Testing Laboratories 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.702 = Severe

Ransomware came calling at Antwerp’s AML, bringing testing operations to a halt at a very bad time. AML is the largest COVID-19 testing laboratory in Belgium, handling thousands of tests daily as well as other medical laboratory work. The company chose to pursue shutdown and restoration instead of paying the ransom.

Individual Impact: No individual or personal data has been reported as exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is no joke, and gangs can do massive damage to strategic targets in order to create maximum disruption to encourage payment. They’ve been especially disruptive throughout the pandemic to healthcare targets.

ID Agent to the Rescue: Improve phishing resistance training with BullPhish ID to improve any company’s defense against ransomware. SEE BULLPHISH ID AT WORK>>

Germany – Funke Media Group

Exploit: Ransomware

Funke Media Group: News Reporting Organization 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.827 = Severe

A devastating ransomware attack limited operations at one of Germany’s biggest news outfits. Funke Media Group publishes more than 100 newspapers, magazines, and news reports. The company was reduced to offering only limited editions of some publications and eliminate others completely for the publishing window as it begins investigation and restoration efforts.

Individual Impact: No individual or personal data has been reported as exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware can shut you down in no time. Don’t take chances, take precautions against the number 1 delivery system of ransomware: Phishing.

ID Agent to the Rescue: Phishing resistance training works, but only if you refresh it at least quarterly. Fortunately, BullPhish ID gives you plenty of options for fresh training material. LEARN MORE>>

a touch screen showing links between hacking, defense, people, security, and other concepts in blue to illustrate what is cyber resilience

Secure identity and access management is a top CISO priority for 2021. Let us show you why with Passly. WATCH NOW>>

The Week in Breach News – Asia-Pacific

India – IndiGo 

Exploit: Ransomware

 IndiGo: Airline

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.311 = Severe

Low-cost airline IndiGo has announced that it was hit by an unnamed ransomware gang in December 2020, and the gang was able to exfiltrate company data. No specifics have been given on exactly what data was taken, although the company maintains that only corporate information was accessed, not customer data.

Individual Impact: No individual or personal data has yet been reported as exposed, but that may change as events progress.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Even one click on one malicious phishing link can spell disaster for your company. Make sure every staffer is onboard to guard your business from phishing.

ID Agent to the Rescue: BullPhish ID makes it easy to explain the dangers of phishing to even the least tech savvy staffer with engaging video lessons and information delivered in bite-sized pieces. LEARN MORE>>

Japan – Kawasaki Heavy Industries Aerospace Co. 

Exploit: Hacking

Kawasaki Heavy Industries Aerospace Co.: Aerospace Technology Manufacturing 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

Kawasaki Heavy Industries Aerospace Co., the maker of defense systems, aircraft and space exploration components, uncovered a data breach that impacted its information storage. The company is investigating the incident but inclined to attribute the attack to sophisticated, nation-state hackers.

Individual Impact: No individual or personal data has been reported as exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Nation-state hacking is an increasingly pernicious problem for major defense players as hacking operations grow more precisely targeted.

ID Agent to the Rescue: Are you ready to help your clients secure their systems and data from nation-state threats? Learn more about nation-state hacking to get up to speed. READ MORE>>

facts about cybersecurity in 2020 on the Dark Web represented by a creepy figure in a hoodie on a green and black code background.

COVID-19 has changed everything – including the Dark Web. See how it has evolved and how that impacts security in our eBook. DOWNLOAD IT>>

The Week in Breach News Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

The Week in Breach: Added Intelligence

Go Inside the Ink to Get the Inside Scoop on Cybercrime

Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!

how to define insider threats represented by two men shaking hands, but one has the shadow of the a devil behind him.

Is Your Biggest Security Threat Already Inside Your Business? Learn to spot and stop insider threats with this kit>> DOWNLOAD IT

The Week in Breach: Resource Spotlight

Get on the Good Foot to Start Your 2021 With Our Lucky 7 Cybersecurity Planning Resources

Now that we’ve put the gloom and doom of 2020 behind us, it’s time to get ready for a great 2021. Just to give you an extra edge as you plan for this year, we’ve collected our seven most useful tools and tips to help you make a plan for sales success in 2021 – and we’ve sprinkled in a bit of extra good fortune to make sure to clear out any bad mojo that’s left from 2020.

Presenting our Lucky 7 Cybersecurity Resources

  1. Cybersecurity New Year’s Resolution Checklist – Make sure you’ve got your bases covered with this handy checklist! DOWNLOAD IT>>
  2. Power Up! Supercharge Your Sales & Marketing with Powered Services – This eBook is your ticket to amazing sales and marketing help! GET IT>>
  3. PLAN: The Rise of Technology – Get a glimpse into the future of cybersecurity to see what you and your clients might face next! LISTEN NOW>>
  4. Security Awareness Champion’s Guide – Know your enemy by studying this essential guide to cyberattacks and how to beat them. READ IT>>
  5. 3 Steps to Rev Up Your Sales Engine – Get yourself in gear to start 2021 with the pedal to the metal in the race to sales success. TUNE IN NOW>>
  6. 5 Proven, Practical Steps to Close New Security Business – Get the secret to spectacular security sales from a Master. LEARN IT >>
  7. Phishing & Security Awareness Training Reduces Your Largest Attack Surface –  Learn why training is a win for you and your clients. HEAR IT>>

Spaces Are Filling Up Fast, Reserve Your Virtual Seat Now for the Debut of the NEW BullPhish ID!

Join us on January 19, 2021, at 11 am ET to be among the first to see the new BullPhish ID featuring improved functionality, new features, and stellar upgrades at a great price. It’s everything that MSPs have been asking for and so much more. Meet the NEW BullPhish ID! RESERVE YOUR SPOT>>

Would you trust a flimsy lock for your front door? Then why are you trusting one for your data? Add a stronger lock between cybercriminals and your business when you learn to Build Better Passwords.


The Week in Breach: Featured Briefing

5 Cybersecurity Trends to Expect in 2021

As we recover from the tumultuous year that was 2020, it’s time to take a look forward at what we expect to see in 2021. Have you been working on your 2021 cybersecurity plan? Do you have a handle on what cybersecurity pitfalls might lie ahead? Here are our predictions for five cybersecurity trends that we expect to see front and center in 2021, and how you can protect your business and your clients from trouble.


PREDICTION: Ransomware risk will continue to climb as it remains to be the favorite tool of cybercriminals everywhere. It’s easy to operate, financially rewarding, and devastatingly effective. This year’s ransomware trend will be a bigger focus on disrupting operations instead of just stealing data.

SOLUTION: Whether it’s being deployed by a cybercrime gang or nation-state hackers, the top delivery system for ransomware is through a malicious phishing email. Enlist every staffer in the fight against ransomware by training them to spot and stop phishing attacks using BullPhish ID. SEE OUR UPDATES & UPGRADES TO BULLPHISH ID>>

Cybercrime as a Service

PREDICTION: As economic challenges continue around the world, that squeeze will translate into more people looking for more ways to make money on the Dark Web. Malicious insiders, cybercriminals, data brokers, hackers and all manner of folks will propel the cybercrime-as-a-service industry to new heights this year.

SOLUTION: It pays to watch for Dark Web danger from both inside and outside your business. Not only does monitoring your business credentials 24/7/365 with Dark Web ID give businesses an essential early warning system against credential compromise, but it also gives businesses a way to make sure none of their staffers are making extra money by selling their credentials on the Dark Web. SEE THE POWER OF DARK WEB ID>>

Nation-State Hacking

PREDICTION: Not only will nation-state hackers continue to be a menace to government and public sector organizations worldwide, but it will also become a bigger problem for average businesses, especially companies that provide essential services. Innovations like extremely precise spear phishing and weaponized ransomware will lead to more nation-state hacking incidents.

SOLUTION: Add protection against the favored tools of nation-state hackers: ransomware, phishing, credential compromise and malware deployment. Your clients need more protection than they think they do – and we’re here to help you sell it to them with Goal Assist. LEARN MORE>>


PREDICTION: Phishing will continue to be the king of cyberattacks, serving as a launching pad for everything from ransomware to business email compromise. Cybercriminals will increasingly branch out from traditional phishing vectors, although the classics will remain popular. Expect increases in phishing via messaging and chat app, SMS, text, and even by phone as cybercriminals search for security gaps to exploit.


Every business must make [phishing resistance training a top priority. Regular training, at least quarterly, prevents up to 70% of cybercrime incidents. BullPhish ID not only includes 4 new plug and play simulated phishing campaigns a month to keep staffers up to date about the latest threats, we’re upgrading the training to include smishning, vishing and more starting soon. SEE VIDEO OF BULLPHISH ID IN ACTION>>

2020 election cybersecurity fears represented by a man in a hoodie is shown with a login screen superimposed to represent passwords for sale on the Dark Web

You probably thought you were being smart when you made your password – but cybercriminals are smart too. Read “Is This Your Password?” to see how yours stacks up. GET THE BOOK>>

Remote Work

PREDICTION: Slow vaccine rollouts, disease outbreaks, and movement issues will extend the reliance on a remote workforce. Some companies will decide that saving money and increased employee satisfaction means they’re never transitioning back to full-time in-office operations. This means that every company needs to invest in secure identity and access management to formalize its support of a remote workforce instead of relying on ad hoc systems spawned at the start of the pandemic.

SOLUTION: Choose the multifunctional dynamo that provides complete secure identity and access management in one affordable package: Passly. Featuring everything on your wish list like multifactor authentication, single sign-on, secure shared password vaults, easy remote management and seamless integration with over 1,000 business applications, Passly gets to work in days, not weeks for immediate protection. SEE PASSLY AT WORK>>

Don’t wait until these cybersecurity disasters come calling on you or your clients. Contact the security experts at ID Agent today and let us help you create the perfect menu of security offerings to increase both your customers’ protection and your MRR.

Combat insider threats and more in our security awareness champion's guide represented by an image of the book cover and some potions, scrolls and treasure to elicit the book's fantasy game style as you study holiday phishing scams and cyberpunk 2077 malware

If Cybersecurity is Like a Game, Shouldn’t You Play to Win? Here’s How to Do It.

Get our Security Awareness Champion’s Guide Now>>

The Week in Breach: A Note for Your Customers

Your Staff’s IoT Holiday Bounty Can Put Your Security at Risk 

As we head into a new year, everyone’s starting to show off the exciting Internet of Things (IoT) gadgets that they got during the holiday season. Voice-controlled lightbulbs! Digital assistants! Smart speakers! While all of these devices are fun and convenient, they’re not just bringing futuristic flair to your employees’ lives – they’re also bringing risks to your business that you may not be expecting.

How? IoT devices are connected to each other and the outside world via WiFi. This gives hackers an opportunity to strike by exploiting vulnerabilities in these devices to gain access to the network that they’re connected to – and eventually your network.

Many IoT devices are helpful and even necessary, like video doorbells that allow movement-impaired folks to see who is at the door. Explosive growth in the IoT market also means that these devices aren’t going away anytime soon, and that more IoT devices will be entering our lives regularly.

It’s not feasible to avoid having any IoT devices connect to a network that connects to your company’s data and systems, especially as many companies continue working remotely because of the ongoing global pandemic. But it is feasible to add safeguards that will stand between your business and the danger presented by IoT devices.

One fast, easy and affordable way to combat many types of cyberattack threat including those presented by IoT devices is to implement a secure identity and access management solution like Passly. CISOs worldwide agree that secure identity and access management is a top priority for businesses in 2021.

Using security must-haves like multifactor authentication and single sign-on, Passly puts strong roadblocks between unexpected dangers like IoT devices or third-party credential compromise and your business without breaking the bank – so you can go back to watching videos of your coworker’s cat riding around on their robot vacuum in peace without worrying about cybercriminals.

Get high-quality tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!

Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us knowwe welcome your feedback and we love to hear about how our content works for you!

Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!

*** This is a Security Bloggers Network syndicated blog from Blog – ID Agent authored by ID Agent. Read the original post at: