Default settings in Microsoft’s Power Apps portal left 38 million records exposed across more than 1,000 web apps, impacting state government agencies, American Airlines, Ford and others. The exposed records varied by organization and web app but included address, phone numbers, COVID-19 vaccination records, employee and applicant databases to include Social Security numbers.
A recent report analyzes the $211 Million in data breach fines imposed on European Union organizations by the General Data Protection Regulation (GDPR).
While there are some questions around the number of data breaches thus far, 2020 is shaping up to be a record year in terms of number of records compromised at least. According to a study on data breaches and compromised data during the first six months of the year, there have been just over 2,000 data breaches but 27 billion records exposed, which is 12 billion more than the number of records compromised in all of 2019.
Turning ransomware attacks into data breaches if the ransom isn’t paid, what’s being called exfiltration+encryption attacks, can be damaging on multiple levels. In the first half of this year 11 percent of ransomware attacks have adopted this tactic.
ID Ransomware, a website and free tool that allows ransomware victims to upload a ransom note or sample encrypted file to identify the ransomware used against them, had over 100,000 submissions between January 1 and June 30, 2020.
According to a recent survey, more than one-third of merchants have seen at least 10 percent of their user accounts taken over in the past year while more than one-quarter of merchants have no measures in place to protect against account takeover. Meanwhile, less than 8 percent of consumers were notified about account takeover incidents by the merchant custodian of their compromised account.
The state of Arkansas shut down their unemployment application website which exposed the PII of nearly 30,000 applicants and Illinois faced a similar issue. Meanwhile, the U.S. Secret Service reports that hundreds of mules are being used to funnel unemployment benefits to an organized fraud ring in Nigeria falsely filing for benefits with stolen identity information.
Keeping unwanted parties out of business meetings can range from important to imperative depending on the topics and focus of the video call. There has been a sudden increase in employees working from home and requiring the use of Zoom or other services. While many media reports have discussed the threat of “Zoombombing,” there are several measures video chat users can take to greatly reduce these occurrences and their impacts.
Here are steps anyone can take to reduce the likelihood of falling victim to e-meeting eavesdropping in Zoom.
Wawa announced a large-scale malware compromise breaching payment cards processed at the pump or inside between March 4 and December 12, 2019, also admitting that the company “does not have sufficient information to determine” how many payment cards were exposed. The gas station and convenience store has more than 850 locations along the east coast with $10.6 billion in annual revenue.
More than 3,800 data breaches occurred in the first half of this year, a 54 percent increase from the first half of 2018. The number of consumer records compromised in data breaches increased 52 percent over this time, with 4.1 billion records compromised in the first half of 2019 and 3.2 billion of those coming from just eight breaches.
This comes as the Identity Theft Resource Center tallied the most records compromised in 2018 and highest number of data breaches in 2017 in more than a decade.
Fraudsters find more success with getting phishing campaigns delivered as well as with open and click rates when sending from an existing, known and trusted email address. This may be why a recent report found that 20 percent of phishing email attacks against employees are sent from email addresses a fraudster has taken over. Most phishing attacks, however, are brand impersonation attacks, with Microsoft being the most impersonated.
For their Email Fraud & Identity Deception Trends report, Agari surveyed more than 300 US and UK businesses with 23,053 reported phishing incidents in the fourth quarter of 2018. Analysis found that 20 percent of these phishing emails came from compromised email accounts, while 67 percent impersonated a trusted brand with deception or a look-a-like domain.