Week of April 14, 2017


Week of April 14, 2017

Post-Breach Share Prices Tumble Nearly 2%*:

  • Public limited companies can expect their share price to tumble at least 1.8% following a severe breach, equating to £120m for a FTSE100 firm.
  • Oxford Economics studied a sample of over 60 public security breaches outlined in the Gemalto Breach Level Index between 2013 and 2016 and compared the share price performance of the most severe incidents with a control group that didn’t suffer a breach.
  • These 'control' organizations are located in the same country, have a similar number of employees and operate in the same sector as those breached firms.
  • The true figure is likely to be much higher when breach notification laws are introduced with the European General Data Protection Regulation (GDPR).
  • Only around 10%-20% of the major breaches companies suffer in Europe are currently made public.
  • Corporations cannot afford to dismiss cybersecurity as a problem which just belongs to the IT department.
  • It is crucial for executives to take an active role in understanding the level of cyber-risk they’re exposed to in order to implement an appropriate, effective cybersecurity strategy.
  • The impact on share price will be even greater post-GDPR because of the heavy fines set to be levied by the regulation.
  • The key for many organizations is to understand the critical information, discover where it is located, and how it is accessed.

*Source: lnfo Security, April 12, 2017


Symantec Attributes 40 Cyber-Attacks to CIA*:

  • Past cyber-attacks on scores of organizations around the world were conducted with top-secret hacking tools that were exposed recently by WikiLeaks.
  • The files posted by WikiLeaks appear to show internal CIA discussions of various tools for hacking into phones, computers and other electronic gear, along with programming code.
  • Symantec said it had connected at least 40 attacks in 16 countries to the tools obtained by WikiLeaks, though it followed company policy by not formally blaming the CIA.
  • The CIA tools described by Wikileaks do not involve mass surveillance, and all of the targets were government entities.
  • Sectors targeted by operations employing the tools included financial, telecommunications, energy, aerospace, information technology, education, and natural resources.
  • Besides Europe, countries were hit in the Middle East, Asia, and Africa.
  • All the programs were used to open back doors, collect and remove copies of files, rather than to destroy anything.

*Source: Reuters, April 10, 2017


Hacker Sets Off Every Emergency Siren in Dallas*:

  • A hacker set off all 156 emergency sirens in Dallas which wailed for 90 minutes overnight.
  • The hacker tricked the system into sending repeated signals 60 times, and has yet to be found.
  • The sirens are normally used to warn of severe weather, such as tornadoes.
  • Anxious residents deluged the 911 emergency system with phone calls, with 4,400 being made in three and a half hours.
  • The city’s mayor said the city would find and prosecute the responsible party, and commented that the city needs to upgrade and better safeguard its technology infrastructure.

*Source: Telegraph, April 09, 2017


Payday Lender Wonga Confirms Data Breach*:

  • UK Payday lender Wonga has issued a statement instructing customers to contact their banks as a matter of urgency.
  • Personal details from hundreds of thousands of accounts may have been illegally accessed, with reports indicating this number could affect up to 270,000 current and former customers.
  • The exposed information may include a customer's name, email address, home address, phone number, the last four digits of a card number, bank account number, and sort code.
  • It told customers to reset their passwords only if they are concerned as it believes accounts should be secure.
  • Wonga recommended impacted individuals contact their banks and ask them to look for any suspicious activity.
  • The Wonga breach comes just months after hackers stole £2.5 million from 9,000 online customers at Tesco Bank.

*Source: ZDnet, April 09, 2017


HHS Data Shows 1,800 Large Data Breaches since 2009*:

  • Nearly 1,800 large data breaches involving patient information have occurred since 2009, according to an analysis of publicly available data from the Department of Health and Human Services.
  • 257 breaches between October 2009 and December 2016 were reported by 216 hospitals, with 33 suffering more than one breach many of which were large, major teaching hospitals.
  • Under HIPAA regulations covered entities are required to notify HHS of any breach affecting 500 or more individuals within 60 days from the discovery of the breach.
  • There is no need to report smaller breaches, so the total number of breaches may be significantly higher.
  • Hospitals, pharmacies, assisted living facilities, insurance providers, and research institutions must strengthen their security strategy.

*Source: Health Data Management, April 11, 2017


Data on 918K Seniors Exposed on Diabetes Site*:

  • A database containing personal information of 918,000 seniors seeking discounts on diabetes supplies was revealed to be exposing its contents for months freely online.
  • The seniors provided their personal financial and health information to a program promising them discounts on diabetes supplies.
  • The database on which the information was stored ended up exposed to months after a software developer uploaded a backup copy to the internet.
  • The database was found by a Twitter user, calling himself ‘Flash Gordon’, on an Amazon Web Services (AWS) instance at an IP address.
  • Flash Gordon notified – a data security site run by a health care professional – about his discovery.
  • They found that the database was from a telemarketer as the data included scripted comments to use when engaging with patients.
  • The database included names, addresses, dates of birth, telephone numbers, email addresses, taxpayer IDs, health insurance carrier, policy numbers, and information about what types of health problems.
  • Be wary of providing personal information to telemarketers as there's no way to know whether the caller is legitimate.

*Source: SC Magazine, April 11, 2017


Amazon’s Third-Party Sellers Hit by Hackers*:

  • Hackers are targeting the growing population of third-party sellers on, using stolen credentials to post fake deals and steal cash.
  • Attackers have changed the bank-deposit information on Amazon accounts of active sellers to steal tens of thousands of dollars from each.
  • Attackers have also hacked into the Amazon accounts of sellers who haven’t used them recently to post non-existent merchandise for sale in an attempt to pocket the cash.
  • The fraud stems largely from email and password credentials stolen from previously hacked accounts.
  • Hacks previously have favored sites such as PayPal and eBay, but Amazon recently has become a target of choice.
  • While the precise scope and financial impact of the Amazon attacks is unclear, some sellers say the hacks have shaken their confidence in Amazon’s security measures.
  • Third-party merchants are critical for Amazon’s business, with more than two million sellers on the site accounting for more than half of its sales.
  • Hacks of dormant Amazon seller accounts in particular have increased since mid-March, to more than 20 some days from the low single-digits earlier this year.
  • Criminals create thousands of new listings for electronics or other goods at half price and mark them for four-week shipping, hoping to collect payment before Amazon realizes.
  • Cybersecurity experts say that in some cases the hackers have been buying account information from previous hacks of other companies.
  • To protect against fraud, sellers should be using unique passwords and enable two-step verification, which sends a telephone prompt before allowing a login.

*Source: Fox Business, April 10, 2017


Get in Touch With Us!

Are you interested in receiving more information about our products? Do you have questions about sensitive data security? Would you like a demo? Complete the details below and one of our specialists will get in touch with you.

We love to help our customers solve their data security problems. Please tell us about what you are trying to accomplish, details about your environment, and any other information that will help us understand your needs better.

scroll top