Breach Guide

Learn the steps to take in the event of a data breach and stay current on the cyber threat landscape with the FTC’s Data Breach Resources, FBI’s Daily Digest Library and San Diego’s Cyber Incident Response Guide.

Federal Trade Commission (FTC) Data Breach Resources

Find out the steps to take as a business or consumer if you experience a data breach.

ftc-gov

FBI Cyber Daily Digest Library

Stay current on the global threat landscape with the FBI’s daily circulation of published data breaches and articles.

  • Check, Please! Adding up the Costs of a Financial Data Breach

    • The fact that roughly 206.4 billion emails are sent and received each day means we’re all very familiar with that dreaded feeling of sending an email with typos, with the wrong attachment, or to the wrong contact. But this can be more than just an embarrassing mistake – the ramifications could, in fact, be catastrophic.
    • The consequences of this information falling into the wrong hands could mean the loss of significant sums of money. Emails of this nature are the Holy Grail for cybercriminals.
    • Costs will be wide-ranging depending on the scale of each breach, but at a minimum, there will be financial penalties, costs for audits to understand why the incident happened and what additional protocols and solutions need to be implemented to prevent it from happening in the future. There could also be huge costs involved for reimbursing customers who may have been affected by the breach in turn.
    | November 16, 2020
  • How To Avoid Holiday Shopping Scams And Keep Your Data Safe

    • Last year, consumers spent $9.4 billion on Cyber Monday, eclipsing the combined spend of both Black Friday and Amazon Prime Day. And $3 billion of that total came from consumers making Cyber Monday purchases on their smartphones. Convenience is the name of the game, and therein lies a massive cyber vulnerability — not in the technology, but in the mindset of the consumer.
    - Chris Scanlan | November 16, 2020
  • ‘Resident Evil’ game maker Capcom confirms data breach after ransomware attack

    • The company said data on as many as 350,000 customers may have been stolen, including names, addresses, phone numbers and, in some cases, dates of birth. Capcom said the hackers also stole its own internal financial data and human resources files on current and former employees, which included names, addresses, dates of birth and photos.
    • The attackers also took “confidential corporate information,” the company said, including documents on business partners, sales and development.
    • The video games maker was hit by the Ragnar Locker ransomware on November 2, prompting the company to shut down its network.
    • Ragnar Locker is a data-stealing ransomware, which exfiltrates data from a victim before encrypting its network, and then threatens to publish the stolen files unless a ransom is paid.
      • In doing so, ransomware groups can still demand a company pays the ransom even if the victim restores their files and systems from backups.
    - Zack Whittaker | November 16, 2020
  • Why Cybersecurity for Small Businesses is More Necessary Now Than Ever Before

    • Nearly one-fifth of small businesses experienced either a hack, virus or data breach in 2019.
    • It’s estimated that by the year 2021, businesses will become a victim to ransomware every 11 seconds, with cyberattacks costing them more than $6 trillion annually. However, severe financial consequences aren’t the only dangers involved; cyber-attacks can also lead to the loss of sensitive information, and can even lead to a business shutting down for good.
    • There are a number of ways that small businesses can prevent a cyber attack, from implementing simple precautions or even hiring a specialized team to stay on top of the matter.
    • Along with employing an IT specialist or team (should the budget allow for it), training employees on current cybersecurity dangers and precautions is a must, as it can ward off a number of issues (such as the aforementioned phishing scams).
    • Installing security software, as well as investing in the right cybersecurity insurance can also be vital in protecting businesses in the event that an attack ever does happen.
    - JW Jackie | November 15, 2020
  • Data belonging to 27.7M Texas drivers stolen in latest case of unsecured storage

    • The databases were left online between March 11 and Aug. 1 and included names, dates of birth, addresses and vehicle registration histories. According to the company last week, the data was exposed when someone placed three company files on “an unsecured external storage service that appears to have been accessed without authorization.”
    • There’s the usual tick box of responses to the data breach from Vertafone, with the company claiming that it has no “information misuse has been identified” despite confirming the exposed data had been accessed. The company is also offering free credit monitoring and identity restoration services to all Texas drivers license holders potentially affected by the data breach.
    - Duncan Riley | November 15, 2020
  • State announces COVID-related data breach

    • The Division of Public Health announced a data breach Sunday affecting approximately 10,000 people, although the agency noted there is no evidence of any attempt to misuse any of the information.
    • According to DPH, a temporary agency staffer accidentally sent unencrypted emails containing COVID-19 test results for around 10,000 Delawareans on Aug. 13 and Aug. 20 to an unauthorized user. The Aug. 13 email included test results for individuals tested between July 16 and Aug. 10, while the Aug. 20 email had results for people tested on Aug. 15.
    • The emails, meant for distribution to call center staff who assist individuals in obtaining their test results, were sent to a single unauthorized user by mistake.
    - Matt Bittle | November 15, 2020
  • Learning from data breaches: The importance of the fundamentals

    • “It’s all too easy to get caught up in the headlining data breaches that we’re seeing so frequently today and to think “we’re not that dumb””
    • Criminals are lazy. They won’t fight tooth and nail to get into a target if they can sneak in elsewhere, and oftentimes, the job is actually made quite easy for them.
    • Whether it’s ransomware, malware, SQL injection or even phishing, it seems as though we’re reading about brand new breaches every few days.
    • Protecting modern IT systems is surprisingly easy.
      • First, it all starts with an attitude to not be apathetic about security, to not assume that “everything will be ok” when using default settings for software and hardware.
      • Second, it is important to discard the obsolete notions that the default behavior of security systems is to trust everybody.
    - Kevin Kline | November 13, 2020
  • Data Breach Hits 30 Million Texan Drivers

    • Vertafore claimed in a notification this week that, due to human error, three files were stored in an unsecured third-party service which was subsequently accessed without authorization.
    • The firm was unable to say exactly when this happened — only that it occurred at some point between March 11 and August 1. Having detected the incident in mid-August, it’s unclear why it then took the firm three months to notify those affected.
    • “The files, which included driver information for licenses issued before February 2019, contained Texas driver license numbers, as well as names, dates of birth, addresses and vehicle registration histories..."
    • The firm said in its FAQs that “we are not aware of any way this information could be used to commit fraud.
    - Phil Muncaster | November 13, 2020
  • Almost Four-In-Ten Data Breaches Are Caused By Stressed, Tired Employees

    • With remote workers facing distractions from childcare to delivery drivers ringing the doorbell, employees are likely to make simple mistakes such as sending an email to the wrong person, possibly exposing sensitive data.
    • Due to the pandemic, 93% of businesses have reported an increase in outbound emails, with one-in-two IT leaders reporting an increase of over 50%.
    • Data breaches as a result of outbound email are often overlooked and underreported, meaning businesses and people aren’t aware of the true scale of the problem. In fact, the ICO recently reported misdirected emails are the #1 cause of categorised incidents reported, and responsible for 44% more incidents than phishing attacks.
    news
  • DATA BREACH POTENTIALLY EXPOSES DETAILS OF MILLIONS OF BOOKING.COM AND EXPEDIA CUSTOMERS

    • The breach was uncovered by Website Planet, which found that Prestige Software, a company responsible for a hotel reservation system used by booking.com and Expedia, had been storing years’ worth of credit card data from hotel guests and travel agents without any protection in place.
    • Extremely sensitive data from as far back as 2013 was being incorrectly stored, with details including credit card and CVV numbers, full names, addresses and ID numbers of guests and comprehensive details about customers’ reservations all unprotected.
    • Other companies that use Cloud Hospitality and whose customers may have been at risk include Agoda, Amadeus, Hotels.com, Hotelbeds, Omnibees and Sabre.
    - Helen Coffey | November 11, 2020

San Diego Cyber Incident Response Guide

Learn more about San Diego’s region-wide cyber incident response guide and available local, state and federal resources.

San Diego Cyber Incident Response Guide October 2017