Cyber Attacks

Docker Hub, which provides developers a platform for open source container space was struck with a cyber attack this week. According to reports, a cyber criminal gained unauthorized access to roughly 190,000 accounts which contained sensitive data. Due to the vulnerability, hackers were able to steal usernames and passwords to these accounts, as well as tokens from other widely used development platforms like Github and BitBucket.

The container platform is popular amongst developers because it’s ability to quickly deploy or move app containers. Container images can be set as public or private, and the Hub is the place to go to grab, for example, an official image of MongoDB or nginx and as mentioned above, allows the ability to pull from different platforms to create an active environment. And that’s what makes the Docker Hub breach potentially so much more worrying: If tokens have been compromised, it gives attackers many more places to slip in malicious code.

Evolve MGA offers cyber insurance that covers policyholders in the event their cloud data is hacked, lost, or stolen. Get appointed with our cyber insurance specialists for a FREE Quote!

If asking new users to share passwords to their registered emails wasn’t bad enough to get caught doing, Facebook now finds itself in hot water yet again after 500 million + users personal identifiable information was found exposed and unprotected on Amazons cloud servers. What makes this incident even worse is the exposure was a result of third party apps unsecurely storing the data.

Researchers at the cybersecurity firm UpGuard today revealed that they discovered two datasets—one from a Mexican media company called Cultura Colectiva and another from a Facebook-integrated app called “At the pool”—both left publicly accessible on the Internet. The data that was exposed by Cultura Colectiva included users comments, reactions, account names, user ids, and more. As for At the pool, contained information about users’ friends, likes, groups, and checked-in locations, as well as names, plaintext passwords and email addresses for 22,000 people.

Evolve MGA offers cyber insurance that covers policyholders in the event their cloud data is hacked, lost, or stolen. Get appointed with our cyber insurance specialists for a FREE Quote!

Boston’s children’s hospital is utilizing Amazon’s Alexa, a voice command application, to help with technology advancements in the healthcare sector…but Alexa, are you HIPAA compliant? If you keep up with recent cyber attacks at all, you’ve most likely seen reports of a data breach associated to a hospital or organization in the healthcare space. This sector is typically seen as low hanging fruit for hackers as hospitals often use out-dated applications and security systems, and their employees usually lack the awareness attributed to safe practices. All in all, adding technology like Alexa, can potentially create another opportunity for cyber criminals to infiltrate hospitals and expose very sensitive information if it’s not properly utilized.

However, Amazon announced that they can enable HIPAA covered entities and business associates to build so-called “HIPAA eligible” healthcare applications. These will enable Alexa technology to transmit and receive protected health information. As patient data is incredibly confidential, the fact that HIPAA has partnered with Amazon to protect this data while moving forward with tech advancements will be an interesting test in protecting patients.

Evolve MGAoffers cyber insurance that covers policyholders in the event their cloud data is hacked, lost, or stolen. Get appointed with our cyber insurance specialists for a FREE Quote!

It’s always interesting when we see new types of businesses being struck with data breaches or cyber attacks as these events usually indicate the willingness of hackers to try new industries and tactics to in order to test their abilities to expose and ultimately gain in the wake of another’s loss. This past week, European airplane maker Airbus released a statement highlighting a data breach in its “Commercial Aircraft business” information systems that allowed intruders to gain access to some of its employees’ personal information.

The airline company did not disclose how the cybercriminals accessed their systems, so we can only speculate, but Airbus has taken immediate and appropriate actions to reinforce existing security measures,” which were not enough to keep the hackers out of their systems, “and to mitigate its potential impact” so that it can prevent similar incidents from happening in the future. In short, business systems need to be updated and users need to be trained as they are the first lines of defense against human error related cyber attacks.

Evolve MGA offers cyber insurance that covers policyholders in the event their cloud data is hacked, lost, or stolen. Get appointed with our cyber insurance specialists for a FREE Quote!

Caribou Coffee experienced a major data breach in late December surrounding their point of sale (POS) system, which prompted the company to issue a notice to guests about being exposed by an unauthorized third party. The cyber attack, the latest in a string of security issues for restaurants, involved at least 265 of the Caribou Coffee’s branches, although it remains unclear how many customers were affected.

According to reports, the information exposed was from guests who visited between August 28 and December 3. Caribou said there is a possibility “that [customer’s] name and credit card information, including card number, expiration date and card security code may have been accessed as a result of this unauthorized activity. Payments made through [customer’s] Caribou Coffee Perks account or other loyalty account were not affected. Any catering orders placed online with Bruegger’s Bagels, Einstein Bros. Bagels, Manhattan Bagel and Noah’s NY Bagels were also not affected by this breach.”

EvolveMGA offers cyber insurance that covers policyholders in the event their cloud data is hacked, lost, or stolen. Get appointed with our cyber insurance specialists for a FREE Quote!

The US Federal Emergency Management Agency, better known as FEMA, improperly shared and exposed personal identifiable information of 2.3 million disaster survivors this past week. Those at risk were victims of hurricanes Harvey, Irma, and Maria, as well as the California wildfires of 2017. 20 data fields were improperly shared, including home addresses & bank account information. Although the 3rd party contractor that received the data was not identified in the reports, it’s worth noting this isn’t the first time FEMA has been censured for mishandling information.

A report from 2015 stated survivor’s records were stored at a disaster-response centre in California in open, unsecured cardboard boxes. Mishandling large quantities of sensitive data typically is a result of inadequate employee training. Employers need to begin utilizing intentional phishing tools to help their employees understand the difference between a normal email and a malicious email. Combining this training with a quality cyber policy would help minimize the negative effects that result from employee error.

EvolveMGA provides this service for free to every one of our policy holders. Combining this training with a cyber policy will minimize the major costs associated with phishing!

Las Vegas experienced a major data breach this past week as Planet Hollywood’s parent company, Earl Enterprises, was the victim of cyber attack that resulted in 2.15 million individuals exposed. According to reports, the cyber criminals infiltrated their system in May of 2018 and weren’t detected until March of 2019. Individuals who visited Planet Hollywood, Bucca di Beppo, and Earl of Sandwiches in Las Vegas, Orlando, and New York City were affected by the breach.

Sensitive information exposed included customer names, credit card numbers, and expiration dates. It has been confirmed that the customers affected information was sold on the black market in February of 2019. Incidences like this typically result in corporations offering free credit reporting to ensure customers are protected post exposure. Additionally, although Earl Enterprises reported that their places of business are safe today, data breaches can result in untimely affects on their business success, including reputational harm, business interruption, and financial loss.

Evolve MGA provides this service for free to every one of our policy holders. Combining this training with a cyber policy will minimize the major costs associated with phishing!

For anyone doing business, it should be understood that your business can be at risk of a cyber attack, and in this day and age, it can happen at any point in the business’ life. We often hear about hospitals, city governments and municipals, schools, etc., being targeted and exposed as they’re seen as low hanging fruit, but obviously all industries are susceptible of being attacked. Having said that, an industry that does not typically find the headlines is the gaming industry, but Town of Salem, a popular role-playing game, recently felt the wrath of what cybercriminals are capable of.

According to the Hacker News, a massive data breach at the popular online role-playing game has reportedly impacted more than 7.6 million players, the game owner BlankMediaGames (BMG) confirmed Wednesday on its online forum. With the user base of more than 8 million players, Town of Salem is a browser-based game that enables gamers (which range from 7 to 15 users) to play a version of the famous secret role game Town, Mafia, or Neutrals.

BlankMediaGames discovered the hack on December 28th after their database was uploaded to a hacked search engine, called DeHashed. DeHashed released the following list of personal identifiable information that was apparently leaked:

• Email addresses
• Usernames
• Hashed passwords (in phpass, MD5(WordPress), and MD5(phpBB3) formats)
• IP addresses
• Game and forum activity
• Some payment information (including full names, billing and shipping addresses, IP information and payment amount).

As mentioned, data breach cyber attacks can happen to any company, regardless of size, which makes for updated systems, end user awareness, and having a cyber insurance policy in place, extremely imperative.

Evolve MGA offers cyber insurance that covers policyholders in the event their cloud data is hacked, lost, or stolen. Get appointed with our cyber insurance specialists for a FREE Quote! To read more about the hack on Town of Salem, click here.

Why Do Aggregates Matter In Cyber Policies?