Hacker Tracker | August in Review

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates…

#1 Havenly discloses data breach after 1.3M accounts leaked online | 8.2.20

  • US-based interior design website, Havenly, reported a data breach that involved a hacker posting 1.3 million of their user records for free on a hacker forum.
  • Last week, BleepingComputer reported that the ShinyHunters hacking group had leaked the databases for 18 companies on a hacker forum for free. These databases contained a combined total of 386 million user records.
  • Havenly’s response was to send out data breach notifications to their users, stating they were recently aware of a potential breach and were performing a mandatory reset of all passwords. To date, it is not believed that credit card information was compromised.
  • View the Source

#2 Canon also falls victim to an apparent ransomware attack | 8.6.20 

  • Data and systems from the Japanese-owned company, Canon, were held hostage just a week after a similar attack on the company, Garmin. 
  • Canon suffered from widespread and ongoing system outages, affecting 10TB of company data which was reportedly stolen. Two dozen of Canon-owned domains were also affected in the breach.
  • If Canon refused to pay the ransom, they risked that data could end up on data leak sites. In the case of Garmin, they paid a multimillion-dollar ransom to restore access to their systems–Canon may end up doing the same.
  • View the Source

#3 Banking Regulator Fines Capital One $80 Million Over 2019 Hack | 8.7.20

  • Capital One Financial Corp. was fined $80 million by a top banking regulator
  • The bank was charged for a 2019 hack that was proven to have compromised the personal information of roughly 106 million card customers and applicants.
  • Following the breach, the OCC and Federal Reserve ordered the bank to increase their cybersecurity measures, stating the bank had previously failed to establish effective risk assessment processes.
  • View the Source

Lessons Learned From This Month’s Hacks

Again we learn that millions of people’s identities have been compromised and likely for sale on the dark web. It should be shocking, but it’s not.

This comes back to two topics:

  1. Trust, but verify. Is it possible your boss asked you to wire money to an account? Sure, but verify with a phone call. Is it possible that attachment or link to a website from the accounting department is legit? Sure, but verify it. These mistakes are commonplace and causing huge companies millions of dollars. For small businesses, in many cases it will result in closure of the business. Be aware of normal vs. abnormal communication and keep your guard up.
  2. Your identity was stolen already. Have great identity monitoring and multi-factor identification on your email, bank, and any platform that would ruin you if a hacker bought your credentials for 3 cents in bitcoin. We recommend CompleteID via Costco.

Reach out if you have questions here.