Another month has come and gone, and data breaches are remain a persistent threat. In the month of July, it was reported that 139,731,894 million records were leaked, which far surpasses the number of records breached in May (17,273,571) and is nearly the same as the number of records breached in June (145,942,680). The number of breaches from June to July is in line with the predictions that they would be similar to one another since the implementation of GDPR. This requires organizations that have suffered a breach to report the breach to the public in a timely manner. It is also important to remember that the numbers of breaches per month are based on released numbers, and might actually be higher since cyberattacks can be found and reported months, if not years, later.
Highly regulated industries are huge targets for bad actors since they contain so much valuable information in an isolated area, and this month there seemed to be a lot of attacks on government entities and critical infrastructure. How bad actors get to information is up to them, but they will always take the path of least resistance. As we will see from the noteworthy breaches below, frequently the path taken is using a third-party vendor’s access to get into a larger enterprise network. This attack vector has even gone mainstream, with the New York Times reporting that “many of the worst recent data breaches began with a vendor’s mistake.” Notable breaches that were talked about this month include: cities that use the software Click2Gov are still getting hacked even though it’s been well documented that the software isn’t secure, Russian hackers have reportedly accessed US utilities’ control room, and a correctional facility in Pennsylvania had a “security incident” involving a third-party vendor. Let’s take a closer look at each of these cyberattacks, how they happened, and why critical infrastructure is at risk.
Over a dozen smaller and midsize cities spread throughout the US have suffered data breaches linked to a third-party vendor that these cities use for paying bills online. The newest victim is Medford, Oregon, who has reported that its residents’ personal information may have been compromised due to a vulnerability within Click2Gov, an online payment portal. Medford is just one of the many cities affected. Other cities that have reported data breaches related to Click2Gov include Goodyear, Arizona; Thousand Oaks, California; Fond du Lac, Wisconsin; Bozeman, Montana; Wellington, Florida; Midwest City, Oklahoma, and Beaumont, Texas. In every case, the incidents led to hundreds or thousands of residents having to be notified that their credit card information might have been stolen.
When a city has to shut down their online payment server that runs Click2Gov, it shuts off the possibility to process utility bills, permit applications, and business licenses. This Medford breach affected 1,842 people who used Click2Gov during the months of February and March, and again in March and April. To those that are affected, names, credit card numbers, card expiration dates, and security codes were potentially exposed. Although these breaches may seem small on the surface, they all share the same third-party vendor.
According to CNET, hackers that work for Russia were gained access to the control rooms of US electric utilities in 2017, which allowed them to cause blackouts, federal officials tell Wall Street Journal. How did this happen? According to the Department of Homeland Security, Russian hackers broke into the utilities’ isolated networks by hacking networks belonging to their third-party vendors that had relationships with the power companies. So far it is reported that there are hundreds of victims, and the number is likely going to continue to rise. Why is this expected? Since many of these systems run out-of-date software they’re vulnerable to outside attacks. Along with that, organizations running the nation’s energy, nuclear, and other critical infrastructure have become frequent targets for cyberattacks due to their ability to cause immediate chaos, whether it’s starting a blackout, blocking traffic signals, or shutting down 911 call centers. So far, victims have not been identified, and Russia continues to deny any involvement in targeting US critical infrastructure.
Pennsylvania correctional facility
A breach that happened at the beginning of April this year has just been found by the Department of Corrections (DOC). A vendor that provides online systems for the DOC to conduct, manage, and track audits and inspections related to its accreditation and internal operations called Accreditation, Audit, and Risk Management Security, LLC. What they’re calling a “security incident” is a third-party data breach. The company reported that the system was accessed without authorization and a portion of the data on the system was even exported. The amount of data is still unknown, but it is expected to include full names, driver’s license numbers, home addresses, Social Security numbers, and medical information. Once the breach was found out about, the data on the vendor in question was immediately removed from the server and returned to the DOC.
Although the DOC cannot confirm that any of their data was included in what was exported by the unauthorized access, the agency is not aware of any misuse of any individual’s personal information. Not so surprisingly, the DOC will be offering credit monitoring and protection for one year at no cost to all potentially affected individuals. Although the numbers aren’t set in stone, the DOC has begun to identify individuals, which includes about 13,100 inmates, 680 employees and 11 others may have been affected by the incident. Any of those that are assumed to be affected have been sent out a notification letter.
Protect your network
Data breaches and ransomware are continuing to affect an unbelievable number of people and enterprises, and it’s obvious that they’re here to stay. Specifically, it seems that the government is a hot target for bad actors. The best thing any organization, especially in the government sector, can do is protect itself from bad actors with a layered defense. It has been widely accepted that one of the main attack vectors for bad actors to access a network is through third-party access. Regulate and take control of the access granted to third-parties to save yourself from a data breach or ransomware attack.
Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.