Cyber-Thieves and ID Theft criminals never rest and continue to stay ahead of law enforcement, businesses, and consumers.
And because of that fact, now is a great time for consumers and businesses to evaluate their cybersecurity posture – especially during the COVID-19 environment – with a focus on response and recovery.
Why response and recovery? Because consumers and employees continue to click on phishing emails and organizations continue to experience data breach events such as ransomware.
Two recent examples include Blackbaud (Blackbaud Ransomware Attack Gets Worse) and Twitter (Twitter Hackers Posed as Company IT Officials Making a Support Call).
Blackbaud – a cloud technology company confirmed in early October that “stolen data also included bank account data and Social Security numbers, far more personally identifiable information than the company first thought.”
Specific to Twitter, the New York State Department of Financial Services released its findings and concluded: “the hack was relatively unsophisticated, caused by scammers who posed as members of Twitter’s IT help desk and directed employees to a phishing website designed to look like a company site.”
Blackbaud is your typical data breach example where their first statement on July 16, 2020, said while they were hacked, “that credit card information, bank account information, or Social Security numbers were not stolen.”
Fast forward 60 days later and Blackbaud now admits that their data breach “had access to more unencrypted data than previously disclosed, including bank account information, Social Security numbers, usernames and/or passwords.”
Unfortunately, the final story for most data breaches rarely reflect the initial news report and speak of what’s known at the moment, but never discuss the long-term – which is exactly what happened to Blackbaud and Twitter.
The fact is that a data breach or ID Theft event can be a lifelong problem affecting you long into the future.
In Blackbaud’s case, their data breach event has affected 6 million people so far.
With all the education and resources businesses continue to fail phishing tests (after cyber-awareness training) and still click phishing emails.
My advice to consumers and small businesses is a heightened awareness of phishing emails, unfamiliar links, and attachments, and to reconsider the information that is being shared on social media.
After all, Cyber-Thieves and ID Theft criminals never rest and are unpredictable!
by Mark Pribish
Check out our article on Full-Service Recovery HERE
