Skip to main content

Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.

The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.

Klaviyo
Exploit
: BEC
Klaviyo: Email Marketing Firm

Risk to Small Business: In an interesting twist on the usual data breach incident, email marketing firm Klaviyo suffered a concentrated and specific data breach on August 3, 2022. After gaining access to an employee’s account thanks to a successful phishing attack, bad actors then downloaded marketing lists used by cryptocurrency-related clients for outreach efforts and for Klaviyo product and marketing updates.

The threat actor used the internal customer support tools to search for primarily crypto-related accounts and viewed list and segment information for 44 Klaviyo accounts, downloading data from at least 38 accounts.

Stolen data includes customers’ names, addresses, email addresses, account profile information and phone numbers. The hackers also downloaded two internal lists used by Klaviyo for product and marketing updates that contain names, addresses, email addresses, and phone numbers.

How it Could Affect Your Business:  Phishing is the most likely way for any organization to open the door to a data breach.

Atrium Health
Exploit:
 BEC
Atrium Health: Medical System

Risk to Small Business: North Carolina-based Atrium Health has announced a data breach impacting 7,000 patients. The healthcare provider says that an employee at Atrium Health at Home fell victim to a phishing attack, resulting in bad actors accessing that employee’s email and messaging account in April 2021. Atrium is mailing letters to the affected patients and hasn’t determined whether the unauthorized user accessed the protected health information in the accounts.

North Carolina-based Atrium Health has announced a data breach impacting 7,000 patients. The healthcare provider says that an employee at Atrium Health at Home fell victim to a phishing attack, resulting in bad actors accessing that employee’s email and messaging account in April 2021. Atrium is mailing letters to the affected patients and hasn’t determined whether the unauthorized user accessed the protected health information in the accounts.

How it Could Affect Your Business: Healthcare data is always a desirable commodity for bad actors and letting them get their hands on it is always an expensive mistake for healthcare providers.

Spirit Super
Exploit
: BEC
Spirit Super: Financial Services

Risk to Small Business: Spirit Super has announced that a cyberattack caused by an employee falling for a phishing message is the cause of a cyberattack that has led to data exposure for an estimated approximately 50,000 member records from 2019/2020. The company said that the incident was quickly mitigated, and the damage contained, with new security measures added.

Spirit Super says that the information potentially exposed includes client names, addresses, ages, email addresses, telephone numbers, member account numbers and member balances. The company was quick to assure members that the exposed data doesn’t include dates of birth, government identification numbers or any bank details.

How it Could Affect Your Business: Phishing is the first step in more than 90% of data breaches, making stopping it a top security priority.

Chester Upland School District
Exploit
: BEC
Chester Upland School District: Regional Education Authority

Risk to Small Business: A recent business email compromise attack on a Pennsylvania school district resulted in bad actors making off with more than $13 million. Authorities say hackers used a stolen district employee email account to snatch the money by sending official-looking messages from that account and then diverting payments to themselves. After diverting the payments, the cybercriminals then used a romance scam conducted through the dating site eHarmony to entice a Florida woman to launder the money unwittingly. The scheme came to light after the Pennsylvania Department of the Treasury flagged a large transfer, unraveling the whole mess. $10 million of the money has since been recovered.

How it Could Affect Your Business: Business email compromise is hard to detect but causes the most financial damage. This school district got lucky recovering money.

AllOne Health Resources, INC.
Exploit: BEC
AllOne Health Resources: Insurance Company

Risk to Small Business: AllOne Health Resources, Inc. has experienced a data breach as the result of a business email compromise attack. The company says that an unauthorized party gained access to sensitive consumer data contained on its network after landing the BEC attack. According to AllOne Health, the company discovered the breach after it realized that the company’s finance department had sent several wire transfers to a fraudulently created bank account. That prompted an investigation that revealed that bad actors had gained access to an employee’s email account and snatched sensitive data.

Exposed information includes the names, addresses, dates of birth, driver’s license numbers, Social Security numbers and health information of 13,669 individuals.

How it Could Affect Your Business:  A data security disaster in the healthcare sector is extra expensive and damaging after regulators weigh in.