Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
U.S. Internal Revenue Service (IRS)
Exploit: Human Error
U.S. Internal Revenue Service: Federal Government Agency
Risk to Small Business: The U.S. Internal Revenue Service on Friday acknowledged that thanks to an employee error, the agency accidentally published confidential information about 120,000 taxpayers on its website. The compromised data came from Form 990-T filings. This form is required for people with individual retirement accounts who earn certain types of business income within retirement plans. While the forms for individuals are supposed to be confidential, charities that generate certain types of income are also required to file Form 990-T, and those are intended to be public. An employee mistakenly uploaded private taxpayers’ data to the agency’s website along with the public charity data.
How it Could Affect Your Business: Human error is the top cause of cybersecurity trouble, but training helps reduce the risk of a data disaster related to employee mistakes.
Exploit: Credential Compromise
U-Haul International: Moving & Storage Company
Risk to Small Business: U-Haul International disclosed a data breach related to its customer contract search tool. U-Haul says that attackers accessed some customers’ rental contracts between November 5, 2021, and April 5, 2022, after compromising two passwords. U-Haul’s email and customer-facing websites were not impacted.
How it Could Affect Your Business: Cybercriminals have been concentrating their fire on suppliers and service providers, elevating risk for them.
The North Face
Los Angeles Unified School District: Regional Education Authority
Risk to Small Business: California-based outdoor clothing company The North Face disclosed that it has had a data breach after a successful credential stuffing attack exposed the information of an estimated 200,00 customers. The company said that the attack on its website began in late July 2022 and was finally stopped in August 2022. Investigators determined that bad actors had accessed shoppers’ information shortly thereafter.
How it Could Affect Your Business: Educational institutions have been high on cybercriminal priority lists, and the time pressure here made this attack an attractive prospect for the bad guys.