Data Breaches – Jan 2020

Exploit: Information breach

P&N Bank: Financial services provider

Risk to Small Business: A third-party partner with P&N Bank was accessed by hackers, compromising the bank’s customer data. The breach occurred during a December server upgrade. In response, P&N shut down the servers to prevent further access or infiltration. Unfortunately, they may not have acted quickly enough, and will now have to manage the trifecta of customer outrage, media scrutiny, and regulatory oversight that’s likely to accompany the event.

Individual Risk: Although the bank doesn’t believe that customer data was misused, hackers could have accessed customers’ names, addresses, email addresses, phone numbers, customer numbers, ages, account numbers, and account balances. Those impacted by the breach should carefully monitor their accounts for unusual activity and enrolling in credit or identity monitoring services can ensure that their personal information remains secure.

Exploit: Software vulnerability

Atlassian: Enterprise software company

Risk to Small Business: Security researchers identified a flaw in Atlassian’s software that exposed an SSL key that could be used by cyber criminals to redirect app traffic to malicious sites. In response, Atlassian pulled the website’s authentication certificate while it identifies and implements solutions. However, the matter is being openly discussed on Twitter, which means that the company will likely endure a degree of reputational damage. As an enterprise-focused business, this could dissuade potential clients from working with Atlassian in the future.

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown

Exploit: Cyberattack

Toll Group: Transport and logistics company

Risk to Small Business: A cyberattack has forced Toll Group to shut down many of its customer-facing network systems to contain any impact on customers and operations. Although Toll Group is referring to the incident as a “cyberattack,” it’s likely that this episode is the result of a ransomware attack. The company expects that many customer applications will be impacted. The incident underscores that opportunity cost that is increasingly driving up the cost of ransomware attacks. During the outage, it’s unlikely that Toll Group will be able to collect revenue, meaning the event could have a significant impact on its bottom line.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

Australia’s bushfire natural disaster is one of the most profound in recent memories, inspiring donors from around the world to contribute resources to the cause. Unfortunately, a legitimate donations site was infected with a Magecart payment-card skimmer that stole donors’ personal information when making an online payment.

The breach was discovered by security researchers, who declined to identify the specific website impacted by the breach. Payment-card skimming malware is an increasing concern for e-commerce platforms, as it collects users’ most sensitive personal data. In addition, it undermines customer confidence in the online payment process, which could decrease their willingness to spend money online.

In this case, payment-card skimming could cost valuable resources in a dire situation. For all companies relying on e-commerce to drive revenue, it’s a reminder that customer confidence is a crucial component of successful online sales initiatives.