Cyber Shocks of 2024: Unpacking the Year’s Biggest Security Breaches

Cyber Shocks of 2024: Unpacking the Year’s Biggest Security Breaches

The catastrophic surge in data breaches in 2024 has left virtually no industry untouched. You name it, this year has witnessed it: high-profile corporate hacks, billions of daily phishing emails, ransomware attacks targeting industry giants, endless supply chain compromises, the largest healthcare data breach in history impacting a third of the population of the United States, national election breaches compromising our democracy and the enormous role that Artificial Intelligence (AI) has had by empowering cybercriminals even more.

Here is a breakdown of the top data breaches that rocked the world this year:

National Public Data Breach: In early 2024, National Public Data (NPD), an online background check and fraud prevention service, reported that a malicious actor gained access to their systems in December 2023 and leaked sensitive data starting in April 2024. Bloomberg Law stated that “the breach allegedly exposed 2.9 billion records containing highly sensitive personal data of up to 170 million people in the US, UK, and Canada.” This breach has been described as potentially one of the largest in history, with personal information, including Social Security numbers, full names, mailing addresses, email addresses, phone numbers and family member details, being sold on the Dark Web. For a review of our recommendations and details of the breach, review our blog on the subject HERE.

Snowflake Data Breach: This prominent cloud data platform with 9,800+ global customers, suffered a breach where hackers used stolen passwords to access data from companies like Adobe, AT&T, Honeywell, Mastercard, Pfizer and Ticketmaster. Campaigns have targeted at least 165 organizations associated with Snowflake cloud storage systems. This particular type of crime highlights vulnerabilities in cloud data storage and the critical importance of securing access credentials to prevent unauthorized data access. To read how millions were potentially exposed by a Snowflake breach, click HERE for our blog about Neiman Marcus.

CDK Global Breach: If you tried to buy a car this summer, you might have hit a snag or two. In June 2024, CDK Global, a leading provider of dealer management solutions to the automotive industry, experienced a significant ransomware attack affecting approximately 15,000 auto dealerships. The attack paralyzed dealerships leaving them to go back to pen and paper to complete deals. Read More

Salt Typhoon Attack: A Chinese hacking group known as Salt Typhoon infiltrated U.S. telecommunications networks, enabling them to geolocate millions of Americans and record their phone calls. Politico.com reported that high-profile victims included President-elect Donald Trump and senior Biden administration officials. Details of this breach that targeted AT&T and Verizon are still coming to light. It raises significant national security concerns and highlights vulnerabilities in critical infrastructure, prompting calls for enhanced cybersecurity measures in the telecommunications sector. Read More

Change Healthcare Ransomware Attack: Change Healthcare is a major healthcare technology company that suffered a massive ransomware attack by the ALPHV/BlackCat group, impacting over 100 million people. Hackers broke into one of its subsidiaries and disrupted healthcare providers across the United States for months. The Verge reported that UnitedHealth paid a $22 million ransom to regain access to their systems. Read More

“Mother of All Data Breaches” (MOAB) is an extraordinary aggregation of over 4,000 breaches that took place over several years with data amassed from thousands of companies and platforms. This collection of data breaches involved the exposure of 26 billion records making it the largest consolidated data breach in history affecting millions of individuals across multiple countries. The breach included records from major platforms and services such as Adobe, Canva, Dropbox, LinkedIn, X (formerly Twitter) and Venmo. The records contained usernames, email addresses, passwords and, in some cases, financial information leaving those impacted facing increased risks of identity theft, phishing attacks and financial fraud. The data was sold on the Dark Web and widely distributed among cybercriminal communities. Read More

The breaches of 2024 taught many things:

1) The dangers of reusing passwords across multiple accounts. We suggest that you use strong, unique passwords and change them regularly. Also consider enabling two-factor authentication where possible.

2) The importance of persistent, regular credit and threat monitoring. Keep a close eye on your bank accounts, credit cards and other financial records for any suspicious or unauthorized transactions. We also suggest that you consider setting up alerts to notify you of any unusual activity.

3) The need for companies to continue to reduce the collection and storage of unnecessary data to limit exposure in the event of a breach.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Image courtesy credit: Chris Ried via unsplash.com.

 

 

Gamers Hit with Social Engineering Attack

Gamers Hit with Social Engineering Attack

Our security teams have recently discovered that Shadow.tech, a cloud computing service developed by the French company Blade and later acquired by OBHcloud founder Octave Klaba in 2021 has been breached. Its technology is based on Window 10 server executing video games or other Windows software applications remotely. The breach origin date is October, 2023 and involves the data of 545,013 account users including their email addresses, full names, physical addresses and birth dates.

The public acknowledgement of the company states that they were a victim of a social engineering attack targeting one of their employees. Shadow.tech CEO said, “This highly sophisticated attack began on the Discord platform with the downloading of malware under cover of a game on the Steam platform, proposed by an acquaintance of an employee, himself, a victim of the same attack.” Learn More

If the term ‘social engineering attack’ is new to you … you are not alone.

Social engineering is a type of cyberattack that uses psychology to obtain personal identifying information (PII). It is impossible to prevent. This type of attack is a huge threat to cybersecurity because it begins on a very personal level with each victim. It invokes fear. It invokes urgency. If the device is being used for gaming and is part of a corporate network, login credentials can be compromised and harming of the network can occur.

Social engineering attacks can include many different formats: whaling, honeytrapping, tailgating … If you or a family member are into the gaming industry specifically, these are four social engineering attacks you need to be on the lookout for:

– Phishing: fraud, impersonation and old-fashioned blackmail.

– Baiting: fraudsters use fake websites, such as for not legit gaming add-ons and so-called “freebies.”

– Pretexting: this is a newer term and format. It includes a fabricated identity (or situation) where a victim may need to divulge PII. Example types of of impersonation could be a talent agency, a law enforcement officer, a major sweepstakes company.

– Spear Phishing: this is a very targeted email attack on specific employees (or sometimes organizations as a whole).

Tips:

– Only click on URLs that begin with https.

– Enable multi-factor authentication when available.

– Use a spam filter.

– Use a pop-up blocker.

– Do your research and check if a website or contact is legit.

– Never insert a USB into your device unless you know and trust exactly who it is from.

– If a request comes in and is marked URGENT, that is a red flag that it could be a scam.

Learning and following best cybersecurity practices are essential to safeguarding your PII. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Image courtesy credit: bermix-studio-wJ7atxTNeQE via unsplash.com

Nationwide Cyberattack Paralyzes Auto Dealerships

If you have been trying to buy a car this summer, you might have hit a snag or two. Dealerships have had to go back to good old fashioned pen and paper to complete deals after their operations suddenly came to a complete halt. What happened? Hackers targeted CDK Global, a software company that 15,000 car dealerships nationwide rely on. The back-to-back ransomware attacks occurred in mid-June but car dealerships are still recovering from having their operations paralyzed for about ten days. The good news is that dealerships do not think that customer private information has been stolen but that has not been confirmed. We will notify you if our teams find any data sets related to this attack on the dark web.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Update – Ticketmaster/Live Nation Breach Alert: 560 Million Fans Impacted

Update – Ticketmaster/Live Nation Breach Alert: 560 Million Fans Impacted

Ticketmaster Entertainment, LLC is an American ticket sales and distribution company based in Beverly Hills, California with operations in many countries around the world. In 2010, it merged with Live Nation under the name Live Nation Entertainment. Ticketing giant Live Nation confirmed this summer that it has been the victim of a cyber attack. We have just learned that the breach origin date is May 20, 2024. Personal data from over half a billion users have been exposed. Data stolen can include full names, addresses, email addresses, birth dates, credit card type, the last four digits and credit card expiration dates used for ticket sales. Learn More

We suggest that you protect yourself by doing the following if you have a Ticketmaster account:

– Change your password immediately and frequently. Although it might be easier to remember, try to resist the urge to use the same password across multiple accounts.

– Utilize two-factor authentication when it is available.

– If solicited online, never share any personal identifying information or financial account numbers. Only give out information to an individual you know or a company that you are 100% certain about.

This is definitely not the first time Ticketmaster has made the news. If you have a Swiftie in the household, you likely already know the debacle surrounding Ticketmaster and Taylor Swift’s Eras tour that started in 2022. If you are interested in the timeline of the chaos, check out People’s article of events. Learn More

Now is not the time to let your guard down. Knowledge is power. Being informed of what steps you may need to take can help ease the potential damage (and your stress level) if your identity has been compromised. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Image courtesy credit: Erfan Parhizi via unsplash.com

UPDATE from Ticketmaster – July 3, 2024: Ticketmaster has contacted those who may be affected. They state via email that they “take the protection of personal information very seriously.” They explain that an unauthorized third party obtained information from a cloud database hosted by a third-party data services provider. Based on their investigation, they determined that the unauthorized activity occurred on May 27, 2024. They note that they are working to mitigate risk to their users and the company, and have notified and are cooperating with law enforcement and regulatory authorities.

ALERT: Toll Smishing Text Scam – Do Not Click!

ALERT: Toll Smishing Text Scam – Do Not Click!

The Ohio Turnpike and Infrastructure Commission, the FBI and SunPass are warning drivers of a text message smishing scam that requests payment for unpaid tolls. The FBI is recommending that if you receive a message like the one shown below, to take the following actions:

– Do not click the link in the text.

– Contact the FBI’s Internet Crime Complaint Center, also known as IC3, at www.ic3.gov, and include the phone number the text came from and the website listed within the text.

– If you have an EZ-Pass or SunPass account, check it via their legitimate website and let them know about the text.

– Delete the smishing text you received.

– If for any reason you accidentally clicked the link in the text and made a payment, contact your financial institution immediately to help secure your personal information and financial accounts. Contact our Member Services team at 1.888.966.4827 (GUARD) or email [email protected].

Screenshot image of a sample scam on an iphone

Being informed of what steps you may need to take before a slip up happens can help ease the potential damage (and your stress level) if it does occur. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 1.888.966.4827 (GUARD) and [email protected].

Consumer Fraud Losses Top $10 Billion

The Federal Trade Commission (FTC) recently released data showing that consumers reported losing more than $10 billion to fraud in 2023. This marks a 14% increase over reported losses in 2022. Fraud data came from 2.6 million consumers last year, nearly the same as 2022. Consumers reported to the FTC that they lost more money to investment scams – more than $4.6 billion – than any other category in 2023. The second highest loss category was imposter scams with losses of nearly $2.7 billion.

The following is a breakdown of the top frauds reported:

– Imposter scams (in business and government impersonators)

– Online shopping scams

– Prizes, sweepstakes and lottery scams

– Investment scams

– Business and job opportunity scams

The method scammers reportedly used to reach consumers most commonly was via email, which has displaced text messages. Phone calls are now the second most reported contact method. LEARN MORE

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

 

Boeing Breach Alert

Boeing Breach Alert

Our security teams have recently discovered that The Boeing Company has experienced a ranson breach alert. Boeing is an American multinational corporation that designs, manufactures, and sells airplanes, rotocraft, rockets, satellites, telecommunications equipment, and missiles worldwide.

The hacking origin date is November, 2023 and impacts 50,000. Data exposed include email addresses, phone numbers, physical addresses, names and user id.

The company reported that they “are aware of a cyber incident impacting elements of our parts and distribution business.” The Boeing spokesperson continued to state that the “issue does not affect flight safety,” which is an important concern especially with the recent Alaska Airlines Boeing 737 Max 9 incident. LEARN MORE

Boeing is actively investigating the ransom breach and coordinating with law enforcement and regulatory authorities. They are also in process of notifying customers and suppliers. LEARN MORE

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Image courtesy credit: Markus Spiske via unsplash.com

Even Frosty Can Get Scammed

Even Frosty Can Get Scammed

2024 is already looking like a doozy on the winter storm chaos-meter. We are barely two weeks into the new year and winter storms are wreaking havoc across the country. No surprise that utility scammers and unlicensed contractors are targeting those affected.

Although utility imposter scams have been around for years, fraudsters are getting extra crafty at finding new ways to take your well-earned cash. New technology such as Artificial Intelligence (AI) has made it easier for them to impersonate people and companies you trust. Here are some tips to keep the fakers off your doorstep and out of your inbox after a storm:

– Understand that government agencies and utility companies will not contact you to ask for account information. If anyone contacts you, ask to see their identification and credentials.

– Contact your insurance company for next steps in assessing property damage.

– If any work needs to be completed, hire only licensed and insured contractors and get contracts in writing. Only pay after the work is completed and you are completely satisfied.

Other winter tips: keep your pantry stocked (with non-perishable foods/meals that can be prepped without water and heat), extra blankets close by and your devices charged as much as possible. Stay safe and hoping that some great packing snow for Frosty falls from the sky!

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo courtesy credit: Peter Zhang via Unsplash

 

 

Investment Opportunity or Not? Keeping Eyes on Your 💰

Investment Opportunity or Not? Keeping Eyes on Your 💰

One of the top scams of the century involving investments is making a comeback in 2024. A fixed deposit, otherwise known as a term deposit, has traditionally been an investment plan that allows you to earn a safe guaranteed rate of interest for a lump sum over a fixed period of time. Funds can be withdrawn during the fixed term but there are fees to do so. Unfortunately, anyone with access to your personal identifying information and banking credentials can withdraw the money from these accounts.

Scammers desiring to cash in on anyone’s deal are offering fake investments that the masses are falling for. Here is how to get on the band wagon of what you need to know about fake fixed term deposit investment scams so you don’t fall victim:

– Understand that there is no such thing as easy money and it definitely doesn’t grow on trees.

– Every investment has some degree of risk. There is also risk in not investing at all so working with a reputable company registered with the Financial Industry Regulation Authority (FINRA), the Securities and Exchange Commission (SEC) or your state securities regulator is imperative.

– Get it in writing. If there isn’t any documentation that can mean that the investment may not be registered with the SEC and is not legit.

– An unsolicited phone call, text or email promising guaranteed profits is a really good reason to block the number or sender. With artificial intelligence (AI) having entered the pictured the last couple of years, it is understandably confusing as to who is real and who isn’t.

– If you are rushed to make any type of investment decision so you ‘don’t lose out’ and your gut tells you this investment is smelling fishy, then it’s probably ‘phishy,’ a scam technique that isn’t going away anytime soon. To learn more about phishing scams, check out the Federal Trade Commission’s article on the subject HERE.

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo courtesy credit: Micheile Henderson on Unsplash.com

How to Spot a Scam with Children’s Health Insurance

How to Spot a Scam with Children’s Health Insurance

The cost of health care has skyrocketed in the United States. The very topic is as stressful as it is expensive. Did you know that the United States is the highest spending country on healthcare worldwide? In 2021, total health expenditure exceeded four trillion dollars with per capita health expenditure at $12,555.30. Statista Research recently reported that expenditure as a percentage of Gross Domestic Product (GDP) is projected to increase to approximately 20% by 2030.

During the pandemic, each state’s Medicaid Children’s Health Insurance Program (CHIP) helped millions of families with the cost of healthcare. With the end of the pandemic, states are reaching out to update Medicaid enrollments and scammers are already taking advantage of the situation. CHIP won’t ask you to pay to renew … but scammers will.

Here is what you need to know:

– CHIP won’t charge you to renew or enroll. They may reach out to you via email, phone or text but they will NOT ask you to pay, for any of your personal financial information and especially your credit card number or bank account information.

– Do NOT click! Even if it looks like a message is from your state’s Medicaid agency, if there is anything clickable in a message, assume it is scam and visit medicaid.gov to get contact information for your state’s Medicaid agency.

– Utilize healthcare.gov to complete insurance plans, find coverage and see if you are eligible. The website will ask you for your monthly income and age to give you a quote.

– Understand that medical discount plans are NOT insurance plans. Scammers will pitch discount plans to entice you and make you think they are the same as insurance.

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Source: Federal Trade Commission

Photo Credit: Courtesy of Charles Deluvio via unsplash.com