Exploit: Accidental sharing
The Cabinet Office: Governmental department responsible for supporting the Prime Minister and Cabinet
Risk to Small Business: 1.809 = Severe
Several employees fell for a phishing scam that compromised subscribers’ personal information. The attack, which occurred on March 23rd, wasn’t identified until April 21st. Unfortunately, it took the company months to complete its investigation, costing victims critical time to secure their information. The news organization has apologized for the breach, but many consumers have little patience for these overtures, preferring instead that companies take steps to protect their information before a breach occurs.
Individual Risk: 2.541 = Moderate
Hackers accessed customer’s names, phone numbers, and email and home addresses for anyone who contacted the newspaper through its firstname.lastname@example.org email address. Those impacted by the breach should carefully scrutinize incoming messages, as this information is often used in spear phishing attacks that compromise even more sensitive information.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The number of phishing scams has exploded since the COVID-19 pandemic began. These easy-to-execute attacks carry little risk for cybercriminals, but they can have enormous implications for companies that fall for these scams. It’s clear that cybercriminals will continue to rely on this attack methodology as an easy way to steal company data, making employee awareness training a critical component of every organization’s defensive posture.