Exploit: Unauthorized database access
SFERS: Public employee benefits program
Risk to Small Business: 1.980 = Severe
An unauthorized user accessed a critical database managed by the program’s third-party vendor, causing a significant data breach. The breach, which occurred on February 24, 2020, wasn’t discovered until the end of March. An analysis of the incident couldn’t be completed until this month, leaving many people unaware that their information might be compromised. This data breach reveals the cybersecurity risk that accompanies third-party partnerships but also the often-lengthy delay between breach identification and notification.
Individual Risk: 2.602 = Moderate
The data breach did not compromise Social Security numbers or bank data, but it did include members’ names, addresses, dates of birth, and beneficiary information. This data can be used in a variety of different cybercrimes. Most notably, cybercriminals are using stolen data to craft spear phishing messages that can result in even more problematic cybersecurity incidents.
Customers Impacted: 74,000
How it Could Affect Your Customers’ Business: Third-party vendors are an inevitable part of doing business in 2020. However, these relationships expose companies to potential data breaches that are outside of their control. In this environment, having an extra layer of protection to prevent network or account access is a critical component of any defensive strategy.