The Risk Report - August 11
Amazon’s the kind of person who invites themselves to your party and then massively overstays their welcome. But hey, at least you can send them back for free… well, until you need to vacuum??
BREACHES THIS WEEK
?? Klaviyo
Klaviyo, a marketing automation platform, has disclosed that it fell victim to a phishing attack. A statement on its blog by CEO Andrew Bialecki explained the incident was first detected last week after an employee’s corporate login credentials were compromised. Though Klaviyo “immediately revoked access” for the threat actor, some internal tools were accessed. The threat actor used their access to download customer lists of cryptocurrency-related accounts, a tactic that has been taking the email-marketing industry by storm lately. Once in possession of customer lists, hackers will then send targeted phishing attacks to cryptocurrency customers in an attempt to steal some coin. Klaviyo reports that the investigation is still ongoing, and that law enforcement has been notified.
?? Priority Health
Priority Health, a nonprofit health insurance company serving Michigan residents, suffered a data breach after an “unauthorized party” gained access to member accounts late last year. A statement on the Priority Health website reports that the “unauthorized party may have viewed information such as names, dates of birth, addresses, phone numbers, email addresses, insurance information, claims information, and limited medical information”. It is estimated that approximately 120,000 individuals were impacted as a result of the breach. Priority Health has set up a phone hotline for those impacted.
领英推荐
?? Cisco
Cisco, the self-proclaimed “largest enterprise cybersecurity company in the world”, has been hacked. Over 2 gigabytes of stolen files were published to a dark web forum on Wednesday by the Yanluowang ransomware gang, which prompted Cisco to immediately go on the defensive. In a statement on the Cisco website, it was explained that, while a “security incident” did take place on their corporate network in late May 2022, no sensitive files were taken, and no business impact was identified. Cisco is definitely playing hardball on this one, referring only to what the hackers published as a “list of files” and taking every opportunity to hype up its own security infrastructure. Stay tuned as this story unfolds.
HIGHLIGHTS THIS WEEK
??? Amazon
Amazon has announced that it is buying Roomba, giving them even more access to the inside of your house. What’s more? Roomba announced a 10% layoff the very same day. Should the $1.7 billion purchase go through, it will be, according to security researcher Ron Knox, “the most dangerous” in the company’s history. But, fear not, Prime-ates: “Protecting customer data has always been incredibly important to Amazon, and we think we've been very good stewards of peoples' data across all of our businesses”, wrote an Amazon spokesperson to Insider. The deal now faces approval from the Federal Trade Commission, with many hoping it gets returned to sender over antitrust concerns.
?? FTC
The Federal Trade Commission (FTC), before getting to the Amazon deal, is rumored to have begun drafting new laws this week focusing on expanding online privacy protections for Americans. Any new laws would take years to enact, but this latest attempt seems to be something of a last-ditch effort to get the United States up to speed on privacy laws, perhaps exercising its legal authority to force at least some new rules into motion. In particular, it is reported that the FTC will focus on the handling of consumer data by businesses, and on the banning of certain data collection practices in use today.