Exploit: Malware attack Borough of Westwood: Local government organization serving Bergen County, New Jersey
Risk to Small Business: 2.222 = Severe: Unusual network activity in December 2018 alerted county officials that hackers gained access to the county’s network. These bad actors introduced malware into their system, which placed the personal data of residents at risk. Although the county is confident that information on the network hasn’t been viewed, accessed, or downloaded by hackers, they obtained third-party cybersecurity services to assess the damage and remove the malware from their system. However, it’s unclear why county officials waited six months to notify the public of the incident.
Individual Risk: 2.142 = Severe: Authorities are confident that personal information has not been viewed in this attack. However, the network did store personally identifiable information, including names, social security numbers, driver’s license numbers, and bank account details. The county is in the process of notifying people who could be impacted by the breach, but anyone who provided data to the county’s website should be vigilant about monitoring and reviewing their account statements for suspicious activity.
Customers Impacted: Unknown How it Could Affect Your Customers’ Business: As news headlines continually demonstrate, local governments are becoming a top target for hackers and cybercriminals. Therefore, it’s critical that these institutions make every effort to secure their IT infrastructure before a cybersecurity incident occurs. In this case, a six-month delay in reporting the data breach would make it difficult for victims to identify data misuse, meaning that the lack of damages resembles more of a stroke of luck than an intentional strategy. Instead of relying on good will, organizations must establish a strong defensive posture that prevents a data breach from occurring in the first place.