Altice USA employees tricked by hackers to expose 12,000 customer email credentials.
https://www.newsday.com/business/altice-data-breach-employees-customers-1.41718432
Exploit: Phishing Attack
Altice USA: Cable and internet provider
Risk to Small Business: 2 = Severe: phishing scam tricked an employee into providing hackers with email credentials that were used to access and download inbox content remotely. Although the breach was announced on February 5th, the phishing scam was executed in November 2019. It wasn’t discovered until December 2019, which raises questions about the company’s data security capabilities and notification strategy. As a result, Altice USA will have a difficult time restoring customer confidence, which will be critical to recovering from this preventable data breach.
Individual Risk: 2.285 = Severe: Customers’ personal information was compromised in the breach. This includes Social Security numbers, birth dates, and other personal details. The company claims that financial information was untouched by the breach and is offering free identity and credit monitoring services for affected victims to protect compromised data.
Customers Impacted: 12,000
How it Could Affect Your Customers’ Business: Phishing attacks are easy to deploy, and they are devastating to companies compromised by malicious messages. Although security processes are unlikely to keep all phishing emails out of their employees’ inboxes, they can render the attacks useless by providing comprehensive awareness training that teaches and trains employees to identify phishing scams.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
