Cybercriminals breach CicleCl third-party database, gaining access to company and customer data
Exploit: Unauthorized database access
Wisconsin Diagnostic Laboratories: Continuous integration and delivery platform
Risk to Small Business: 2 = Severe: Cybercriminals gained access to a third-party database for CircleCI, which compromised customer information and company data. The breach was uncovered when an employee noticed unusual account activity and notified the CirlceCI security team. Nevertheless, the breach went undetected for nearly a month, impacting customers who accessed the platform from June 30th through August 31st. CircleCI worked with a security provider to repair the vulnerability, but their failure to adequately protect user data will remain a stain on their reputation, a less-quantifiable but uniquely important facet of doing business in 2019.
Individual Risk: 2.571 = Moderate: Customer data that was compromised included usernames, email addresses, and organization names. This data can quickly make its way to the Dark Web where it can be used to facilitate additional cybercrimes. Fortunately, authentication tokens, passwords, and payment information were not involved in the incident. Those impacted should be mindful of suspicious communications, and they should monitor their accounts for any unusual activity.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Comprehensive awareness training about the prevalence and best practices regarding phishing campaigns is a necessary step, but those initiatives have to be in place before a data breach in order to truly be effective. Phishing scams will inevitably land in your employees’ inboxes and developing a readiness posture can prevent them from exploiting additional vulnerabilities or instigating a data breach.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
