Pacific Specialty employees fall for phishing scam, exposing customers’ personal data
Exploit: Phishing scam.
Pacific Specialty: Insurance provider.
Risk to Small Business: 1.444 = Extreme: Several employees fell for a phishing scam that compromised customers’ personal data. The attack allowed hackers to access some employee accounts between March 20, 2019 and March 30, 2019. However, the insurance provider wasn’t aware of the breach until November 7, 2019 and did not identify details until January 14, 2020. In response, the company has hired a cybersecurity team to update its data privacy practices, and reset all employee login credentials while enabling two-factor authentication on its accounts. Nevertheless, the company will end up paying much more than they would have if they had invested in basic security solutions.
Individual Risk: 1.857 = Severe: Personal identifiable information was compromised in the breach. This includes customers’ names, Social Security numbers, drivers’ licenses or government-issued IDs, financial information, payment card data, medical details, and health insurance credentials. Pacific Specialty is offering 12 months of credit and identity monitoring service to victims
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Phishing scams are a known threat to every company, and organizations that are committed to data security will take steps to prevent this common attack methodology from negatively impacting customer data. Selecting strong, unique passwords for every account and enabling two-factor authentication can thwart cybercriminals, even when employees act upon a phishing scam, making them an obvious security feature for every organization. Of course, they can only prevent a breach if they are implemented before an incident occurs.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
