PCM Cloud Solution Provider Suffers Data Breach

Exploit: Unauthorized network access
PCM: Direct marketing company offering technology products and services

Risk to Small Business: 1.888 = Severe Risk: Using stolen administrative credentials for PCM’s Office 365 client accounts, hackers gained access to client data. It’s speculated that hackers intended to use this information to conduct gift card fraud. Upon discovering the breach, PCM closed off access to these accounts, limiting the reach of the intrusion. Despite the relatively minor scope of the data breach, recovering from a cybersecurity incident is no small matter. The company will now need to bear the cost of auditing their IT infrastructure as they work to repair the reputational damage that accompanies such an event.

Individual Risk: 2 = Severe Risk: It’s believed that hackers were pursuing information usable to perpetrate gift card scams, which could include stealing personal information. The company has notified those impacted by the breach, and these individuals should be especially vigilant about monitoring their accounts for unusual activity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business:In many ways, PCM got lucky. Although hackers were mostly unsuccessful at obtaining client data, they were able to access systems with a trove of valuable information. Additionally, they were able to accomplish this by simply obtaining administrator credentials, which can be widely available on the Dark Web or through phishing scams. Knowing if this information is available is a critical and often overlooked component of any company’s security posture.

Risk Levels:

1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.