The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Friday Five: 8/2 Edition

by Lewis Mustoe and Hayley Donaldson on Thursday August 15, 2019

Contact Us
Free Demo
Chat

A trio of breaches, the plight of IT budgets in the U.K., and hackers hitting school districts - catch up on the week's news with this roundup!

1. Pearson Hack Exposed Details of Thousands of U.S. Students by Parmy Olson

Pearson recently notified school districts that it suffered a data breach, which exposed the data in about 13,000 university and school accounts. Affected students were mainly from the U.S. and compromised information included names, dates of birth, and email addresses. Pearson has informed impacted customers of the breach and is offering them credit-monitoring services. In order to mitigate the risk of exposing student information, educational companies’ databases should have unique student identifiers that do not include a name, date of birth, or email.

Read more

2. Thousands of Los Angeles police caught up in data breach, personal records stolen by Charlie Osborne

The Los Angeles Police Department (LAPD) suffered a data breach that exposed the personally identifiable information (PII) of 2,500 LAPD officers and 17,500 applicants. Stolen information included names, partial social security numbers, and dates of birth, as well as the email addresses and logons used to apply for LAPD jobs. The LAPD informed the people who have been impacted by the breach and is currently investigating the breach and improving its security measures.

Read more

3. North Carolina County Lost $1.7 Million in BEC Scam by Lawrence Abrams

Cabarrus County employees fell for a Business Email Compromise (BEC) scam, and as a result, the county lost $1.7 million. County employees opened a phishing email, which stated the bank account for Branch and Associates, the company responsible for building the county’s new high school, changed and the county should use this new account for invoice payments. Because vendors often send the county legitimate requests to change their bank account information, the county thought the email was valid and unknowingly sent $2.5 million to a fraudulent bank account. County employees only realized their mistake when a Branch and Associates’ employee called Cabarrus County regarding a missing payment. Unfortunately, the county’s banks and insurance policy did not recover all of the stolen $2.5 million, so the county had no choice but to take $1.7 million from its funds allocated for “extraordinary circumstances” to pay Branch and Associates. Implementing strict vendor processes that require authentication for any changes would reduce government entities’ risk of falling victim to BEC scams.

Read more

4. One-third of UK councils have IT budgets cut by Karl Flinders

A third of local councils in the U.K will see their IT budget decrease from the previous year while another 20% will receive no extra funding. Considering the new wave of crime that targets valuable data, local governments are putting a huge target on their own backs by not dedicating more resources towards IT and cyber security. Software company Y Soft questioned 78 local authorities about their IT budgets, and as a part of this finding discovered that only 21% of councils are looking into automating any manual workflows. As well as the threat of a security breach, showing a stubbornness to automate various manual workflows drastically decreases productivity across all sectors within these government agencies. Neath Port Talbot, a Welsh council, announced that they reduced costs by 95% by implementing robotic process automation. IT Budget cuts across government councils is extremely risky as it presents an opportunity for potential cyber criminals who are looking to extort officials after collecting sensitive data.

Read more

5. Hackers’ Latest Target: School Districts by Nicholas Bogel-Burroughs

A quick trend article here via The New York Times on a recent spate of cyber attacks that have hit schools and what's fueled the incidents. The biggest takeaway from the piece? It sounds as if most school systems, especially those in small communities, don't have the resources to combat these threats. An interesting statistic here, via Keith R. Krueger, the chief executive of the Consortium for School Networking: "Nearly two-thirds of school districts in the United States serve fewer than 2,500 students, and many do not have a staff member dedicated solely to cybersecurity."

Read more

Tags: hacking, Ransomware, Data Breaches

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Guest Contributor

Get unique perspectives on a range of infosec topics from our guest contributors.