Update on LastPass breach and Second Largest Data Breach Payout in U.S. history

In this week's Cyber Weekly:

1. Update on the LastPass breach
2. Canadian hospital attacked
3. Second Largest Data Breach Payout in U.S. history
4. Strange attack on this community center
5. In case you didn't know

Thanks to all 10,506 subscribers. It really takes a community to fight against cyberattacks. By sharing these newsletters, we can reach more people and help others from becoming a statistic. Share this blog in the top right corner of this blog.

Also, follow me on LinkedIn for daily cyber security discussions >> Luigi Tiano.

1. Update on LastPass data breach

‍

In August, the password management company was hacked. LastPass promised that customer data was safe. Their story soon changed to “data was compromised”, but claimed that user passwords were not part of the data breach. Just last week, they admitted that the hackers obtained a backup of customer vault data. In other words, if the hackers guess your main password that opens the vault, they gain access to all your passwords. LastPass says that if your master password is hard to guess then you should be in the clear. However, they highly recommend updating your passwords. (reviewgeek)

‍

My thoughts: We know that when companies get breached, they do NOT immediately know the full extent of the attack. It sometimes can take weeks or months before they have it all figured out. As soon as you hear about a breach, update your passwords. Passwords should always be long and complex. It doesn’t take a lot of time to do it. Out of curiosity, for those who use LastPass, will you continue to use their service after this breach?

‍

2. Canadian Hospital Attacked

‍

Toronto’s Hospital for Sick Children was hit with a ransomware attack affecting the phone lines, website and clinical systems. According to a representative, the patient care is unaffected. At this time, there is no evidence pointing to compromised patient data. At this time, they asked for assistance is reviving all of their services, but calling the hospital at this time may not be possible. (cbc)

‍

My thoughts: This story is very new. I hope the extent of the damage stops at this point, but until further investigation, we will not know exactly what happened. With the limited information presented to us, can we assume the hospital had some measures in place so their data wasn’t compromised? How can we protect the healthcare industry more in 2023?

‍

3. Second Largest Data Breach Payout in U.S. history

In 2019, T-Mobile suffered one of the largest data breaches in U.S. history, compromising the data of over 75 million consumers. Although the company is not admitting to any wrongdoing, they agreed to pay out $350 million. If the deal gets final approval, anyone affected by the breach can claim $25 cash payment. California residents are entitled up to $100. And you can be reimbursed of up to $25,000 if you had to spend time or money to recover from fraud or identity theft relating to the breach. Since the attack, many T-Mobile customers were victims of a variety of attacks including identity theft. (cnet)

My thoughts: If T-Mobile has kept the data of previous and current data of over 75 million people, why can’t they mail them a cheque for $25 each? Why is it the responsibility of the victims to get compensation? Unless they actually payout the full $350 million, then what’s the point of all of this?

4. Community Center Gets Money Pulled Straight Out of Bank account

‍

The Nelson Cares Society, a community center in British Columbia, was the victim of a unique cyber attack. The hackers removed almost $600,000 directly from their bank account, earlier this year. Services have not been impacted. Their executive director came forward to announce that $211,079 has been recovered and they are working with the bank to recover the rest. (thenelsondaily)

‍

My thoughts: Imagine if hackers keep stealing money straight out of their corporate bank accounts, I wonder if that would change how organizations perceived cyber attacks. What are your thoughts?

‍

5. In case you didn't know...

‍

I started Assurance IT with my childhood friend Ernesto Pellegrino in 2011. Our mission is to help 100,000 companies become cyber resilient through our services and free content. We focus on helping mid-sized organizations with data protection and data privacy. Our primary services include: endpoint management, cloud backup, DRaaS, Microsoft 365 backup, and Quebec's Law 25 training.

‍