Welcome to the latest edition of the Cybersafe Cyber Threats Update, on the 7th March. This is a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, and malware including Ransomware, to ensure you stay safe online. Being aware of these cyber threats helps UK companies to gain cyber essentials certifications and keeps employees on alert for potential danger.

Here are the most prominent cyber threats to businesses which you should be aware of:

Details compromised in data breach

The recent cyber security breach at the Scottish Ambulance Service (SAS), where staff data was inadvertently released, underscores the critical importance for businesses, particularly in the healthcare sector, to prioritise cyber security. For CFO’s and CEO’s, this incident is a stark reminder of the potential risks associated with digital data management, both financially and from a personal standpoint.

The breach, stemming from an email mishap, resulted in the unintended dissemination of personal details of community first responders. While SAS promptly apologised and took corrective actions, including reporting the breach to the Information Commissioner’s Office, it highlights the pressing need for robust cyber security measures for businesses.

This incident isn’t isolated; in 2018, SAS also experienced a data compromise, emphasising the ongoing challenges healthcare providers face in safeguarding sensitive information. While no patient data was compromised, the repercussions extend beyond securing the exposed information. There are financial implications for the organisation, as they embark on their Business Continuity and Disaster Recovery journey, as well as reassuring individuals who were victims of the data leak that they are safe.

Business owners must recognise that such breaches can have severe consequences, including damage to reputation, legal liabilities, and loss of trust from customers or stakeholders. Therefore, investing in cyber security measures such as encryption, employee training, and regular audits becomes paramount.

Ultimately, the Scottish Ambulance Service’s data leak poignantly reminds us of the vulnerabilities inherent in digital data storage and transmission. As business owners, it’s imperative to prioritise cyber security to mitigate risks and safeguard sensitive information.

B2B Service for Marketers suffers massive data breach

Cutout.Pro, a renowned AI-powered photo and video editing platform has recently experienced a significant data breach, compromising the personal information of approximately 20 million users, including individuals who use the platform for work. This is a stark concern for business owners who may be wondering if confidential data has now been leaked. The data breach, disclosed on a hacking forum by an individual using the alias ‘KryptonZambie,’ has sparked concerns regarding the security of user data on the platform.

The exposed data, totalling 5.93 GB in CSV files, includes sensitive details like email addresses, hashed and salted passwords, IP addresses, and usernames. This extensive breach not only threatens the privacy of Cutout.Pro’s large user base, but casts doubt upon the platform’s security measures and data protection protocols..

Reports suggest that the cyber criminal responsible for the breach claims ongoing access to Cutout.Pro’s system, which again, is a concern for business owners and employees who use the platform. This is a persistent cyber security threat that the platform may still need to address fully. The leaked data, comprising 41.4 million records with 20 million unique personal and work email addresses, highlights the severity of the breach and its potential impact on affected users.

Analysis revealed a wide range of personal information in the leaked data, including user IDs, profile pictures, API access keys, account creation dates, and even mobile phone numbers. The breach also exposed users’ account types and statuses, heightening concerns regarding identity theft and fraudulent activities.

The seriousness of the situation is further emphasised by including MD5 password hashes in the leaked dataset, which is vulnerable to modern cracking techniques. Although Cutout.Pro has not officially confirmed the security incident; independent verification by the reputable breach monitoring service Have I Been Pwned (HIBP) guarantees the authenticity of the breach. The site has verified multiple matches from the leaked email addresses, indicating a significant breach affecting a substantial portion of the platform’s user base.

For C-Suite Level Executives, this incident serves as a stark reminder of the critical importance of robust cyber security measures to safeguard sensitive customer information. Implementing strong encryption, regular security audits, and comprehensive data protection protocols is essential to mitigate risks and maintain trust with customers. It is also another reminder to employees and HR managers to enforce the rules that no one should have the same password for different accounts.

Cyber attack financially destroys well-renowned administration firm

BBC licence fee collector Capita has reported a staggering £107 million loss following a cyber attack last year believed to be orchestrated by Russia-linked cyber criminals. The outsourcing giant’s shares plummeted by up to 23% in early trading on Wednesday as it disclosed its 2023 financials, starkly contrasting the £61 million profit recorded the previous year.

The loss is attributed to significant additional costs, including £25 million allocated to recover from the hack on its pensions business, which impacted dozens of pension schemes relying on Capita’s administration services. These schemes, serving millions of savers, were compelled to warn about data vulnerability after the Russian cyber gang’s April attack. However, Capita clarified that the breach affected only 0.1% of its servers. This story highlights just how important it is to have a Business Disaster and Recovery Plan in place.

The company has emphasised the extensive measures taken to recover and secure the stolen data. Despite ongoing dark web monitoring, the company found no evidence of the stolen data being circulated. The company’s shares have plummeted significantly since the breach and the onset of the pandemic.

Capita faces significant challenges in restoring financial stability and rebuilding trust following the cyber attack, underscoring the critical importance of cyber security measures for businesses operating in today’s digital landscape.


Contact Neuways for Cyber Security For Businesses

If you need any assistance with cyber security to become Cybersafe, then please contact Neuways and we will help you where we can. Just get in touch with our team today. We’re based in Derby but we work with clients all over the UK and can travel for your needs.