Sqrrl Blog

Dec 22, 2015 11:39:59 AM

Cyber Incident Matrix: VTech

Complexity Score: 0
Severity Score: 0
How did we get these numbers?

Incident Summary

Overview:

On November 14th, Hong Kong based toymaker VTech announced that its servers had been infiltrated after inquiries from the media, based on an anonymous tip to VICE Magazine. The anonymous tipper claims to be the hacker himself, describing in an interview with VICE that his only intention in the breach was to bring awareness to the blatant lack of cybersecurity at VTech.

  OPM Breach IRS Breach Anthem Breach ATM hacks Kaspersky hack Insider Trading hacks Ashley Madison Breach Penn State SSA Breach VTech Breach

Read More

Topics: Cybersecurity, Data Breach, Cyber Incident Matrix, VTech Breach

Nov 24, 2015 8:30:00 AM

Cyber Incident Matrix: Service Systems Associates (SSA)

Complexity Score: 2
Severity Score: 3
How did we get these numbers?

Incident Summary

Overview:

On October 13th, 2015, Service Systems Associates announced that it had discovered a breach of its point-of-sale systems that resulted in the loss of about 60,000 individuals’ credit card information. The data breach occurred in 10 client locations across the United States. SSA only recognized the breach months after its initialization, and did not release a report until almost four months after the breach.

Read More

Topics: Cybersecurity, Data Breach, Cyber Incident Matrix

Nov 17, 2015 10:39:00 AM

Cyber Incident Matrix: Penn State

Complexity Score: 4
Severity Score: 2
How did we get these numbers?

Incident Summary

  • What was breachedPennsylvania State University's School of Engineering

  • Delivery: September 2012

  • The Attackers: Offshore entities, at least one located in China

Overview:

In November of 2014, the FBI alerted Penn State administrators that they had suffered a breach by a foreign entity. After several weeks of forensic analysis, it was determined that key machines inside the Penn State School of Engineering had been breached, containing the usernames and passwords of 18,000 university faculty, staff, and students. Several of the breached machines also contained PII, but there is no evidence to suggest that this information has been used maliciously.

Read More

Topics: Malware, Data Breach, Cyber Incident Matrix

Sep 4, 2015 1:32:00 PM

Cyber Incident Matrix: Ashley Madison

Complexity Score: 4
Severity Score: 6
How did we get these numbers?

Incident Summary

  • What was breached: User Data from Avid Life Media websites, specifically targeting the Ashley Madison infidelity website

  • Delivery: Announced July 2015,

  • The Attackers: A hacking group known as "The Impact Team"

Read More

Topics: Data Breach, Cyber Incident Matrix

Aug 3, 2015 11:30:00 AM

Cyber Incident Matrix: ATM Hacks

Complexity Score : 5
Severity Score : 4
How did we get these numbers?

Incident Summary

  • What was breached: Nearly 100 Banking institutions in over 30 countries

  • Delivery: 2013 (possibly earlier) - February 2015

  • The Attackers:  Allegedly Russian Hackers  

Overview:

Using email attachments infected with malware sent to bank employees, hackers were able to passively collect information on banking systems across nearly 100 banks, eventually using that information to gain access to critical systems, undetected. The intruders were able to mimic staff behavior in order to learn more about system operations, then open accounts and transfer money.

Read More

Topics: Cybersecurity, Cyber Incident Matrix

Jul 22, 2015 8:30:00 AM

Cyber Incident Matrix: Anthem

Complexity Score: 4
Severity Score: 5
How did we get these numbers?

Incident Summary

  • What was breached: Anthem customer profile database

  • Delivery: April 2014 - February 2015

  • The Attackers:  No formal incrimination, Chinese government is suspected

Overview:

On February 4th, 2015, Anthem Inc., formerly known as Wellpoint, announced that it had discovered a breach of its customer information database that resulted in the loss of 37.7 million records containing email addresses, home addresses, and Social Security numbers. After several weeks of forensic analysis, that number increased to 78.8 million affected records. While the formal FBI investigation has not concluded, it has been speculated that the Chinese government perpetrated the attack.

Read More

Topics: Cybersecurity, Data Breach, Cyber Incident Matrix, Healthcare Breach