Exploit: Phishing attack.
Lancaster University: Public research university in Lancaster, Lancashire, England.
Risk to Small Business: 1.888 = Severe Risk: A phishing attack compromised the personal information for thousands of students. Described as a “sophisticated and malicious phishing attack,” the scam thwarted the university’s cybersecurity initiatives by tricking employees into disclosing credentials or data. Now the university, which offers an advanced degree in cybersecurity, will have to provide support services for thousands of students while managing the reputational damage that always accompanies a data breach and can negatively impact future enrollment.
Individual Risk: 2.428 = Severe Risk: The phishing scam compromised student data related to undergraduate applications for the 2019-2020 school year as well as a limited amount of information related to current students. This includes student names, addresses, phone numbers, and email addresses. Furthermore, some undergraduate applicants received fraudulent invoices, which indicates one use-case for the stolen information. Therefore, those impacted by the breach need to carefully monitor their credentials for additional misuse, and they need to thoroughly vet any correspondence purporting to originate from the university.
Customers Impacted: 12,500
How it Could Affect Your Customers’ Business: Especially for organizations handling minors’ personally identifiable information, data security must be a top priority. Phishing scams, which rely on employees’ ignorance or indifference to compromise information, are defensible through employee awareness training, effectively rendering this cyberthreat useless. These attacks are easy and affordable to implement, and every organization should prepare for the inevitability that phishing emails will make their way to their employees’ inboxes.
ClearYolk to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime.