Thursday, July 26, 2018

Security Vulnerabilities: LabCorp, Voter Data, & ComplyRight HR

In the previous security vulnerabilities post we discussed recent issues with Bluetooth, Macy's and Emotet. This post provides information about additional security vulnerabilities that have recently occurred including:
  • LabCorp's Ransomware infection
  • Voter data breach
  • ComplyRight breach
The information about these recent security vulnerabilities include how they might affect you and what you should do to protect yourself. The title of each breach type listed below is a link to an external news source with additional information about that particular security vulnerability.

Security Vulnerabilities: LabCorp, Voter Data, & ComplyRight

LabCorp is one of the largest clinical labs in the U.S. and was the unfortunate victim of a SamSam Ransomware attack on July 13. Luckily, the attack was quickly noticed and immediate measures were taken to stop the spread of the attack. Still, in the 50 minutes it took to stop the attack, 7,000 systems and 1,900 servers were affected. This shows the power and chaos a Ransomware attack can cause, even when client information is not compromised, as in this situation.

Not only is it important to have systems in place to notify you of changes on your network, but your best protection against Ransomware is having offsite backups.

U.S. Voter Data

A robocalling company used for political campaigns failed to protect over 2,600 files. These files were hosted online with Amazon S3 and did not require any login credentials, meaning anyone who came across them could access them. These files contained personal information including:
  • Gender
  • Age
  • Birth year
  • Phone numbers
  • Ethnicity
  • Education
While the company claims the files had not been used in the past two years, much of the information could still be relevant to those the information belonged to. The Virginia-based company also claimed the exposed data was public information. However, having all the information in one location is less common and can put your information at risk. This is believed to be the 5th major breach of voter data in the last five years.

The more information that is collected about you, the harder it can become to protect yourself. Every user account that requires security questions increases the risk to that data because it creates potential that the information might be accessed by an unauthorized user. 


ComplyRight is a cloud-based human resources company that suffered a website security breach affecting 662,000 people. ComplyRight works with businesses to provide support for employee forms processing. The information accessed was on tax forms submitted by ComplyRight's clients on behalf of their employees, many of whom did not even realize their company utilized ComplyRight's services. 

The breach, which occurred on their e-file website, began on April 20, 2018 and continued through May 22, 2018. The breach may have jeopardized consumer information including:
  • Names
  • Addresses
  • Phone numbers
  • Email addresses
  • Social Security numbers
If you have been a victim of this breach, the company is offering 12 months of free credit monitoring. Since ComplyRight mainly works with employers, you may want to inquire with your employer to be sure if they use ComplyRight.

The examples above demonstrate how a breach can happen even when you might not realize a company has your data, like the case of ComplyRight. Other examples illustrate how something as simple as exercising your right to vote can put your information at risk. The more information you share, the more your information is at risk. Whenever possible, try to protect your information by making good decisions about the email attachments you open, where you create user accounts and what information you share. Keep in mind, this and the previous post cover recent breaches but they are certainly not the only breaches.

As always, you cannot know everything going on with tech, but to best protect yourself it is important to be as informed as possible.

Enjoy this post? Subscribe to our Blog

No comments:

Post a Comment