A US-based accounting and wealth management firm Moss Adams has been hit by a data breach affecting a number of customers’ personal information according to a report.
The firm’s website revealed the incident informing customers of possible unauthorized access to their personal information and calling for immediate action. This puts them on the tall list of companies that were hit by a data breach in 2019.
According to the report, the hackers were able to access these sensitive files after gaining access to an employee’s email. Interestingly, most of the hacking incidents reported this year were about how threat actors used employee’s email as a gateway to access sensitive information.
It all started on 10 October 2019, when unusual activity was discovered in one of the Moss Adams‘ employee emails. As claimed by the report, the IT department of the firm secured the email and launched an investigation into the suspicious activity. It was then revealed that a third party had accessed the email of the Moss Adams employee which contained the personal information of its customers.
The team cannot tell whether the hackers really accessed the personal information, but since the email was impacted, then it is likely they obtained the information therein. They clarified that any form of breach affected the personal information transmitted via email, not their entire system.
Image Source: www.technadu.com
Hackers may have accessed the names and Social Security Numbers of customers. As part of its measures to control the situation and reduce the impact, Moss Adams is offering free one-year membership to all affected customers at the TransUnion Interactive’s myTrueidentity credit monitoring and identity restoration service.
The product is aimed to provide a premier credit monitoring and identity theft restoration service in addition to a $1 million identity theft insurance coverage according to the report.
Moss Adams requires affected customers to be over 18 years, established credit in the US, have a Social Security Number and a US residential address to qualify for the relief and they come at a deadline.
Most firms refuse to take cybersecurity serious unless they suffer a severe hit. The few that invest in cybersecurity ignore the basic principles to stay safe. Investing money in cybersecurity without training the staff about basic guidelines still leaves companies at risk as hackers always look for a loophole to strike. In most cases, the cost involved in a data breach is much higher than the cost of cybersecurity tools and protection.
Moss Adams has also provided customers with a few information to protect their accounts. According to the released document, customers must review their account and monitor their account statements. If they observe any suspicious activity, they must not hesitate to inform the financial company. In addition, they have been advised to report all fraudulent activities and identity theft in relation to the stolen personal information to the proper law enforcement or any relevant body is charged.
All customers have been advised to consider placing fraud alerts on their credit files. It was stated that the initial fraud alert service is free and would be placed on the credit file for 90 days. When this is done, customers would be notified of any suspicious activities on the credit file.
In addition, customers must also consider a security freeze. This will ensure no new account is opened in their names, and potential creditors cannot access their credit reports without their consent. Most of the measures put in place are meant to protect customers but does not stop the fact that the affected individuals may suffer from identity theft from the stolen personal information.
Image Source: www.zdnet.com
The incident of Moss Adams is a strong indication that hackers are targeting all areas from construction, health, IT, to finance based on the many recorded incidents in 2019. Some hackers launch an attack to encrypt files with the sole motive of providing a decryption key after a ransom is paid. Others are also not interested in ransom at all. Their interest lies in obtaining personal information of customers to be offered for sale on the dark web. In as much as many incidents of data breach hitting companies is rising in recent years, most hackers also target individuals with many recorded cases.
Hackers are on the rise, so individuals and corporate bodies must protect themselves by using stronger passwords and being mindful of the links they click on to avoid phishing attacks which are mostly a gateway to enter a computer system. Most importantly, companies that are dealing with a bunch of customers’ information must live up to the trust invested in them to protect the data from falling into the hands of third parties.
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.