Tag: data breach

If you’re an Outlook or Gmail user, you’ll want to be aware of this ransomware warning just issued by the FBI
A new ransomware targeting Gmail, Outlook and other popular email providers has made enough waves for the FBI to issue a warning about it. In addition to targeting these email providers bad actors have narrowed their search to those in specific fields like medical and tech.

The ransomware is called “Medusa” and it first came on the scene in 2021, emerging as part of a new group of ransomware found under the “Ransomware-as-a-Service (RaaS) umbrella. This means the hacker are not necessarily the creator of the ransomware but are instead utilizing scripting created by others as a means to profit from ransoms paid in lieu of getting your data back.

The creators of Medusa have been linked back to a group called Spearwing, which are particularly ruthless in that they try to extort victims twice. First, they steal your data and extort payment to not expose it and they also encrypt it and will not provide victims with a method to decrypt it until they receive a second payment. Spearwings ransom demands have ranged from $100,000 all the way up to $15 million.

There hasn’t been a definitive answer as to how the latest breaches were conducted, so it’s uncertain at this time whether the attacks were accomplished due to user error or through another method of breach. As such the FBI and CISA have recommendations as to how users can protect themselves from the Medusa ransomware that include:
1. Mitigate known vulnerabilities by ensuring operating systems, software, and firmware are patched and up to date within a risk-informed span of time.
2. Segment networks to restrict lateral movement from initial infected devices and other devices in the same organization.
3. Filter network traffic by preventing unknown or untrusted origins from accessing remote services on internal systems.
Proactive services (including cyber security) are a keystone offering for Valley Techlogic. With ransomware threats becoming more sophisticated and lucrative year over year, you need a team behind you to protect against outside threats. Below are five ways Valley Techlogic approaches cybersecurity protection for our clients:
1. 24/7 Threat Monitoring & Incident Response – We provide continuous monitoring of networks, endpoints, and cloud environments to detect and respond to threats in real time.
2. Advanced Endpoint Protection (EPP) & Endpoint Detection and Response (EDR) – We deploy antivirus, anti-malware, and behavioral analytics tools on all endpoints and use EDR solutions to detect, analyze, and remediate suspicious activities on client devices.
3. Security Awareness Training & Phishing Simulations – Our security awareness training educates employees on cybersecurity best practices and how to recognize social engineering attacks. We also run weekly phishing simulations to assess and improve employee readiness against cyber threats.
4. Regular Security Audits & Compliance Management – We can conduct penetration testing, vulnerability assessments, and risk audits to identify security gaps at the client’s request. We also offer specialized support for compliance with industry regulations like GDPR, HIPAA, NIST, or CMMC to avoid penalties and data breaches.
5. Consistent and Layered Approach to Backups – Our backup program TechVault is our multifaceted approach to backups, which includes separate backups for Microsoft (including Outlook), daily backups for servers, and an immutable copy that is write once read only. This approach gives us a wider array of options should a breach or data loss event occur.
Interested in learning more? Schedule a consultation with us today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on X at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.
March 21, 2025
If you have a K-12 aged student in your household, the hack on educational software PowerSchool is one you need to be aware of
As of January 24^th very little has come out about the hack on the nationwide cloud-based software solution provider, PowerSchool, which provides tools to school districts in the form of staff management, attendance taking, enrollment, grade information and more.

According to their website, this attack occurred on December 28^th, 2024. They were alerted to the breach when the exportation of data began and there was no other indication prior to that such as systems being down. The company has offered to provide credit monitoring services for the students and staff whose data was leaked in the breach.

This data includes, grade and school information, addresses and phone numbers, email addresses, social security numbers and more. 6,505 school districts data were leaked in the attack, and it’s estimated 62 million students could be affected. This not only affects students in the US but Canada as well.

According to Bleeping Computer, PowerSchool has also paid a ransom to the attackers in a yet to be known sum to stave off the release of data. This Isn’t usually a worthwhile tactic, it’s estimated 92% of businesses that pay the ransom don’t get their data back in the end (as was the case for Apple when Apple Watch and MacBook Pro blueprints were stolen in 2021).

There are some concrete reasons not to pay the ransom in the event your data is stolen by bad actors:
1. No Guarantee of Data Recovery: Paying the ransom does not ensure that attackers will decrypt your data or return it. Many victims have paid and never received their files back.
2. Encourages Future Attacks: Paying a ransom signals to attackers that their tactic works, potentially making your business and others a target for future attacks.
3. Funds Criminal Activity: The ransom you pay could fund other illegal activities, such as drug trafficking, human trafficking, or furth er cybercrimes
4. Reputational Damage: If it becomes public knowledge that your business paid a ransom, it could harm your reputation, as customers and partners may view it as a sign of vulnerability.
5. Potential for Higher Demands: After paying, attackers might demand additional payments, holding you hostage repeatedly.
If your business has been, or is currently the victim of a ransomware attack, Valley Techlogic can help. We have helped businesses remediate ongoing cyberthreats and have been able to introduce systems and cybersecurity measures that can help prevent future attacks. Even if you business has never suffered a cyber attack, why continue to risk it with attackers continuously evolving their strategies year over year?

Investing in technology protection today ensures your business will continue to thrive tomorrow, 60% of small businesses close after a significant cyber attack. Don’t be a statistic, protect your business today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on X at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.
January 24, 2025
The biggest cyber security breaches of 2023
Now that it’s 2024 we’re reflecting on the biggest events in tech that occurred in 2024, and in today’s article we want to talk about the biggest cyber security breaches that occurred in 2023.

Before we get into it, let’s talk about the hard numbers. Across the board, cyber threats are up year over year and 2023 was no exception. Here are 8 eye opening statistics on cyber threats as of writing:
1. The global average cost of a data breach is $4.45 million and a ransomware attack $5.13 million as of 2023.
2. The average lifecycle (discovery to remediation) of a data breach is 277 days.
3. 74% of data breaches still involve a human element in 2023.
4. 64% of Americans have not checked to see if there data has been lost in a data breach.
5. Almost half (46%) of all cyberattacks were on US targets.
6. More than 1 million identities were stolen in 2023.
7. 30% of those people were a victim of a data breach in 2023.
8. 54% of office works express feeling “cybersecurity fatigue” in regards to news of data breaches.
Unfortunately, public apathy towards cybersecurity preventions from ongoing, sustained attacks and the lucrative nature of successful attacks performed on business entities makes for a potent recipe in these attacks only continuing to increase in 2024.

We want to take a look back at the biggest breaches that occurred in 2023 and also present our solution for preventing an attack of this nature from occurring to your business.
1. MGM – Occurring in September, the unusual way MGM was breached made headlines because it did not initially involve a computer. Instead, attackers posed as people of importance to the company via a phone call and gained access to their systems, causing a loss of reputation, $100 million in damages, and 5 class action lawsuits to be filed.
2. ChatGPT – Not even AI is safe when it comes to targeted attacks from hackers, in March of 2023 a bug in their source code exposed the personal information of a 1.2% of their Plus Subscribers including home addresses, full names and email addresses.
3. MOVEit File Transfer System – The fallout from this breach that occurred in June 2023 extended far beyond the file system management software company itself, including California’s biggest pension fund holders CalPERS and CalSTRS.
4. RockStar – RockStar is another example like MGM that proved hackers don’t need expensive equipment to breach insecure systems, with this breach being conducted using a cellphone, a hotel room TV and an Amazon FireStick.
5. The City of Oakland – An entire city was the target of a hack that occurred in February of 2023, the sustained attack which lasted more than a week prompted the city to even declare a state of emergency while systems remained offline. Class actions lawsuits were also filed in the aftermath of the attack in this case.
These are just five attacks that made major news last year, but there were thousands more that did not make major news. When an attack occurs on a small business many times it leaves the owners with no choice but to close up shop (60% of small businesses that are the victim of a cyber attack close within 6 months).

As IT providers it’s a frustrating topic for us as so much of this is preventable. If more preventions were put in place and it was more difficult for attackers to realize their goals than it would have a cumulative positive effect overall. As the saying goes, an ounce of prevention is worth a pound of cure. Let us help you meet your cybersecurity goals in 2024 by clicking on the image below.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
January 12, 2024
Discord.io data breach sees 760,000 users information stolen and an end to the service
If you’re not familiar with Discord, it’s a chat service that first opened to the public in 2015 and quickly grew in popularity having a base of 3 million users just one year later in 2016. Now in 2023 there are over 150 million users, and the platform has been valued at $7 billion.

Discord filled a niche that had been previously left vacant since chat services like AOL and MSN were discontinued. In the early 2000’s to 2010’s forum-based communication rose in popularity and left many chat rooms empty.

Now as trends have changed, chat has seen a resurgence in popularity with Discord acting as a vector for many special interest groups to gather and discuss their hobbies, or for consumers to follow live updates about a product they’re interested in and even speak directly with its creators and get an inside look into the development process. No matter what your interest is, gaming, home improvement, DIY, art, music – there’s probably a Discord channel dedicated to it.

Discord.io was a third-party website that allowed users to find and share chat channels, we’re unfortunately saying was because after the breach they announced their services would be closed for the “foreseeable future”.

On the website it says “”We are still investigating the breach, but we believe that the breach was caused by a vulnerability in our website’s code, which allowed an attacker to gain access to our database. The attacker then proceeded to download the entire database, and put it up for sale on a [third] party site,”. They’ve also listed the information that was released in the breach which included users encrypted passwords, their email and username, and even billing and payment information if they partook in a premium membership through the site.

While they’re not directly associated with Discord, this breach will still have an effect on Discord itself not just because this service has been discontinued but because of the overlapping data Discord and a Discord-centric third party application will have.

The unfortunate rub of it is when you utilize third party vendors for the products and services you use you’re sharing the same information with them as you are with everyone else, and a breach through an outside vendor can effect you as much as a breach to your business directly.

That’s why it’s important to vet your vendors and have protections in place to limit the effects a data breach can have. Protections can include:
1. If the breach involves financial data that could be used for identity theft, consider freezing your credit. This will limit the damage someone can do with your identifying information. If you’re not ready or aren’t able to freeze your credit, then we suggest credit monitoring at the very least (often provided for free by banking and credit card companies).
2. Don’t use the same password from one account to another. As we mentioned, password data was leaked in the Discord.io breach. While it’s encrypted data which is a good protection, many of these passwords will be cracked, and the people who purchased this information will try the password on users other accounts such as their email. If you use a different password for all of your accounts in unison with a password manager then a password leaked in a breach will only effect one account, greatly limiting the damage that can be done.
3. Similarly to above, to protect your accounts from intrusion you SHOULD be using MFA (Multi-Factor Authentication). We recently posted another article outlining the benefits of MFA, but in a nutshell if a hacker has gotten enough information about you from data breaches they may be able to utilize it to gain access to your accounts – even WITHOUT a password. MFA will stop most hackers in their tracks.
Even with protecting yourself, it’s still a good idea to try to limit the funnel of information about you or your business that can unknowingly end up on the web through third party breaches. Here are 5 additional ways to protect your data:

Want to learn more about how to recover from a data breach, boost your cyber security readiness, or gain additional insight in the kinds of questions you should be asking your vendors about your data? Valley Techlogic can cover all these topics and more. Schedule a consultation with us today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
August 18, 2023
Zero trust or zero effort, how does your businesses security stack measure up?
Have you been working on strengthening your cyber security stack in your business or crossing your fingers and hoping for the best? How much protection is really enough?

There are a lot of remedies for improving cyber security out there, but which ones present the best value for your business, and what constitutes a “zero trust” environment?

If you’re just starting out, these 10 items will greatly improve your business’s cyber security safety in a short amount of time (we call these “best practices”):
1. Use multi-factor authentication. This one is obvious, but we still see it not being employed regularly. Multi-factor authentication is generally extremely easy to enable (often times just a checkbox) and it greatly improves the safety of that account. When we’re talking about accounts like your business email, or your banking account it’s a no brainer.
2. Use a password manager. This is another easy one to employ but people still ignore it, or even worse they use the password manager built into their browser. We’re not saying that’s completely wrong, especially if you’ve started using stronger passwords because of it. It’s still a good idea, however, to use a password manager that’s not directly connected to your system. Often times the same password or biometric you use to log onto your computer is the one used to unlock your browsers password database, so if someone has breached the device all those passwords will be available to them too.
3. Employ Biometrics. Speaking of biometrics, they can be an improvement over passwords when it comes to a physical devices security. Especially for mobile devices, most of us access our work emails, banking accounts, etc. through our phones. It’s very easy to lose a phone, so making that phone unusable to whoever finds it (or has taken it) is a good idea.
4. Don’t give everyone admin privileges. Not every employee needs all the keys to your kingdom, limit admin access only to those who really need it so if you do have a breach the damage can be limited as well. This is a key component of a zero trust environment (which we describe in the chart below).
5. Communicate your goals and train your employees. Loop employees into your increased cyber security efforts and provide training, no one wants to be responsible for a cyber-attack in their workplace but without training employees can become unknowing and unwilling threat vectors.
6. Monitor network activity. Now we’re starting to get into the more challenging topics, monitoring your network activity can be a very effective way of noticing early when something is amiss. There are tools out there that can do this monitoring for you and provide warnings if suspicious behavior is detected (like a device being logged in after hours when it never usually is).
7. Use encryption. It’s pretty easy to use encryption in email or with sensitive documents (again often just a checkbox) but it’s an effective way to make sure sensitive data doesn’t fall into the wrong hands.
8. Use backups. Again, in the same vein of protecting your data having automatic backups will greatly increase your chances of recovering after a cyber-attack. Especially if those backups were stored offsite (such as cloud backups). We wrote an article on the best ways to manage your OneDrive storage (which is included in your Microsoft 365 subscription) here.
9. Regularly patch your devices. Many of your vendors actually provide security protections for you via their patches, which more often than not are addressing specific security concerns that have been identified. Patching costs nothing but your time and the benefits are ten-fold compared to the costs of a security breach in your business.
10. Have a security audit performed. The best way to address the holes in your security plan is to have a reputable IT company perform a security audit. Valley Techlogic is a provider of these audits in the Central Valley and you can request a consultation here.
Performing these ten activities in your business will greatly improve your cybersecurity effectiveness across the board, but if you’ve reached the bottom of this article and have realized you do all of these you may be wondering what’s next? Or perhaps you’ve heard of zero trust but aren’t sure what that entails, here are the key components to having a zero-trust cybersecurity environment:

We address ALL of these topics in our new book, Cyber Security Essentials, which covers all the components of a cybersecurity framework and how to implement them in your business. You can see a preview of the book in the video below.

[youtube https://youtu.be/jlBAoq4tLNc]

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
July 21, 2023
California retiree’s pensions possibly in limbo after data breach targets the nation’s biggest pension funds
News just broke yesterday that a data breach targeting the nation’s biggest pension funds CalPERS (California Public Employees’ Retirement System) and CalSTRS (California State Teachers’ Retirement System) lead to the release of identity information on more than 1.1 million of their members collectively.

Not only will this breach possibly affect the pensions and identity security of existing members but also those who have not yet reached retirement age but whose information is still in the system. Even family members of affected users may have had their identifying information leaked during the breach if their details were added to these systems.

CalPERS released a statement saying that the breach did not affect their own systems and it will not affect current members’ monthly benefits. Still, the company has said they have upped their security measures and will be offering free credit monitoring for affected users. Users should receive a notice soon as to whether or not their information was identified as being compromised by the breach.

Information that was allegedly leaked includes addresses, dates of birth, social security numbers and more.

The origin of the breach was through the PBI Research Services MOVEit file management software which CalPERS and CalSTRS use as a third-party vendor to identify death benefits or for additional beneficiaries in their systems. The effects of this the zero day hack on the MOVEit software are still reverberating throughout the US, with other companies reporting being affected such as Siemens, UCLA, Schneider Electric and more.

Although PBI Research Services was notified of the breach themselves on June 4^th, it was still two more weeks before CalPERS and CalSTRS were notified which has led to a delayed response. PBI has also notified federal law enforcement to ensure extra steps are taken to protect the pension fund status of affected users. Additional identity checks are expected to be put in place to make sure pension funds are only claimed by those who are eligible for them.

California’s treasurer Fiona Ma is urging that a special meeting be held to discuss the aftermath of this breach, which only elaborates how serious this is. Ma sits on the board of both pension funds.

We want to reiterate that pension funds are not currently at risk, however due to the nature of identity theft, preventing future fallout from this breach is of the utmost importance and no small task.

This breach elaborates on the importance of vetting your vendors well. Even if you’re doing everything you can to protect your business from a cyber-attack, vendors you use that have access to your systems also need to do their part or your efforts may be in vain. Here is a checklist you can use when vetting a new technology vendor:

If you need assistance in making in recovering for a data breach, or to prevent one from happening to your business in the first place Valley Techlogic is here for you. Cyber security efficacy is one of our core company values and our customers security concerns are regarded with the utmost importance. Schedule a consultation today to learn more.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
June 30, 2023
When a data breach leads to jail time for an ex-CEO, and why you should take data security seriously in 2023
We’ve seen plenty of examples of extreme monetary penalties occurring from data breaches, but this is the first we’ve seen of anyone actually being jailed for one.

Vastaamo was a Finnish psychotherapy provider that was founded in 2008. While it was a sub-contractor under the government, Vastaamo like many healthcare related businesses was the subject of data breach attempts, with two additional successful attempts occurring in 2018 and 2019. These attempts failed to be reported by the company.

The ex-CEO Ville Tapio did report the 2020 breach to authorities, after all of their patient data was stolen by the cyber criminals. These criminals asked for €450,000 (about $.0.5 million in US dollars at the time of writing) and when that was unsuccessful, they then demanded €200 from each patient of the clinic for which they had records on. They warned this fee would increase to €500 each if the clinic did not pay within 24 hours.

They warned the patients that after 48 hours with no payment they would be doxxed. Doxxing is when your private details are leaked online (this can include your payment information but also things like your address). In this case they were even willing to leak client session records and notes. They leaked the details of 300 patients which included politicians and police office. A 10 GB file containing the patient notes for over 2000 patients was also found on the dark web following the hack.

While the clinic, Vastaamo, was a victim in this case authorities still looked at the overall picture when making the decision to charge ex-CEO Ville Tapio, including the previous breaches and the fact that he had insider knowledge of the company’s cybersecurity coverage (or lack thereof). He was charged with a 3-month suspended sentence and the company itself had to file bankruptcy and eventually went under.

The severity of the breach and the companies lack of accountability when it came to cybersecurity protections made them run afoul of the GDPR (General Data Protection Regulation) which are Europe’s regulations on data protection and privacy for its citizens.

If you’re a US based company owner it’s not a good idea to think “Well nothing like this could happen here”. California recently passed the CCPA (California Consumer Privacy Act) which allows customers more say so over the data your business collects on them. If your business has contracts with the DoD (Department of Defense) you’re probably already seeing stricter restrictions and regulations for how your business must be cybersecurity compliant to keep doing business with the government via CMMC (Cybersecurity Maturity Model Certification). HIPAA is old news for medical practitioners, but we still find many that are not compliant with the regulations.

Suffice to say there can be blowback that extends beyond financial penalties and injuries to your business’s reputation. Small steps in protecting the data within your business can make a huge difference in the outcome you have (whether it be avoiding an attack altogether or making for an easier recovery).

If you need creating or developing a more robust cybersecurity gameplan, Valley Techlogic is the one you’re looking for. Cybersecurity is our number one concern, and we take implementing cyber prevention measures for our clients very seriously. If you would like a consultation to learn more just visit here to get started.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
April 21, 2023
Data breached? 5 ways to reduce the impact on your business.
We’ve posted a lot of articles on how to avoid a data breach (here are a couple of recent ones for you to review if one hasn’t happened to you so far and you’d like to keep it that way).

Unfortunately, we fear that if you’ve reached this article you may be part of the growing number of business owners whose data has been breached (in 2020 there were 700,000 attacks on small businesses with damages exceeding $2.8 Billion).

Data breach severity varies widely, from an employee email being temporarily hacked all the way to having your backups infiltrated and locked for a ransom – and even if you pay the ransom you still might not recover your data.

So if you’ve experienced a significant data breach and wondered what you could have done to have a better outcome, or even if you’re in the midst of one now what should you do?

Here are our top five tips for reducing your data breach costs (now or in the future):
1. Damage Control – Turn to the pros (like us) when it comes to recovering your data in the event of a breach, they will have access to tools that could recover data that will otherwise be lost if decryption efforts fail in the hands of someone who doesn’t know what they’re doing. Bottom line, know who you’re going to call in an emergency and don’t be afraid to get their help sooner rather than later.
2. Downtime Mitigation – Downtime is one of the most expensive elements of a data breach, if you don’t already have a disaster recovery plan a previous breach can highlight exactly what needs to be a priority in your business if your data is unavailable. Also, a team like Valley Techlogic can help you create a disaster recovery plan.
3. Turn to Your Vendors – Your vendors may have some methods for assisting you in the event of a data breach. For example Microsoft has a shared responsibility model for data but if you have Microsoft 365 and use OneDrive, some of that data may still be safe on their end and accessible to you (once your devices have been cleared and are safe to use).
4. Be Transparent – If your business is very customer facing, an outage in your business caused by a data breach may be very obvious to them. We don’t recommend trying to hide the fact that a breach has happened but instead being transparent about what happened and what you did to fix it, and how you plan to prevent it in the future.
5. Cyber Prepared – The best way to recover financially from a data breach is to have cyber insurance in place before the attack happens, while it may be too late for a past breach you can prevent future financial loss by using our guide to reviewing and obtaining cyber security insurance here.
Of course, an ounce of prevention is worth a pound of cure unfortunately when it comes to cybersecurity attacks. We would be remiss not to offer a few tips on preventing a data breach specifically. You can grab this checklist to make sure these items are covered to prevent future data breaches:

Click to download the full size version.

If you’re currently dealing with a data breach or have dealt with one in the past and want to prevent future breaches, Valley Techlogic can help. We are experts in cybersecurity and use industry best practices to provide the best security coverage for our customers that is also cyber insurance compliant. Learn more with a consultation today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
February 17, 2023
The Rockstar Games data leak and how reputation loss can be one of the costliest aspects of being hacked
Video game news might fall outside our normal wheelhouse but reporting on cybersecurity events is right up our alley, and this the most recent hack on major game developer Rockstar Games made major news over the weekend so we wanted to chime in with our thoughts.

The hacker going under the moniker “Tea Pot” released video clips of Rockstar Games unreleased (and previously unannounced) new game, Grand Theft Auto 6. The clips revealed spoilers on the games content and also showcased rougher assets as the game is still in early development, something game publishers don’t ordinarily highlight.

In a message acknowledging the breach the Rockstar Games Team had this to say:

The hacker returned after releasing the data and sent a message on the GTAForums claiming they wanted to “negotiate a deal” with Rockstar Games, hinting that they had more data to release. Speculation proliferated across the internet that the hacker had somehow obtained some of the games source code.

With the source code portions of the game could be re-engineered (outside Rockstar Games) and that could even possibly be used to provide at least a semi-playable version. The fallout from that would be devastating as it would steal the developer’s agency in releasing their own content and also reveal trade secrets that could be used to help create knockoff or pirated versions.

Rockstars parent company, Take-Two, has issued take down notices to social media accounts and Youtube channels broadcasting the stolen footage as work to perform damage control. There will probably be a costly investigation into the origination of the hack and there may even be financial complications beyond that, as investors may question what effect this leak will have on the eventual release of the game.

This hack is a perfect example of the reputation cost associated with being hacked. Recovering data you need to do your day to day job is one aspect, but you also need to think about data you wouldn’t want released to the public.

Projects that haven’t been announced yet or information that’s not easily changed (tax information, personal identifying information) are just two factors, but there’s also the release of your customers private data. Many aren’t aware a breach involving client information can even lead to legal ramifications depending on regulatory factors in your sector.

There’s also your private emails or messages, which could have future business plans, personal information, or other things that could be used by the hackers in a ransomware attempt (or even ongoing blackmail).

Cybersecurity prevention’s are important but one element that has surged to the forefront of our minds is a recovery tool that’s becoming more difficult to obtain – cybersecurity insurance.

You can review our comprehensive guide on the topic but here’s a brief chart on what cybersecurity insurance typically covers:

Click to view the full size version.

Obtaining coverage can be challenging, the requirements have grown much steeper as cybersecurity attacks become more common place, and that doesn’t look like it’s going to change anytime soon. At Valley Techlogic we have experience in helping clients obtain coverage so if the unthinkable does occur, their business will survive the hit.

Whether you’re are in the early stages of researching cybersecurity coverage or if you have an application form in front of you, we can be your guide through the process. Schedule a consultation today to learn more.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
September 22, 2022
On average, your information is shared 747 times a day according to a new study
We touched on data brokers and how they buy and sell your data in a previous article, but in an eye opening new study from the Irish Council for Civil Liberties (ICCL) they found that for US-based users their information is shared online with for marketing purposes on average 747 times per day.

That means about 31 times an hour or once every two minutes your information is being sold or traded for marketing purposes so corporations can make an educated guess as to your buying habits when serving you advertising.

The study used data from a 30-day feed from Google which can be accessed by industry specific entities but is not made available to the public. While the study was aimed at European internet users, who on average have their information shared 376 times per day, the figures they discovered are startling no matter where you happen to reside.

The ICCL is pursuing legal action against online ad agencies, describing the real-time bidding (RTB) that’s occurring as a massive data breach and a violation of European data protection laws.

There are a mishmash of laws aimed at protecting US consumers from having their information sold for online marketing purposes, however with no single comprehensive federal law in place any consumer looking to find recourse if they feel their data has been used illicitly will discover they have an uphill battle ahead of them.

We all skim the lengthy TOS found when signing up for a service, while putting it out of mind that the cost of many “free” services in our data, but what if the data that’s being sold goes beyond what you’re posting on social media or what you purchased from an online retailer recently?

With data breaches being a regular occurrence, you may not even be voluntarily opting-in to sharing the information that’s currently being traded about you on the internet and it may go beyond what you would want to have shared.

Even your private medical data can be up for grabs and being sold by data brokers, for example every year Pfizer spends $12 million buying anonymized data for marketing purposes.

So as with our article on data brokers we want to give you some tools to protect yourself and protect your data while using the internet. This time we want to give you 3 helpful ideas that will help you discover what’s out there already and how to close the gaps:
1. Google Alerts : Create alerts with things like your name or social media handle, that way if you’re being mentioned on the internet, you’re instantly alerted to it.
2. HaveIBeenPwned : You can use this site to see if your email or phone number have been involved in a breach and whether it would be a good idea to update or change that information.
3. Credit Monitoring: While we don’t want to recommend a specific site as this choice can be somewhat personal, we think credit monitoring is a good idea for everyone these days. It’s so ubiquitous now that even your bank or credit card companies you already use probably have it built into their website.
You also can “opt out” of personalized marketing with your Google account, while that won’t stop your information from being shared and used to try and market it to you with, it will at least make it so those ads aren’t reaching you as often. You may also be shocked to learn what they’ve already compiled about your interests.

The lists that are compiled on your interests can be quite comprehensive.

Google Isn’t the only one who offers this option, iPhone users can also opt out as well as users of social media sites such as Facebook and Instagram.

Concerns over data protection aren’t limited to just consumers, businesses should also take steps to protect their data and that of their employees. If you’d like to learn how Valley Techlogic can help you secure your data learn more with a quick consultation.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
May 19, 2022