State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

The Aftermath of Data Breaches

Garden State Cyber Threat Highlight

Original Release Date: 7/28/2023

Summary

Data breaches result from unauthorized access to systems and can originate from outside or inside the organization, and may be accidental or conducted with financially motivated malicious intent resulting in online public exposure. Cyber threat actors typically access and perform data theft operations via phishing attacks, impersonation scams, credential-stuffing attacks, brute-force attempts, malware attacks, exploiting misconfigured or unpatched systems, or other methods. Most data breaches involve the loss, theft, or compromise of personally identifiable information (PII), which may expose Social Security numbers and account credentials.

PII compromised in a data breach could be used or sold for identity theft schemes. Dark web marketplaces, forums, and websites offer a spectrum of products and services that monetize stolen personal and financial data, corporate and social media account details, as well as counterfeit documents and money. The dark web also provides an arsenal of malicious tools and malware that, combined with this personal information, can allow threat actors to create official documents or identities to commit identity theft or launch cyberattacks. Threat actors may use compromised PII to launch cyberattacks in social engineering attempts via phishing emails, vishing, SMiShing, compromised websites, and social media scams to compromise accounts, steal funds, steal additional PII or financial information, open new fraudulent accounts, access computer networks and resources, and perform additional cyberattacks.

For example, Charles Schwab Corp., the parent company of TD Ameritrade, Inc., recently disclosed a data breach resulting from exploited vulnerabilities discovered in the MOVEit file transfer software. The customer data stored on TD Ameritrade’s server was compromised and, therefore, impacted customers may be subjected to an increased risk of identity theft and other malicious activity. Other organizations affected by the MOVEit vulnerability to date include various financial institutions, British Airways, Shell PLC, and more. Furthermore, the Cl0p ransomware group published Shell’s data to the dark web after Shell refused to pay the ransom demand; therefore, TD Ameritrade’s data may similarly be at risk. Also, the Schwab/TD Ameritrade merger conversion is ongoing until Labor Day weekend of 2023, which may enable threat actors to target and exploit potential victims in social engineering schemes, such as fraudulent merger updates, security account alerts, and account updates.

The NJCCIC assesses with high confidence that threat actors will continue to steal PII and use social engineering tactics to gain unauthorized access to accounts and commit further malicious activity. The prevalence of data exposed via breaches and information publicly available online highlights the importance of staying vigilant to help prevent successful social engineering attempts, account compromises, identity theft, and fraudulent activity. 

Recommendations

The NJCCIC recommends all users educate themselves and others on these continuing threats and tactics to reduce victimization. Users are advised to refrain from opening attachments or clicking links delivered in suspicious or unexpected communications, including those from known senders. Carefully examine unsolicited communications for signs of phishing and spoofing , and verify phone numbers using the official, legitimate contact information provided on the company’s website before contacting the sender or taking any action, such as disclosing sensitive information or transferring funds. Additionally, ensure account credentials and other PII are only submitted via official, legitimate  websites and refrain from posting sensitive information online to reduce your digital footprint.

Users whose accounts have been compromised are advised to immediately change their password, as well as for any other account where the password is reused. Users are encouraged to enable any form of multi-factor authentication (MFA) offered while choosing a more secure method (authentication app, biometric, or hardware token) where available. Additionally, employ tools such as haveibeenpwned.com to determine if your PII has been exposed via a public data breach. Users who suspect their PII has been compromised should review the Identity Theft and Compromised PII  NJCCIC Informational Report for additional recommendations and resources. Phishing emails and other malicious cyber activity can be reported to the FBI Internet Crime Complaint Center (IC3) and the NJCCIC.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.