fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Largest US Propane Distributor Discloses ‘8-second’ Data Breach

Largest US Propane Distributor Discloses ‘8-second’ Data Breach

America’s largest propane provider, AmeriGas, has disclosed a data breach that lasted ephemerally but impacted 123 employees and one resident.

AmeriGas servers over 2 million customers in all 50 U.S. states and has over 2,500 distribution locations.

This month’s data breach was reported by the propane giant to the Office of the New Hampshire Attorney General.

Data breach lasted ‘8 seconds’, impacted 123 employees

This month, AmeriGas has issued a data breach notification letter to the New Hampshire Attorney General’s Office.

The data breach, however, originated at J. J. Keller, a vendor responsible for providing Department of Transportation (DOT) compliance services to AmeriGas.

These services include helping AmeriGas with conducting driving record checks, drug and alcohol testing for drivers, and other DOT-imposed regulatory checks. 

On May 10th, J. J. Keller detected suspicious activity on their systems associated with a company email account.

As such, the vendor promptly began investigating their network to discover that a J. J. Keller employee had fallen victim to a phishing email, leading to a compromise of their account.

During this brief access window threat actor(s) could view certain files present within the employee’s compromised account.

After resetting the employee’s account credentials, J. J. Keller promptly began their forensic activities to determine the full scope of this breach.

By May 21st, J. J. Keller notified AmeriGas that this eight-second breach exposed records of 123 AmeriGas employees present in the files viewable to the attacker.

“According to J.J. Keller, during the 8-second breach, the bad actor had access to an internal email with spreadsheet attachments containing 123 AmeriGas employees’ information, including Lab IDs, social security numbers, driver’s license numbers, and dates of birth.”

“To date, we are unaware of any actual or attempted misuse of this personal data as a result of this incident,” disclosed AmeriGas in a sample data breach notification letter dated June 4th, 2021.

Also Read: The DNC Singapore: Looking at 2 Sides Better

Also exposed in the breach, was the information of just one New Hampshire resident, who has since been notified of the incident and been provided with free credit monitoring services.

At this time, there is no indication that any employee information was copied or misused.

Second security incident concerning AmeriGas this year

This incident marks the second data breach incident concerning AmeriGas this year.

In March 2021, AmeriGas had disclosed an attempted data breach, in which a company customer service agent was fired for potentially misusing customer credit card information.

According to AmeriGas, some customers phoning AmeriGas customer service had verbally disclosed their credit card information to this representative who may have misused this information to make unauthorized purchases. 

At the time the company had said:

“We recently detected that there were unauthorized disclosures of credit card information to one of our customer service agents.”

“We do not know whether your credit card information was shared but are writing in an abundance of caution. “

“We investigated the issue as a precaution to further secure your information.”

“The agent involved has been terminated and we have already implemented additional safeguards,” the company had disclosed at the time.

Also Read: 4 Best Practices on How to Use SkillsFuture Credit

Cyber-attacks and incidents against critical energy companies are continuing to grow, prompting the need for stepping up security controls and awareness training across organizations.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us