Exploit: Employee email phishing campaign
Pacers Sports & Entertainment: The parent company of the Indiana Pacers, a professional basketball team in the NBA
Risk to Small Business: 1.555 = Severe: A phishing campaign against Pacers Sports & Entertainment (PSE) resulted in hackers gaining access to several employee accounts that contained sensitive personal information between October 15 and December 4 of last year. However, the company first learned of the incident almost six months ago, which begs the question: why are they just beginning to notify customers now? Along with the damaging outcomes of a customer and employee breach, the organization will now face media scrutiny and resulting customer attrition.
Individual Risk: 1.857 = Severe: PSE did not differentiate if the compromised data belonged to employees or customers, but it does include names, addresses, dates of birth, password numbers, health insurance information, driver’s license numbers, social security numbers, debit/credit card numbers, digital signatures, usernames, and account passwords.
Customers Impacted: Unknown
It’s clear that PSE did not fully appreciate the scope of the data breach. Although the company has not received any reports of personal data misuse, the compromised information can be used to orchestrate fraud in the near future. Along with harming the reputation of their company, PSE will have to answer to the press and customers in the wake of the breach.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach