A story of when a reply goes awry
Called your boss an idiot in a fit of anger then accidentally cc’ed them in?
Sent a prospect a quote that’s not meant for them?
Invited the wrong Dave to your house warming party? You know boring Dave instead of party Dave.
Well whatever you’ve done you have to feel sorry for the unnamed individual at the heart of the story which broke a couple of days ago. Their reply to a single email has had far more serious repercussions.
Turns out a worker at the Agency for Healthcare Care Administration in Florida fell for a “malicious phishing email” back in November, sharing the personal information and medical records of up to 30,000 Medicaid recipients— which is a whole lot more serious than boring Dave rocking up to your party.
In the investigation presented to agency leaders last Tuesday it found the phishers may have partly or fully accessed enrollees’ names, Medicaid ID numbers, birthdates, addresses, diagnoses, medical conditions and Social Security numbers.
Whilst officials say that the data hasn’t been used (yet!) for malicious purposes just imagine how those 30,000 people must feel knowing their personal information is in the hands of criminals, uncertain of what’s going to be done with it.
In my opinion we’re only going to see more of these sorts of data breaches in 2018 as phishing emails get more and more sophisticated and basic security measures like DMARC remain under adopted.
Hopefully the upcoming GDPR regulations will force companies — in Europe at least — to be more robust with their anti-phishing measures, going beyond the largely ineffective anti-phishing training and instead harnessing technology as the first line of defence.
So if this story has sent shivers down your spine then drop us a line to learning how OnDMARC can help you to deploy DMARC and stop email impersonation today.