---
title: "Cybersecurity Updates For The Week 39 of 2020 | Phish Protection"
description: "Cybersecurity Updates For The Week 39 of 2020: Hundreds of data breaches manage to steal confidential information from companies every day . The adversaries."
image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-39-of-2020.png"
canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-39-of-2020/"
---

Quick Answer

A recent \[data breach at Razer\](https://www.infosecurity-magazine.com/news/razer-gaffe-exposes-customer-data/?&web\_view=true) exposed the records of an \*\*estimated 100,000\*\* of its customers. The breach was discovered by cybersecurity researcher Bob Diachenko who said that \_the data was publicly available on Razer's Elasticsearch cluster since 18th August 2020\_. The exposed details included the full name, email, phone number, internal customer ID, order number, order details, and billing and shipping address.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-39-of-2020%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2039%20of%202020&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-39-of-2020%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-39-of-2020%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-39-of-2020%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2039%20of%202020 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2039%20of%202020&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-39-of-2020%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2020/09/office-365-phishing-protection-5526.jpg) 

_Hundreds of data breaches manage to steal confidential information from companies every day_. The adversaries seem to be a step ahead of even the [phishing prevention best practices](/resources/phishing-prevention-best-practices/). Hence, learning from past security incidents and improving one’s cyber defense is the key to a **safe digital environment**. The following are this week’s top cyber headlines

### Data Breach At Razer Exposes 100,000 Customers Records

A recent [data breach at Razer](https://www.infosecurity-magazine.com/news/razer-gaffe-exposes-customer-data/?&web%5Fview=true) exposed the records of an **estimated 100,000** of its customers. The breach was discovered by cybersecurity researcher Bob Diachenko who said that _the data was publicly available on Razer’s Elasticsearch cluster since 18th August 2020_. The exposed details included the full name, email, phone number, internal customer ID, order number, order details, and billing and shipping address.

_It was after three weeks of Diachenko’s notification that Razer had fixed the server misconfiguration_. They said that no credit card information, passwords, or other sensitive data were exposed. Razer claims to have taken measures for [protection against phishing](/) and soon reviewed its IT security and systems.

### Ransomware Hits Fairfax County Public Schools (FCPS)

One of the largest school districts of the US, Fairfax County Public Schools (FCPS), _recently underwent a [ransomware attack](https://securityaffairs.co/wordpress/108219/cyber-crime/fairfax-county-public-schools-maze-ransomware.html?web%5Fview=true) that has affected the records of a majority of its students and employees_. Although the school’s distance learning and remote learning program have not been affected, _attacks on schools have become rampant and dangerous_.

![Office 365 phishing protection](https://media.mailhop.org/phishprotection/images/2020/09/office-365-phishing-protection-5526.jpg) 

However, the FCPS has reassured everyone of its approach to such adversities and vows to adopt all necessary [anti-phishing solutions](/products/advanced-threat-defense/) to prosecute the guilty. The institute has collaborated with the FBI and hopes to revive from the attack soon. _Maze ransomware operators have claimed ownership for the attack on FCPS_.

### Ransomware Hits Development Bank of Seychelles (DBS)

The Central Bank of Seychelles (CBS) was notified on 9th September of a **ransomware attack** that the Development Bank of Seychelles (DBS) recently underwent. Although _CBS hasn’t informed much about the nature of the attack_ or the types of customer information compromised, it has urged [DBS to keep](https://www.securityweek.com/development-bank-seychelles-hit-ransomware?&web%5Fview=true) its clients and stakeholders updated about the incident.

_DBS has launched an investigation and adopted necessary **anti-phishing** measures_. It shall disclose further details as soon as the investigations uncover more information.

### Data Breach Hits Retail Giant Staples

Ever since a security incident in 2014, the [retail giant Staples](https://www.bleepingcomputer.com/news/security/staples-discloses-data-breach-exposing-customer-info/?&web%5Fview=true) has managed to keep out of headlines for similar incidents. However, _a recent data breach at the company has affected some of its customers’ order information_. Staples hasn’t released any public notice about the same and has sent out individual emails to those affected by its system’s unauthorized access. 

The breach occurred around 2nd September and affected a limited amount of customer data, which Staples categorizes as _non-sensitive customer order data_. This is to say that the names, addresses, email addresses, phone numbers, last four digits of credit card, order details, etc., have been stolen, and account or payment details remain unaffected. But the adversaries can still use these details to launch **spear-phishing attacks** on individuals with poor knowledge of [phishing prevention](/).

### Public Health Wales Accidently Makes COVID Patients’ Details Public

\_The Public Health Wales recently notified of its security blunder, which exposed the personal data of around \_[_18,105 Welsh COVID patients_](https://ciso.economictimes.indiatimes.com/news/wales-says-personal-data-of-18000-covid-patients-accidentally-published/78117931). The data was uploaded online (due to a human error) on the afternoon of 30th August and remained online for 20 hours before it was finally deleted on 31st August. The exposed data included the initials, dates of birth, geographical area, and gender for 16,179 people, and the names of the nursing homes occupied for 1,926 people.

Although not much can be done with these details, _the data was viewed 56 times by unknown users in the 20 hours that it was online_. All Wales residents who tested Covid-19 positive between 27th February and 30th August had their details posted online. Public Health Wales is full of regret for its **failure in protecting** the interests of the citizens of Wales and is taking necessary [anti-phishing protection](/products/advanced-threat-defense/) measures to prevent such incidents in the future.

![Spear phishing prevention](https://media.mailhop.org/phishprotection/images/2020/09/spear-phishing-prevention-5265.jpg) 

### Data Breach Hits Department Of Veterans Affairs (VA)

The Department of Veterans Affairs (VA) recently underwent [a data breach](https://www.zdnet.com/article/department-of-veteran-affairs-discloses-breach-impacting-46000-veterans/?&web%5Fview=true) which affected the details of about **46,000 veterans**. _The adversaries used social engineering techniques to illegally access the application_ of the VA Financial Services Center (FSC). They then diverted the VA payments of healthcare providers for the US veterans’ medical treatment and possibly compromised the Social Security numbers and other veterans’ details.

The FSC is adopting [phishing attack prevention](/) measures and has notified individuals about the breach. _They have also extended free credit monitoring services to victims_. Besides, they have brought down the compromised FSC app and shall reinstate it only after reviewing its security.

### Zoom Introduces Two-Factor Authentication (2FA)

_The video calling platform Zoom, which was banned for its security concerns_, has been working on its [phishing protection service](/) ever since, and its newest development is the [two-factor authentication (2FA)](https://www.welivesecurity.com/2020/09/15/zoom-2fa-available-users/?web%5Fview=true).

Zoom’s 2FA is available to all users across its web, desktop, and mobile applications, irrespective of whether they own paid or free accounts. _The 2FA enables admins and organizations to protect their users from adversaries online_. The following are the features available for users:

- Use of authentication apps supporting Time-Based One-Time Password (TOTP) protocol (Google Authenticator, Microsoft Authenticator, FreeOTP, etc.).
- Automated codes are sent by Zoom via SMS or phone call.
- Use of recovery codes to access accounts in case of stolen or lost devices.

### Lockbit Launches Data-Leak Site

What ransomware operators are doing these days is to [steal the data encrypted](https://www.bleepingcomputer.com/news/security/lockbit-ransomware-launches-data-leak-site-to-double-extort-victims/?&web%5Fview=true) in their attacks and _sell it later on the **dark web**, even after their ransom has been paid_. The LockBit ransomware gang has recently launched its **data leak site** to host similar sellings of data stolen from attacks.

The data leak site currently contains two victims’ data, an automation parts manufacturer and a shipping company.

### Major Automated Hack On Magento Stores

Magento stores running [its first version](https://cyware.com/news/the-largest-automated-magento-hack-in-five-years-42846ca7) for which End-of-Life (EoL) was announced back in June 2020, are _undergoing an automated Magecart hack_. In one of the most massive hacks, _thousands of e-commerce stores with Magento are facing a unique skimmer_.

Ten stores were infected with the credit card skimming script on 11th September 11, followed by 1,058 site hacks on the second day, 603 hacks on the third, and 233 on 14th September. _The adversaries used the Magento Connect feature for downloading and installing malicious files_. As per reports, the hack was facilitated by a [zero-day vulnerability](/content/zero-day-protection/) sold online by a threat actor named \_z3r0day \_in August.

### Protect Your Organization

- [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/)
- [See how Phish Protection blocks threats in real time](/anti-phishing-tools/)

## Topics

[ Announcements ](/tags/announcements/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 5m  Cybersecurity Updates For The Week 33 of 2022  Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[  Intermediate 6m  Cybersecurity Updates For The Week 41 of 2022  Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[  Intermediate 5m  Cybersecurity Updates For The Week 1 of 2021  Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[  Intermediate 6m  Cybersecurity Updates For The Week 1 of 2022  Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 39 of 2020","description":"Cybersecurity Updates For The Week 39 of 2020: Hundreds of data breaches manage to steal confidential information from companies every day . The adversaries.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-39-of-2020/","datePublished":"2020-09-25T11:31:06.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2020-09-25T11:31:06.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-39-of-2020/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1117,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2020/09/office-365-phishing-protection-5526.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 39 of 2020","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-39-of-2020/"}]}
```