Real-Case Analysis #10: BerryDunn Suffers Third-Party Breach

Recently, BerryDunn, a well-known accounting and consulting firm, was impacted by a cybersecurity incident that involved a third-party service provider. The details of the data breach are examined in this real-case investigation. It also looks at the third-party vendor's role, revealing the security flaws that allowed for the intrusion and talking about wider implications for third-party risk management.

Highlights

• BerryDunn completed the review of the affected files on April 2, 2024 and began sending out data breach notification letters to the impacted individuals on April 25, 2024.
• There were compromised datas of 1,107,354 individuals.

Overview of the Data Breach

Reliable Networks of Maine, LLC (RMN), BerryDunn's managed service provider, stored sensitive data that was controlled by the company's Health Analytics Practice Group (HAPG) but was accessible to unauthorized parties through a third-party breach. Sensitive and private data, including names, addresses, dates of birth, Social Security numbers, health insurance policy numbers, Medicare/Medicaid numbers, passport numbers, state or government ID numbers, and medical data, were among the compromised data.

The initial attack vector was through RMN, the third-party service provider for BerryDunn. RMN detected suspicious activity within its IT network, which included systems managed on behalf of BerryDunn's HAPG. The exact vulnerabilities exploited were not detailed in the sources, but the unauthorized access was achieved through RMN’s network, indicating potential security weaknesses in RMN’s network security practices or possibly in the software systems used by RMN.

Timeline of the attack:

• September 14, 2023: RMN detected suspicious activity in its network and notified BerryDunn.
• April 2, 2024: BerryDunn completed its internal investigation to determine the extent of the data compromised.
• April 25, 2024: BerryDunn began sending out data breach notification letters to the affected individuals.

The specific perpetrators were not identified in the provided sources. However, considering the types of private and sensitive data that were taken, the nature of the material that was accessed points to motives that are probably connected to identity theft or financial fraud. Cybercriminals often conduct data breaches using this kind of information in an attempt to use stolen identities for financial gain or other malicious intents.

Impact Analysis

For Affected Individuals

• Identity Theft Risk: Highly sensitive data from the compromised data may be exploited for financial fraud and identity theft. Affected people run the risk of identity theft in various forms, tax and credit card fraud, and having loans and payments taken out in their identities.
• Psychological Impact: Affected parties may experience severe distress as a result of the breach, and they will now need to keep vigilant watch on their bank accounts and personal data.

For the Industry

• Third-Party Risk Management: It's important to have strong third-party risk management in place. Businesses need to make sure that their suppliers follow security guidelines and carry out frequent security assessments.
• Regulatory Scrutiny: The event might result in more strict data protection laws and regulatory scrutiny, which would force businesses to improve their cybersecurity defenses.

Lessons Learned

Following the BerryDunn data breach, here are the lessons learned:

• ‍Vendor management: Businesses need to make sure third-party providers have strong security measures in place and undergo a thorough screening process. To reduce risks, regular security protocol updates and audits are essential.‍
• Incident Response: It is essential to have a clearly defined plan for handling incidents. BerryDunn was able to control the intrusion and minimize additional harm by quickly initiating its incident response methods.‍
• Communication: It's critical to have communication with stakeholders and those who will be impacted. BerryDunn has demonstrated a commitment to mitigating the impact of the breach by immediately informing clients and offering identity theft protection services.

Recommendations

Here are the recommendations and actions BerryDunn have implemented:

• Activation of Incident Response Process: BerryDunn expeditiously initiated its incident response protocols upon becoming aware of the breach, working with cybersecurity specialists to appraise the circumstances and determine the degree of compromised data.
• Decommissioning Compromised Systems: In order to stop additional unauthorized access, BerryDunn deactivated all systems that were under the ownership of Reliable Networks, the vendor whose network was compromised.
• Data Migration to Secure Systems: As part of BerryDunn's comprehensive cybersecurity effort, all sensitive data was moved to secure internal systems that are constantly monitored.
• Continuous Monitoring: In order to identify and stop any potential breaches, BerryDunn highlighted the significance of ongoing monitoring of its internal systems.

‍