Product News

Find out about our new product features, the latest platform changes, and discover company announcements before anyone else.

Risk Management

Stay up to date on third-party risk management best practices and techniques, and learn about new regulations for third party risk.

Security Research

Keep up with research around the biggest data breaches, malware infections, IoT risks and all the latest news in cybersecurity.

U.S. Military Manufacturer Experiences Data Breach

Over 3,700 Customers’ PII, and Credit Card Information Breached

Durham, North Carolina-based LC Industries has recently reported a security data breach, according to SC Magazine. The breach, which occurred in early June, affects a total of 3,754 customers, and affected 22 specific customers in New Hampshire, hence a public notification to the Department of Justice in the state. The breach originated from one of the retail companies’ LC Industries owns, Tactical Assault Gear, based in Imperial Beach, California.

LC Industries manufactures over 2,000 products, many which are focused on serving the needs of military personnel on bases across the United States including mattresses, broomsticks, plastics, paper conversion, assembly, packaging, and kitting, and chemical light sticks. LC Industries is also a distributor with over 4,500 products in its inventory, according to the company’s website, operating out of Las Vegas and Durham. The company also operates BuyLCI.com, an e-commerce site for office supplies which operates retail stores on 31 military bases in the United States.

“During the course of our investigation, we learned that the Code [malicious software code] was being used to access and acquire personal information,” wrote Rick Stallings, CFO of LC Industries, in his letter to the New Hampshire DoJ. “The personal information that may have been compromised includes individual names…, credit card numbers (including security code and expiration date), email addresses, Website account usernames, and Website account passwords.”

Tactical Assault Gear Scores a ‘C’ for IP Reputation Over the Last Month

The malware infection duration for Tactical Assault Gear’s website does not grade particularly well for its IP reputation within the SecurityScorecard platform. The average malware infection duration is 2 days, which is higher than 92% of industry companies. The company receives a ‘B’ for DNS Health, however, it has ‘A’ grades for network security and endpoint security.

manufacturer data breach securityscorecard

Manufacturing and Retail Industries Rank Highest for Dridex Banking Malware

SecurityScorecard’s recently published research, The Current State of Banking Malware, discovered that the manufacturing industry had the highest rate of infection (over 27%) within the Dridex banking malware through the first two quarters of 2015. Similarly, the second highest ranking infections for Driedex were found in the retail industry (at 20.7%). Dridex is known to be spread through spam campaigns that contain malicious XML attachments.

SecurityScorecard sinkholes have identified a rising threat trend for credential-based, wire-transfer bank fraud within the following malware classifications: Dridex, Bebloh, and TinyBanker. These malware classes have been located in 159 unique corporate domains and are validated by internal, SecurityScorecard threat intelligence resources— and intelligence provided by other security firms observing similar patterns.

In addition, SecurityScorecard discovered 11,952 total infections affecting 4,703 unique organizations across 55 total malware classifications. These newer strains are using the same functionality as the Zeus banking malware, but they are stealthier.




Download Full Report




[Case Study] How To Operationalize Third Party Risk Management
Major Travel Brand Shines Spotlight on Weak Partner Security Issues