When it comes to analyzing your attack surface, you’re probably assessing vulnerabilities, monitoring your firewall, tracking email security, and managing your identity and access management. But there is one part of the attack surface that often gets overlooked, and for that reason threat actors are targeting it with increased frequency, causing it to jump to the top of the initial access methods list: the human element.

The Pennsylvania Child Care Works program helps low-income families pay for their childcare costs. The program offers a portion of the childcare payment amount, and the families pay the rest. This system helps citizens throughout Pennsylvania get access to quality childcare. To qualify to use the system, applicants must fill out paperwork containing personal and financial information. This data is used to verify that they meet all the requirements of the program.

Hospitality Staffing Solutions is a short-term employment provider or temp agency that sends workers to a variety of hospitality-related organizations. Companies such as restaurants, hotels, colleges, casinos, senior living, and some light industrial establishments rely on workers provided by the company. The organization employs over 10,000 people and earns an estimated $4.3 billion in revenue annually.

The Vitality Group, LLC, a business-to-business vendor that provides employee benefit services to GuidePoint Security, experienced a security vulnerability on May 30, 2023 relating to the third-party file transfer program called MOVEit. The zero-day vulnerability became known in established security networks and channels late on May 31, 2023, and was specifically picked up and identified by internal Vitality security personnel on June 1, 2023.

The Vermont Department of Financial Regulation is an organization that oversees the financial sector within the state. The department is split into four divisions: Securities, Banking, Captive Insurance, and Insurance. Any businesses involved in these companies must answer to this department, and many Vermont residents have supplied the department with information to help it carry out its everyday role.

New companies are hurt by significant data breaches every week, especially in the United States. This week insurance companies were the big target. Prudential, Progressive, and a range of insurance providers that work with PH Tech were all hit by data breaches. Allegheny County, Pennsylvania, and the Colorado Department of Higher Education were also victims of their own data breaches. Millions of individuals were exposed to potential data losses between these different breaches.

Prudential Insurance Company of America is one of the largest financial services and insurance companies in the United States today. The organization is based in Newark, New Jersey, and manages over $1.377 trillion in assets for consumers in the US. The company employs over 39,000 workers and handles data for countless customers each year. Each of those customers was potentially damaged when Prudential suffered a serious data breach that released confidential information to attackers.

Progressive is a large insurance company based in Mayfield Village, Ohio. The company is known throughout the United States and other parts of the world and is responsible for insuring many US citizens. The organization employs over 49,000 workers and generates an estimated $48 billion in annual revenue. Since Progressive is an insurance company, it handles personal data, medical information, and other sensitive details about individuals.

Data breach attacks are serious problems for companies, organizations and institutions all over the world. For example, in the US one data breach costs on average 9.4 Million USD, which is the highest worldwide. To handle—or ideally, prevent—these attacks, we need to understand first the “why” and “how” of an attack. With this objective in mind, Bitsight analyzed more than 17,000 data breach events from the last seven years affecting 23 sectors in the US.