Over the past few weeks, a wave of data breaches has put data security back on the front page. Several large brands confirmed exposure of contact or customer data tied to social engineering campaigns against CRM platforms, and a separate but widespread third‑party software update defect caused major operational outages worldwide. If global enterprises can be disrupted, local small and mid‑sized businesses—often with fewer controls—are attractive targets, too.
What happened this month?
1) Salesforce‑related data theft campaign (multiple brands)
Multiple companies reported theft of CRM data tied to sophisticated social engineering/OAuth abuse—activity linked by researchers to the threat actor “ShinyHunters”/UNC6040. Confirmed disclosures include Google and Pandora; industry coverage also names Allianz Life and others. These incidents generally involved employee impersonation and malicious OAuth app authorization, not a Salesforce platform exploit.
2) Cisco.com user data exposed after a vishing attack
Cisco disclosed that a social‑engineering (voice phishing) scam led to access to a third‑party cloud CRM environment, exposing a subset of Cisco.com users’ basic profile data (names, emails, phone numbers, etc.). While not highly sensitive, this information can fuel follow‑on phishing and impersonation attempts.
3) PBS employee contact data leaked on Discord
PBS confirmed that corporate contact information for ~4,000 employees/affiliates was stolen from an internal service and later shared on Discord servers. Even “basic” org charts and contact lists can accelerate targeted phishing and business email compromise (BEC) attacks.
4) CrowdStrike incident: a third‑party update outage (not a data breach)
A faulty content update to the CrowdStrike Falcon agent caused a global Windows outage in July 2024; Microsoft estimates ~8.5 million Windows devices were impacted. While not a breach, it’s a powerful reminder that vendor and update risks can cripple operations—especially for organizations without robust continuity plans.
Why small businesses should care
- Social engineering scales down. Attackers don’t need malware when they can trick an employee into authorizing a malicious app or sharing credentials.
- “Basic” contact data fuels bigger scams. Names, titles, and email formats make phishing much more convincing.
- Third‑party risk is real. Even when your own systems are clean, your vendors’ mistakes can disrupt your operations.
5 steps you can take this week
- Lock down CRM & cloud access. Enforce MFA everywhere, review connected OAuth apps, and remove anything you don’t recognize or no longer need.
- Harden Microsoft 365 & Google Workspace. Enable conditional access, block legacy auth, monitor suspicious sign‑ins, and restrict external sharing.
- Deploy Endpoint Protection/EDR with 24/7 monitoring. Automated tools + human eyes reduce dwell time and stop lateral movement.
- Backups you can actually restore. Test recovery, keep offline/immutable copies, and document an incident‑response checklist.
- Run a phishing awareness refresher. Short, realistic exercises (including voice‑phishing scenarios) can cut click‑throughs dramatically.
Need help right now?
If you use Salesforce, Microsoft 365, Google Workspace, or any third‑party cloud apps, a quick posture check can uncover easy fixes. We help Brandon–Lakeland businesses put enterprise‑grade protections in place—fast.
📩 Contact CMIT Solutions Brandon–Lakeland
Request a consult | mworlund@cmitsolutions.com | (656) 220-2180
