data_breach
  • Kavaliro has suffered a data breach where actors managed to access the client data in its systems.
  • The infiltrators compromised two employee email accounts and started sending emails to clients.
  • The attackers also set up a spoofed domain to trick more employees and customers of Kavaliro.

The US-based IT and workforce solutions provider Kavaliro has announced a data breach and is now sending notices to the affected individuals. The investigation of the security incident is currently ongoing, and the FBI is involved in it too. Still, as Kavaliro points out, there has been no delay in informing the affected individuals due to it. The incident involves an email phishing operation that targeted Kavaliro’s workforce as well as customers, using compromised email addresses belonging to two of the firm’s employees and also a spoofed domain to trick the targets.

The company realized what was going on in March 2020, and on April 11, 2020, figured precisely which email accounts had been compromised. From the investigation, the firm estimates the date of the initial unauthorized access to be around September 2019. The actors started with two email accounts and then managed to extend their access to multiple accounts within Kavaliro, a process which continued to up to March 29, 2020. By taking over these email accounts, the infiltrators managed to access internal management systems, and this is where the main problem for the firm’s clients arose from.

The type of data that has been potentially accessed includes customer names, dates of birth, phone numbers, email addresses, usernames, passwords, financial account information, and certain demographic information. Since it is not clarified, we can assume that the above information was not encrypted and that passwords were in plaintext form. It means that everyone will have to reset their credentials now, and Kavaliro has imposed a forced reset already. Moreover, they have enabled multi-factor authentication in their employee accounts to prevent a similar incident from occurring again in the future. As for the compromised clients, they will now enjoy a full year of Kroll credit monitoring, identity theft restoration, and fraud consultation services.

If you have done business with Kavaliro in the past, call them at “844-978-2448” and ask for more information about this security incident. You have until July 23, 2020, to register in the identity monitoring service, and the sooner you do it, the better. In the meantime, make sure that you are reviewing your credit and bank account reports regularly, and that you inform your financial institute in case you notice something suspicious. Remember, in many cases like this one, the actors have the patience to wait for twelve months for the identity theft protection service to expire and begin exploiting their targets after that. It means that you should remain vigilant for a long time, if not forever.