January Incident Status Update
“There are only two types of companies: Those that have been hacked and those that will be hacked.” Robert S. Mueller, III, Director FBI made this famous quote but almost by the time he made the quote it was out of date – it should be ‘There are only two types of companies: Those that have been hacked and those that don’t know they have been hacked.” read more from Stephen Barnes, Byronvale Advisors
Page Updated 10th October 2019
We apologise for the ongoing technical issues relating to CPD for Me subscriber My Account pages and thank you for your patience and ongoing support.
MidCoastDigital discovered an internal cyber attack on 19th January 2019 when CPD for Me platform crashed and CPD for Me and DentistsCPD website theme and code stolen which caused the website errors.
We believe CPD for Me processes were not the cause of this breach and we have taken action to ensure and establish a dedicated hosted secure platform for subscribers to access LogCPD and complete their online CPD requirements. We are currently completing user testing on new Vimeo on demand platform.
CPD for Me do not store or save financial data or subscriber passwords. We use PayPal and Stripe, both of which are secure third party payment gateways.
We have not had one report of a subscriber account being compromised. The website appears to be working in Chrome, Internet Explorer, Edge and Safari. Some subscriber accounts have had LogCPD issues. Some website pages still have code errors due to ongoing code issues.
Thank you for your understanding and patience.
Our dedicated server hosting plan means that our websites are the only sites hosted on our server with limited access by authorised staff. Cyber security has always been a priority.
We have been working with Juris IT, online platforms, cyber security experts, lawyers and authorities, such as the Police to protect and secured company assets and subscriber data.
Following an investigation with Juris IT, cyber security experts, we now have a better understanding of the impact of our recent cyber attack and want to provide as much context as we can to subscribers as it appears the intruder/s specifically targeted the removal of company assets.
- Click here to schedule 15 minute chat to discuss
Our first response was to:
- Secure cpdforme.com.au website and data
- Go on with the show – CPD-LIVE 2019 Webinars (Monday to Friday)
- Contact (former) employee IT support staff on holidays;
- Contact (former) MidcoastDigital client DentistsCPD;
- Notify Police;
- Run audit and user reports;
- Update Lastpass user accounts and passwords;
- Contact Telstra and lock down Microsoft 365 Account;
- Contact Telstra and change WiFi password (replaced modem);
- Transferred CPD for Me to a new dedicated server;
- Rolled back CPD for Me website from December 2018 backup;
- Advised subscribers to update email preferences;
- Published 2017-18 CPD for Me on-demand content via Go1 Premium Platform to ensure continuity and availability (Large corporates and international firms)
(CLICK TO ARTICLE >> “CPD for Me is the provider Go1 clients seeking legal updates asked for”);
Thank you to Dr Suresh Hungenahally and Frank Downes – CPD-LIVE 2019 cyber experts for your invaluable guidance. (Your CPD sessions are on my Must Watch List).
What did the attacker do?
- 27th & 30th December 2018 accessed cPanel and modified websites and transferred former client website;
- 30th December 2018 accessed LastPass Account and exported company and personal passwords;
- 13th January 2019 accessed our Microsoft 365 Administration Account and set up inbox rules to cease email notifications of changes to key services;
- 13th January 2019 – hacked our Website account and launched denial of service attack on CPD for Me;
- 14th February 2019 accessed Slack account, one of our internal communications system accessed; and
- Online Marketing Video Account was deleted and we lost 2017 – 2019 marketing and promo videos.
Our investigations continue with further audit reports when they become available.
What has CPD for Me done about it?
Ongoing investigations and legal counsel sought as we continue to invest heavily in security.
Our first priority was, and is still, to protect company assets and subscribers data.
- Created a new Lastpass account and changed passwords again;
- Adopted two step verification on sign-in with online accounts;
- Created notifications for any account accessed or changed;
- Installed a new modem;
- Purchased new laptop;
- Reset all other computers and devices back to factory settings;
- Previous Telstra Microsoft Office 365 account locked; and
- Purchased new mobile.
Here’s what CPD for Me are currently doing:
- Implementing Juris IT Microsoft 365 Account with Azure added device security protection;
- Reviewing options for a new simple and easy to use website – subscribe, click, watch & LogCPD;
- Notifying our users: We want our subscribers to know that we do not store user passwords or any financial data. We use PayPal, a secure third party for all financial transactions;
- Completing speaker reports;
- Report pages with errors due to ongoing code errors please advise us via web chat or email;
- As a precaution, we’re encouraging everyone to be wary of suspicious emails. Attackers often use creative methods to trick you into handing over your personal information. If you do receive any emails that you believe are suspicious, do not click on them and do not respond. We encourage you to flag them with your email provider;
- Use a password manager: We recommend you use a password manager such as Lastpass or Google Chrome to generate and remember a unique, secure password for each site you use; and
- Prompting users to change passwords: We ask all users to reset their passwords set before the attack to change them.
A final word from Paula
- Currently seeking fixed fee or no win, no fee legal counsel
33 exclusive CPD-LIVE 2019 1 hour sessions are available via:
- individual or CPD for Me subscription (Preview CPD – Practice Mgt, Skills, Auslaw, Ethics)
- Vimeo On Demand
- white label, Mp4 or vimeo link with pdf handouts for mid to large firms with monthly or quarterly reporting requirements
- Corporate Solutions available from $15 a CPD Unit
Thank you to our speakers and subscribers for their continued patience and support. I would like to thank Automation Agency, who have been our away team since 2016. Their invaluable assistance to protect and move our websites so quickly to a new dedicated server truly was a blessing. Their quick response to this cyber threat allowed us to transact in a safe and secure environment.
I would like to also thank our Australian team who assisted us to keep the doors open and publish CPD-LIVE 2019 content which included Bronwyn Pott who has been with me from the start in 2013 and Barbara, Luke, Jacob, Tracey, Frank, Sharn, Kate, Veronica, Hannah, Abel and Jack – thank you for your time and efforts.
This has been a personal attack at me. I am deeply sorry that this has happened. It has been so sad to speak with several subscribers who have also been hacked. I was alarmed to hear all their stories which included some lawyers closing down their practices. Others are limping along and just trying to keep their doors open and recover. Some of the cyber security incidents included staff walking out with precedents on USB, staff clicking on dodgy emails which resulted in trust funds being stolen ($200k to $13 million), viruses and devices being wiped with ransomware.
Everyone at CPD for Me has been on the receiving end of updates like this, and at a personal level we know how upsetting and downright devastating it can be. We want to rebuild and regain the trust you have given us, and will work hard to earn it.
That is why I have introduced the Cyber Security Series with Frank Downes and Dr Suresh Hungenahally. I am so thankful for all their assistance, guidance and support this year assisting me to effectively lock down our systems from further attacks.
“Cyber Security is No 1 must watch CPD in 2019 to make sure principals protect and secure their firm assets and intellectual property.” ~ Paula Gilmour
On a good note I have not had the opportunity to promote our students being a viable alternative to offshoring your marketing, social media and video productions.
Applications open now for firms, schools and students.
#SAKT (Support Our Kids Too)
2020 Year 10 – 12 Remote Digital Work Experience Program
Organised by MidCoast Digital (Social Media | Video Production)
Previously referred to as #SOYT (Support Our Youth Too)
Our Youth Our Future however students felt #SAKT was more appropriate for how they felt
If you have any comments, suggestions further questions, please email me firstname.lastname@example.org
I continue to have patience and faith, I trust you will too. My motto is simplify, automate with no more than 4 intuitive steps. This year has been so bitter sweet, heartbreaking on both a professional and personal level.
2019 content produced is our very best to date from award winning experts and viewed by over 1500+ firms including international and tier 1 subscribers worldwide.
Click here to schedule 15 minute chat to discuss
* I am eternally grateful for my family love and support.