Breach Clarity Data Breach Report: Week of Jan. 26
Each week Breach Clarity compiles a list of what it considers to be notable data breaches—those that are worth highlighting because of the increased intensity of the risk to personal information. The Breach Clarity score identifies the level of risk on a scale of 1 to 10—the higher the score, the more severe the breach and level of risk.
Breach Clarity’s weekly spotlighted breaches almost always include at least one email-based breach. Email accounts are frequently a weak point for corporate data defenses. With many email accounts accessible through web portals, all it takes for cybercriminals to gain access is a single employee reusing their login credentials across multiple sites or falling for a phishing email scam. Compromised email accounts are extremely valuable to cybercriminals because of their versatility—in addition to holding sensitive personal information, a compromised email account offers a beachhead for spam campaigns, spearphishing attacks or the potential to pose as a colleague and deceive other employees into sending more sensitive personal data.
New breaches added this week: 36
Breaches of Note
New York Legal Assistance Group
Breach Clarity Score – 9
Unauthorized access to several employee email accounts at the New York Legal Assistance Group exposed personal information contained in emails and attachments that passed through the accounts. Data types exposed include Social Security numbers, driver’s license numbers, credit and debit card information, usernames/passwords and more.
What should you do? Anytime a breach exposes data that is this sensitive, victims should take the time to make sure that they have put essential protections in place across all aspects of their identity. This includes locking or freezing your credit report; using strong authentication on your bank accounts, email and other important services and making sure that you have set up alerts for suspicious activity on your accounts.
Jet Aviation (third-party Avianis)
Breach Clarity Score – 7
A cyberattack on Avianis, Jet Aviation’s IT vendor, exposed data on Jet Aviation’s customers and employees as it passed through Avianis’ network. Exposed data types include passport numbers, driver’s license numbers, travel visa information and credit and debit card information.
What should you do? When credit or debit card data is stolen, you should contact your issuer to determine whether you need a replacement card. Many card issuers also allow you to set up alerts for large or unusual purchases. These alerts can help you quickly identify suspicious activity and notify your bank or credit union of the fraud.
SEMA Construction Inc.
Breach Clarity Score – 6
A phishing attack on one of SEMA Construction’s employees allowed cybercriminals to gain access to an internal email account, exposing employees’ sensitive personal information contained in emails and attachments that passed through the account. Data types exposed include Social Security numbers, financial account information and driver’s license and passport numbers.
What should you do? This breach carries a high risk of account takeover – unauthorized access to victims’ bank accounts. Setting up strong authentication, such as use of temporary passcodes at login, can protect your financial accounts. Victims should also review the alerts offered by their bank or credit union to ensure that they are notified of suspicious login attempts or transfers out of their bank accounts.
JMA Energy Company LLC
Breach Clarity Score – 5
A ransomware attack against JMA Energy Company compromised files containing sensitive personal information. In ransomware attacks, the goal of the attack is typically to extort the infected organization into paying to regain access to their files, although some ransomware strains also take the encrypted files and send them to the group managing the malware. Exposed data types include Social Security numbers, contact information, financial account information and more.
What should you do? Since the information stolen in this breach creates a high risk of fraudulently opened credit (loan accounts), safeguards like locking or freezing your credit are the best place to start. If you expect to need to have your credit account unlocked, enrolling in credit monitoring through the provider offered by the breached organization or through a free service can help keep you informed of potentially suspicious changes to your credit report.
About the Breach Clarity Score
Breach Clarity created an algorithm that deeply analyzes and assigns every publicly reported data breach a Breach Clarity score, most often from 1 to 10. The higher the score, the more severe. (In rare and extreme cases, the score can exceed 10.)
The idea for the Breach Clarity score came from data breach expert Jim Van Dyke, who realized the public should be able to access the same analysis he used as an expert witness to discern data breach risks in the country’s biggest data breach cases. Breach Clarity’s artificial intelligence algorithm simulates that advanced, objective analysis and is available to anyone as a free tool in the fight against identity fraud and cybercrime. The score, risks and recommended action for any publicly reported data breach is available at Breach Clarity.
