Breach Clarity Data Breach Report: Week of Feb. 15

Each week Breach Clarity compiles a list of what it considers to be notable data breaches—those that are worth highlighting because of the increased intensity of the risk to personal information. What we’ve consistently found is smaller breaches that more easily fly under radar often expose victims to concentrated identity risk. The Breach Clarity score identifies the level of risk on a scale of 1 to 10—the higher the score, the more severe the breach and level of risk.

This was another bad week for third-party breaches, with two more spotlighted breaches arising from compromises at an outside organization. While the breached organization has little control over breaches that occur at third-party organizations, because they are the owner of the compromised data they frequently bear the brunt of sending out notification letters and the reputational risk that accompanies a data breach. Since relying on third-party organizations to process customer information is necessary for many businesses, companies should be aware of how that data is being handled and stored, as well as what safeguards have been put in place to reduce risk of data breaches.

New breaches added: 26

Charles J. Hilton & Associates P.C.
Breach Clarity Score – 6

A compromised email addresses at Charles J. Hilton & Associates exposed the data of over 36,000 patients at the University of Pittsburgh Medical Center. The law firm provides billing-related legal services to UPMC, which required them to handle patient’s personal information. Exposed data types include Social Security numbers, financial account numbers, driver’s license numbers, health insurance information and more.

What should you do? Since the information stolen in this breach creates a high risk of fraudulently opened credit (loan accounts), safeguards like locking or freezing your credit are the best place to start. If you expect to need to have your credit account unlocked, enrolling in credit monitoring through the provider offered by the breached organization or through a free service can help keep you informed of potentially suspicious changes to your credit report.

Medical records, like the information exposed in this breach, provides valuable background information on victims that is particularly useful for scammers. Victims of this breach should be on high alert for individuals contacting them claiming to be from their bank, insurance, health care provider, or other trusted organizations.  If you receive a suspicious call or email, you should end the call and contact the organization directly.

More information

LSU Health New Orleans Health Care Services Division
Breach Clarity Score – 4-6

A compromised email account at LSU Health New Orleans Health Care Services Division exposed the personal information of patients at University Medical Center- New Orleans and the Leonard J. Chabert Medical Center. While the breach at LSU HCSD was disclosed in late November 2020, new affected organizations continued to be identified after public disclosure of the breach. Exposed data types for most victims include contact information, health insurance information, and limited medical information, such as the date of medical service. For a smaller number of victims, financial account information was also exposed.

What should you do? Since the information stolen in this breach creates a high risk of fraudulently opened credit (loan accounts), safeguards like locking or freezing your credit are the best place to start. If you expect to need to have your credit account unlocked, enrolling in credit monitoring through the provider offered by the breached organization or through a free service can help keep you informed of potentially suspicious changes to your credit report.

More information

Bannock County, Idaho
Breach Clarity Score – 5

A cyberattack against Bannock County allowed perpetrators to gain access to its computer network. While the breach was publicly reported in early February 2021, the original compromise occurred in June 2020, so victims should review their accounts and credit reports for suspicious historic activity going back at least six months. Exposed data types include name, Social Security numbers, driver’s license numbers and financial account information.

What should you do? Since the information stolen in this breach creates a high risk of fraudulently opened credit (loan accounts), safeguards like locking or freezing your credit are the best place to start. If you expect to need to have your credit account unlocked, enrolling in credit monitoring through the provider offered by the breached organization or through a free service can help keep you informed of potentially suspicious changes to your credit report.

More Information

Automatic Fund Transfer Services, Inc.
Breach Clarity Score – 1-2

A ransomware attack against Automatic Funds Transfer Services, Inc. compromised personal information related to utility billing for residents of several Washington cities, including Kirkland, Mountlake Terrace, Monroe and Redmond. Data processed by AFTS was limited to information related to paper checks, and include names, addresses, account numbers and routing numbers. Electronic payment processing is reportedly handled by another organization for at least one of the cities affected by the breach.

What should you do? This breach carries a high risk of account takeover – unauthorized access to victims’ bank accounts. Setting up strong authentication, such as use of temporary passcodes at login, can protect your financial accounts. Victims should also review the alerts offered by their bank or credit union to ensure that they are notified of suspicious login attempts or transfers out of their bank accounts.

More information

About the Breach Clarity Score

Breach Clarity created an algorithm that deeply analyzes and assigns every publicly reported data breach a Breach Clarity score, most often from 1 to 10. The higher the score, the more severe. (In rare and extreme cases, the score can exceed 10.)
The idea for the Breach Clarity score came from data breach expert Jim Van Dyke, who realized the public should be able to access the same analysis he used as an expert witness to discern data breach risks in the country’s biggest data breach cases. Breach Clarity’s artificial intelligence algorithm simulates that advanced, objective analysis and is available to anyone as a free tool in the fight against identity fraud and cybercrime. The score, risks and recommended action for any publicly reported data breach is available at Breach Clarity.

Avatar photo

Kyle Marchini

Kyle Marchini is a product manager at Breach Clarity, where he oversees the development and implementation of data breach intelligence solutions for financial institutions, identity security providers and other organizational partners. Prior to his work at Breach Clarity, Kyle was a Senior Analyst for Fraud Management at research-based advisory firm Javelin Strategy & Research. He deeply studied both fraud management and consumer behavior, directing some of the industry’s most widely-cited research on identity fraud. His work has been cited on topics ranging from the impact of fraud and breaches on consumers’ banking relationships to the role of emerging technologies such as behavioral analytics in mitigating fraud risk.

kyle-marchini has 27 posts and counting.See all posts by kyle-marchini