Each week Breach Clarity compiles a list of what it considers to be notable data breaches—those that are worth highlighting because of the increased intensity of the risk to personal information. The Breach Clarity score identifies the level of risk on a scale of 1 to 10—the higher the score, the more severe the breach and level of risk.
This week features a fairly rare occurrence – a breach that makes its way all the way up to the top of Breach Clarity’s rating scale. In our database of over 5,000 breaches only around 50 score a 10. What we have found consistently is that smaller breaches tend to pose much more concentrated risk to victims. Breaches that score a 10 average just 56,000 victims (compared to an average of around 4,000,000 victims for breaches that score a 1), but these victims face a huge array of risks. The highest-scoring breaches expose victims to a high degree of risk across multiple fraud types. For instance, over 95% of the breaches in our database that score a 10 expose both victims’ Social Security numbers and full credit or debit card numbers, creating both the immediate value for fraudsters in traditional card fraud and the long-term value of fraudulently opened loan accounts, tax refund fraud or any number of other identity crimes.
Breach Clarity’s Weekly Spotlighted Data Breach Report
New breaches added: 30
Light Tower Financial Strategies
A cyberattack against Light Tower Financial Strategies allowed the perpetrator to gain unauthorized access to a computer containing sensitive personal information on Light Tower’s clients. Exposed data types include Social Security numbers, credit and debit card information, driver’s license numbers, contact information and more.
What should you do? Any time a breach exposes data that is this sensitive, victims should take the time to make sure that they have put essential protections in place across all aspects of their identity. This includes locking or freezing your credit report; using strong authentication on your bank accounts, email and other important services and making sure that you have set up alerts for suspicious activity on your accounts.
Walsh Brothers Construction
Breach Clarity Score – 6
A ransomware attack against Walsh Brothers compromised files containing sensitive personal information. In ransomware attacks, the goal of the attack is typically to extort the infected organization into paying to regain access to their files, although some ransomware strains also take the encrypted files and send them to the group managing the malware. Compromised data types include Social Security numbers, driver’s license numbers, financial account information, and contact information.
What should you do? This breach carries a high risk of account takeover – unauthorized access to victims’ bank accounts. Setting up strong authentication, such as use of temporary passcodes at login, can protect your financial accounts. Victims should also review the alerts offered by their bank or credit union to ensure that they are notified of suspicious login attempts or transfers out of their bank accounts.
Recology King County (third-party Automatic Fund Transfer Services, Inc.)
Breach Clarity Score – 5
The personal information of customers of Recology King County was compromised in a ransomware attack against Automatic Fund Transfer Services, Inc. This is a continuation of the same incident we highlighted last week involving four Washington cities. Unfortunately, while those cities used AFTS to process paper checks and consequently only exposed fairly low-value data, the data exposed for Recology customers includes credit and debit card information in addition to names, contact information and images of checks.
What should you do? When credit or debit card data is stolen, you should contact your issuer to determine whether you need a replacement card. Many card issuers also allow you to set up alerts for large or unusual purchases. These alerts can help you quickly identify suspicious activity and notify your bank or credit union of the fraud.
Warehouse Services, Inc.
Breach Clarity Score – 5
A ransomware attack against Warehouse Services, Inc. compromised files containing sensitive personal information, including Social Security numbers, financial account information, names, addresses and dates of birth. In ransomware attacks, the goal of the attack is typically to extort the infected organization into paying to regain access to their files, although some ransomware strains also take the encrypted files and send them to the group managing the malware.
What should you do? Since the information stolen in this breach creates a high risk of fraudulently opened credit (loan accounts), safeguards like locking or freezing your credit are the best place to start. If you expect to need to have your credit account unlocked, enrolling in credit monitoring through the provider offered by the breached organization or through a free service can help keep you informed of potentially suspicious changes to your credit report.
About the Breach Clarity Score
Breach Clarity created an algorithm that deeply analyzes and assigns every publicly reported data breach a Breach Clarity score, most often from 1 to 10. The higher the score, the more severe. (In rare and extreme cases, the score can exceed 10.)
The idea for the Breach Clarity score came from data breach expert Jim Van Dyke, who realized the public should be able to access the same analysis he used as an expert witness to discern data breach risks in the country’s biggest data breach cases. Breach Clarity’s artificial intelligence algorithm simulates that advanced, objective analysis and is available to anyone as a free tool in the fight against identity fraud and cybercrime. The score, risks and recommended action for any publicly reported data breach is available at Breach Clarity.