Breach Clarity Data Breach Report: Week of Feb. 8 - Security Boulevard

Breach Clarity Data Breach Report: Week of Feb. 8

Each week Breach Clarity compiles a list of what it considers to be notable data breaches—those that are worth highlighting because of the increased intensity of the risk to personal information. The Breach Clarity score identifies the level of risk on a scale of 1 to 10—the higher the score, the more severe the breach and level of risk.

What we’ve consistently found is smaller breaches that more easily fly under radar often expose victims to concentrated identity risk.

FinConDX 2021

Two of the breaches this week involve third parties – a growing trend that was responsible for some of the most serious breaches of 2020. Compromising an organization that regularly processes other organization’s data allows hackers to quickly gain access to a cluster of systems, without having to attack and infiltrate each organization separately. For instance, the Office of the Washington State Auditor breach occurred through a compromised legacy file transfer software, and may have exposed data held by up to 50 other organizations using the software. The severity of these breach complexes can be difficult to assess, since the types of data compromised can vary wildly between affected companies.

New breaches added: 16

Wind River Systems, Inc.

Breach Clarity Score – 7

Wind River Systems, a software development company, reports that cybercriminals were able to download multiple files containing sensitive personal information from their network. Exposed data types vary by individual, but can include Social Security numbers, driver’s license numbers, financial account information and more.

What should you do? Since the information stolen creates a high risk of fraudulently opened credit (loan accounts), safeguards like locking or freezing your credit are the best place to start. If you expect to need to have your credit account unlocked, enrolling in credit monitoring through the provider offered by the breached organization or through a free service can help keep you informed of potentially suspicious changes to your credit report.

More information

Office of the Washington State Auditor

Breach Clarity Score – 6

Records of 1.6 million unemployment claims were breached from the Office of the Washington State Auditor through a flaw in file transfer software used within the agency. The Office of the Washington State Auditor was reportedly in the process of transitioning away from using FTA, a legacy file transfer software that Accellion, the software’s producer, had been encouraging customers to sunset. The employment claims had been collected by the auditor as part of an investigation into unemployment fraud committed during the pandemic. Exposed data types include Social Security numbers, driver’s license numbers, financial account information and more.

What should you do? Since the information stolen creates a high risk of fraudulently opened credit (loan accounts), safeguards like locking or freezing your credit are the best place to start. If you expect to need to have your credit account unlocked, enrolling in credit monitoring through the provider offered by the breached organization or through a free service can help keep you informed of potentially suspicious changes to your credit report.

More information

Ramsey County

Breach Clarity Score – 5

A ransomware attack against Netgain, a technology service provider to Ramsey County, Minnesota, compromised documentation around home visits by Ramsey County’s Family Health Services division. In ransomware attacks, the goal of the attack is typically to extort the infected organization into paying to regain access to their files, although some ransomware strains also take the encrypted files and send them to the group managing the malware. Exposed data types include contact information, health insurance information, medical information and, for a limited number of victims, Social Security numbers.

What should you do? Knowing that the data stolen in this breach was from home visits from county staff can provide scammers with valuable background information that could allow them to impersonate trusted entities, like government agencies, financial institutions or doctors. Victims of this breach should be on the alert for suspicious emails or phone calls asking for personal information, especially if connected to a previous home visit from Ramsey County staff.

Additionally, since the information stolen creates a high risk of fraudulently opened credit (loan accounts), safeguards like locking or freezing your credit are the best place to start. If you expect to need to have your credit account unlocked, enrolling in credit monitoring through the provider offered by the breached organization or through a free service can help keep you informed of potentially suspicious changes to your credit report.

More information

Brotherhood’s Relief & Compensation Fund

Breach Clarity Score – 5

A cyberattack against Brotherhood’s Relief & Compensation Fund allowed perpetrators to steal files containing Social Security numbers, contact information and financial account information. Brotherhood’s Relief & Compensation Fund has not publicly released more information on the nature of the cyberattack or the types of records compromised in the incident.

What should you do? Since the information stolen creates a high risk of fraudulently opened credit (loan accounts), safeguards like locking or freezing your credit are the best place to start. If you expect to need to have your credit account unlocked, enrolling in credit monitoring through the provider offered by the breached organization or through a free service can help keep you informed of potentially suspicious changes to your credit report.

More Information

About the Breach Clarity Score

Breach Clarity created an algorithm that deeply analyzes and assigns every publicly reported data breach a Breach Clarity score, most often from 1 to 10. The higher the score, the more severe. (In rare and extreme cases, the score can exceed 10.)

The idea for the Breach Clarity score came from data breach expert Jim Van Dyke, who realized the public should be able to access the same analysis he used as an expert witness to discern data breach risks in the country’s biggest data breach cases. Breach Clarity’s artificial intelligence algorithm simulates that advanced, objective analysis and is available to anyone as a free tool in the fight against identity fraud and cybercrime. The score, risks and recommended action for any publicly reported data breach is available at Breach Clarity.

Featured eBook
The Dangers of Open Source Software and Best Practices for Securing Code

The Dangers of Open Source Software and Best Practices for Securing Code

More and more organizations are incorporating open source software into their development pipelines. After all, embracing open source products such as operating systems, code libraries, software and applications can reduce costs, introduce additional flexibility and help to accelerate delivery. Yet, open source software can introduce additional concerns into the development process—namely, security. Unlike commercial, or ... Read More
Security Boulevard

Kyle Marchini

Kyle Marchini is a product manager at Breach Clarity, where he oversees the development and implementation of data breach intelligence solutions for financial institutions, identity security providers and other organizational partners. Prior to his work at Breach Clarity, Kyle was a Senior Analyst for Fraud Management at research-based advisory firm Javelin Strategy & Research. He deeply studied both fraud management and consumer behavior, directing some of the industry’s most widely-cited research on identity fraud. His work has been cited on topics ranging from the impact of fraud and breaches on consumers’ banking relationships to the role of emerging technologies such as behavioral analytics in mitigating fraud risk.

kyle-marchini has 27 posts and counting.See all posts by kyle-marchini