Each week Breach Clarity compiles a list of what it considers to be notable data breaches—those that are worth highlighting because of the increased intensity of the risk to personal information. The Breach Clarity score identifies the level of risk on a scale of 1 to 10—the higher the score, the more severe the breach and level of risk.
Typically, the highest-risk breaches of the week expose data types that are immediately useful for fraud schemes: Social Security numbers, passwords, card data, etc. This week, the dump of user data from dating site MeetMindful demonstrates the risk that compromised personal information poses, even if few of those data types are explicitly used in identity verification or authentication processes.
Breaches that expose “softer” pieces of personal information – victim’s preferences or personal histories, for instance – allow cybercriminals to tailor scams, phishing, and other social engineering techniques to the specific target. Even for more conventional fraud schemes, having a rich background on the victim can make it easier to successfully impersonate them during interactions with call center representatives and gain access to financial accounts.
Breach Clarity’s Weekly Spotlighted Breaches
New breaches added: 36
Merchant One, Inc.
Breach Clarity Score – 8
A cyberattack on a third-party IT provider for Merchant One allowed cybercriminals to access sensitive personal data stored by the payment processor. Exposed data types include Social Security numbers, driver’s license numbers, passport information, financial account information and more.
What should you do? Any time a breach exposes data that is this sensitive, victims should take the time to make sure that they have put essential protections in place across all aspects of their identity. This includes locking or freezing your credit report; using strong authentication on your bank accounts, email and other important services; and making sure that you have set up alerts for suspicious activity on your accounts.
Breach Clarity Score – 7
A ransomware attack against thyssenkrupp Materials compromised files containing sensitive personal information. In ransomware attacks, the goal of the attack is typically to extort the infected organization into paying to regain access to their files, although some ransomware strains also take the encrypted files and send them to the group managing the malware. Exposed data types include Social Security numbers, financial account information, contact information, and more.
What should you do? Since the information stolen in this breach creates a high risk of fraudulently opened credit (loan accounts), safeguards like locking or freezing your credit are the best place to start. If you expect to need to have your credit account unlocked, enrolling in credit monitoring through the provider offered by the breached organization or through a free service can help keep you informed of potentially suspicious changes to your credit report.
Breach Clarity Score – 6
Unauthorized access to several employee email accounts at fencing product distributor Master Halco allowed cybercriminals to access sensitive personal information contained in messages and attachments that passed through the account. Data types exposed include Social Security numbers, driver’s license numbers, financial account numbers, and credit and debit card numbers.
What should you do? When credit or debit card data is stolen, you should contact your issuer to determine whether you need a replacement card. Many card issuers also allow you to set up alerts for large or unusual purchases. These alerts can help you quickly identify suspicious activity and notify your bank or credit union of the fraud.
Breach Clarity Score – 4
A cybercriminal publicly released a 1.2 GB database containing sensitive information on over two million users of the dating site MeetMindful. Data types included in the records include contact information, device information, encrypted passwords, and user profiles. Because the data exposed in this breach has been released to the public, it poses a particularly high risk to victims, since any cybercriminal organization can access and misuse this information immediately.
What should you do? User profiles like the information exposed in this breach provides valuable background information on victims that is particularly useful for scammers. Victims should be on high alert for individuals contacting them claiming to be from their bank, insurance, healthcare provider, or other trusted organizations. If you receive a suspicious call or email, you should end the call and contact the organization directly.
About the Breach Clarity Score
Breach Clarity created an algorithm that deeply analyzes and assigns every publicly reported data breach a Breach Clarity score, most often from 1 to 10. The higher the score, the more severe. (In rare and extreme cases, the score can exceed 10.)
The idea for the Breach Clarity score came from data breach expert Jim Van Dyke, who realized the public should be able to access the same analysis he used as an expert witness to discern data breach risks in the country’s biggest data breach cases. Breach Clarity’s artificial intelligence algorithm simulates that advanced, objective analysis and is available to anyone as a free tool in the fight against identity fraud and cybercrime. The score, risks and recommended action for any publicly reported data breach is available at Breach Clarity.