Breach Clarity Data Breach Report: Week of March 29
Each week Breach Clarity, recently acquired by Sontiq, compiles a list of what it considers to be notable data breaches—those that are worth highlighting because of the increased intensity of the risk to personal information. The Breach Clarity score identifies the level of risk on a scale of 1 to 10—the higher the score, the more severe the breach and level of risk.
Even as someone who reads quite a few breach notification letters, I’m frequently surprised by how much time can elapse between the initial compromise and notification letters making their way to victims. This week, we have two reasonably dated breaches making an appearance. Solairus Aviation had data exposed in the Avianis breach that occurred at the end of 2020 and was initially reported in January, but Solairus’ involvement in the breach was not publicly reported until March 23.
Active Lifestyle Products and Services reports that their website was compromised almost a year before the breach notification was sent. Obviously, there can be a variety of reasons behind this delay. Organizations may be limited in the amount they can publicly share on a breach while working with law enforcement to identify perpetrators. With complex breaches, it can naturally take time to identify the data that was exposed and which individuals were involved. In more problematic cases, it may simply take months before the breached organization realizes that anything has gone amiss.
As breaches age, the risks to victims change, which is why we report the date when the breach occurred, rather than the date the breach was reported. Data like login credentials and payment card information has a fairly short shelf life before users change their passwords or have their cards reissued. This, combined with fairly aggressive strategies from financial institutions to combat fraud around early card breaches, pushes fraudsters to attempt card fraud and credential stuffing attacks shortly after a new body of breached data is released onto the market. On the other hand, data like official identifiers (e.g. Social Security numbers) and biographical records (e.g. medical histories) can retain relevance for years after a breach, creating a long-term threat around fraudulently opened new accounts and more involved account takeover schemes.
New breaches added: 45
Personal Touch Holding Corp.
A cyberattack on Personal Touch Holding Corp (PTHC) allowed the perpetrator to access PTHC’s private cloud, containing sensitive personal information on patients and employees. For patients, exposed personal information may have included Social Security numbers, financial information, credit and debit card information, medical treatment records, and more. For employees, exposed records may have included background and credit checks, fingerprints, login credentials used at PTHC, Social Security numbers (including spouses and dependents), and more.
In PTHC’s breach notification, they provide a list of direct and indirect subsidiaries that may have had personal information exposed. If you have done business with a Personal Touch company, you should review the list of impacted organizations to determine whether your personal information may have been exposed.
What should you do? Any time a breach exposes data that is this sensitive, victims should take the time to make sure that they have put essential protections in place across all aspects of their identity. This includes locking or freezing your credit report; using strong authentication on your bank accounts, email, and other important services; and making sure that you have set up alerts for suspicious activity on your accounts.
Exposed medical information can provide valuable background information on victims that is particularly useful for scammers. Victims of this breach should be on high alert for individuals contacting them claiming to be from their bank, insurance, healthcare provider, or other trusted organizations. If you receive a suspicious call or email, you should end the call and contact the organization directly.
Solairus Aviation (Third-Party Avianis)
A cyberattack on Avianis allowed cybercriminals to gain access to a Microsoft Azure cloud environment that hosted a flight scheduling and tracking system for Solairus Aviation. This system contained personal information on Solairus’ employees and clients, including Social Security numbers, passport numbers, driver’s license numbers, financial account numbers, and more.
What should you do? Since the information stolen in this breach creates a high risk of fraudulently opened credit (loan accounts), safeguards like locking or freezing your credit are the best place to start. If you expect to need to have your credit account unlocked, enrolling in credit monitoring through the provider offered by the breached organization or through a free service can help keep you informed of potentially suspicious changes to your credit report.
Active Lifestyle Products & Services, Inc. dba ALPS Brands
A cyberattack on Active Lifestyle Products & Services’ (ALPS) websites allowed the perpetrator to inject malicious code designed to capture information entered during e-commerce purchases on the affected websites. ALPS reports that the malicious program was active as early as April 20, 2020. Since the breach only affected information entered during checkout and not information stored by ALPS, if you did not make a purchase during the period of the breach, it is unlikely that your information was affected. Exposed data types include credit and debit card numbers, expiration dates, security codes, email addresses, and other contact information. In ALPS’ notification letter, they list each of their websites believed to have been impacted by the attack.
What should you do? When credit or debit card data is stolen, you should contact your issuer to determine whether you need a replacement card. Many card issuers also allow you to set up alerts for large or unusual purchases. These alerts can help you quickly identify suspicious activity and notify your bank or credit union of the fraud.
Brandman Centers for Senior Care (Third-Party PeakTPA)
A ransomware attack against Peak TPA, a health plan management service vendor for Brandman Centers for Senior Care exposed participant records containing sensitive personal information. In ransomware attacks, the goal of the attack is typically to extort the infected organization into paying to regain access to their files, although some ransomware strains also take the encrypted files and send them to the group managing the malware. Exposed data types include Social Security numbers, medical diagnoses, insurance claim information, and more.
What should you do? Since the information stolen in this breach creates a high risk of fraudulently opened credit (loan accounts), safeguards like locking or freezing your credit are the best place to start. If you expect to need to have your credit account unlocked, enrolling in credit monitoring through the provider offered by the breached organization or through a free service can help keep you informed of potentially suspicious changes to your credit report.
Exposed medical information can provide valuable background information on victims that is particularly useful for scammers. Victims of this breach should be on high alert for individuals contacting them claiming to be from their bank, insurance, healthcare provider, or other trusted organizations. If you receive a suspicious call or email, you should end the call and contact the organization directly.
About the Breach Clarity Score
Breach Clarity, recently acquired by Sontiq, created an algorithm that deeply analyzes and assigns every publicly reported data breach a Breach Clarity score, most often from 1 to 10. The higher the score, the more severe. (In rare and extreme cases, the score can exceed 10.)
The idea for the Breach Clarity score came from data breach expert Jim Van Dyke, who realized the public should be able to access the same analysis he used as an expert witness to discern data breach risks in the country’s biggest data breach cases. Breach Clarity’s artificial intelligence algorithm simulates that advanced, objective analysis and is available to anyone as a free tool in the fight against identity fraud and cybercrime. The score, risks and recommended action for any publicly reported data breach is available at Breach Clarity.
