Breach Clarity Weekly Data Breach Report: Week of April 12

Each week Breach Clarity, recently acquired by Sontiq, compiles a list of what it considers to be notable data breaches—those that are worth highlighting because of the increased intensity of the risk to personal information. The Breach Clarity score identifies the level of risk on a scale of 1 to 10—the higher the score, the more severe the breach and level of risk.

It has not been a particularly good week to be on a social network. Massive dumps of data from Facebook, LinkedIn and Clubhouse all surfaced on dark web marketplaces, exposing data on well over one billion accounts globally across the three platforms. The information contained in these collections of data appears to have been taken “legitimately,” in other words, using tools made available to collect semi-public data on social network accounts. This has inevitably sown confusion around the response to the incident since, for the purpose of most state data breach notification laws, these events don’t actually qualify as breaches. There was no unauthorized intrusion into the company’s systems, and all the information taken had been voluntarily shared, in some capacity, by the account holders.

While this distinction may make sense for lawmakers, it’s not clear how useful it is for consumers. The data compiled in these incidents was made available for purchase or download on cybercriminal forums, which don’t try to hide the fact that the data is intended to be used for criminal purposes. Based on the information types exposed in these events, risk created for victims is comparatively low (ranging from one to three on Breach Clarity’s 10-point scale), but the media coverage of these scrapes creates an immediate opportunity for scam campaigns aiming to harvest more personal information from victims or distribute malware. Scammers can use the data exposed in these events to personalize messages to each victim, providing a higher level of credibility than blanket campaigns. Victims should be on the lookout for suspicious emails or calls claiming to be from a trusted organization like a bank or medical provider.

Since it does not appear that Facebook, LinkedIn, or Clubhouse will be sending out notification letters, individuals who believe they may have been affected by this breach can check if their information has been exposed through dark web scanning services provided by an identity protection service provider, or trusted free services like Have I Been Pwned. However, it does not appear that the full extent of this data will be available to dark web scanning services – the Facebook and Clubhouse data has been released freely, and will likely make its way onto dark web scanning services, but only a small portion of the LinkedIn data set is available – so if your information does not appear in the scan, it does not necessarily mean that your information was not exposed.

New breaches Added: 36

Centers for Advanced Orthopaedics

BreachIQ Score: 10

Unauthorized access to an email account within the Centers for Advanced Orthopaedics (CAO) allowed cybercriminals to gain access to sensitive personal information on patients, employees and employees’ dependents contained in messages and attachments that passed through the account. Exposed data types included sensitive medical records such as diagnoses and treatment information, as well as Social Security numbers, driver’s license numbers, financial account numbers, credit and debit card information, login information and email addresses.

What should you do? Any time a breach exposes data that is this sensitive, victims should take the time to make sure that they have put essential protections in place across all aspects of their identity. This includes locking or freezing your credit report; using strong authentication on your bank accounts, email and other important services; and making sure that you have set up alerts for suspicious activity on your accounts.

This breach carries a high risk of account takeover – unauthorized access to victims’ bank accounts. Setting up strong authentication, such as use of temporary passcodes at login, can protect your financial accounts. Victims should also review the alerts offered by their bank or credit union to ensure that they are notified of suspicious login attempts or transfers out of their bank accounts.

More Information

Remedy Medical Group (third-party Administrative Advantage)

BreachIQ Score: 10

Unauthorized access to an email account at Administrative Advantage, a billing service provider for Remedy Medical Group, allowed cybercriminals to gain access to sensitive personal information on Remedy Medical Group’s patients. Exposed data types vary by victim, but include Social Security numbers, financial account information, driver’s license numbers, credit and debit card numbers, login information, as well as medical records such as diagnoses, treatments, lab results and more.

What should you do? Any time a breach exposes data that is this sensitive, victims should take the time to make sure that they have put essential protections in place across all aspects of their identity. This includes locking or freezing your credit report; using strong authentication on your bank accounts, email and other important services; and making sure that you have set up alerts for suspicious activity on your accounts.

This breach carries a high risk of account takeover – unauthorized access to victims’ bank accounts. Setting up strong authentication, such as use of temporary passcodes at login, can protect your financial accounts. Victims should also review the alerts offered by their bank or credit union to ensure that they are notified of suspicious login attempts or transfers out of their bank accounts.

More Information

BioTel Heart (Third-Party Vendor)

BreachIQ Score: 6

Improper record handling by an undisclosed vendor of BioTel Heart allowed those records to be publicly accessible from October 2019 to August 2020. Exposed records contained Social Security numbers, contact information, health insurance information, as well as medical records related to remote cardiac monitoring services.

What should you do? Since the information stolen in this breach creates a high risk of fraudulently opened credit (loan accounts), safeguards like locking or freezing your credit are the best place to start. If you expect to need to have your credit account unlocked, enrolling in credit monitoring through the provider offered by the breached organization or through a free service can help keep you informed of potentially suspicious changes to your credit report.

More Information

Accellion Breach Complex

BreachIQ Score: 2-8 (score varies by affected organization)

In early February 2021, the Office of the Washington State Auditor disclosed the first in a series of breaches involving Accellion’s File Transfer Appliance (FTA), a legacy file transfer system. Because this breach exposed data stored in files processed through the FTA, the types of data and risks involved vary widely between affected organizations, which is reflected in the range of risk scores. To date, we have recorded 26 organizations whose data was exposed through vulnerabilities in FTA. This week, 13 of the 38 breaches we recorded for this week were linked to Accellion and include: Trinity Health, UC Davis, University of Maryland, Baltimore, El Paso Electric, Health Net Community Solutions, Health Net of California, Health Net Life Insurance Company, California Health & Wellness, Memorial Sloan Kettering Cancer Center and CalViva Health.

Several other organizations have been identified as having data compromised in the Accellion breach, but have not disclosed enough information for Breach Clarity to be able to assess the risks created by these exposures. These organizations include Stanford University School of Medicine, Yeshiva University and UC Berkeley. As more information becomes available, we will update these breaches with the data types exposed and the risks created by the incident.

What should you do? Since the information exposed in this breach varies by affected organization, if you have done business with any of the organizations listed above, you should refer to their individual web pages to understand the severity, top risks and recommended actions for each incident.

About the Breach Clarity Score

Breach Clarity, recently acquired by Sontiq, created an algorithm that deeply analyzes and assigns every publicly reported data breach a Breach Clarity score, most often from 1 to 10. The higher the score, the more severe. (In rare and extreme cases, the score can exceed 10.)

The idea for the Breach Clarity score came from data breach expert Jim Van Dyke, who realized the public should be able to access the same analysis he used as an expert witness to discern data breach risks in the country’s biggest data breach cases. Breach Clarity’s artificial intelligence algorithm simulates that advanced, objective analysis and is available to anyone as a free tool in the fight against identity fraud and cybercrime. The score, risks and recommended action for any publicly reported data breach is available at Breach Clarity.

Featured eBook
Managing the AppSec Toolstack

Managing the AppSec Toolstack

The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking  more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge many organizations are facing now ... Read More
Security Boulevard

Kyle Marchini

Kyle Marchini is a product manager at Breach Clarity, where he oversees the development and implementation of data breach intelligence solutions for financial institutions, identity security providers and other organizational partners. Prior to his work at Breach Clarity, Kyle was a Senior Analyst for Fraud Management at research-based advisory firm Javelin Strategy & Research. He deeply studied both fraud management and consumer behavior, directing some of the industry’s most widely-cited research on identity fraud. His work has been cited on topics ranging from the impact of fraud and breaches on consumers’ banking relationships to the role of emerging technologies such as behavioral analytics in mitigating fraud risk.

kyle-marchini has 27 posts and counting.See all posts by kyle-marchini