Breach Clarity Weekly Data Breach Report: Week of April 19

Each week Breach Clarity, recently acquired by Sontiq, compiles a list of what it considers to be notable data breaches—those that are worth highlighting because of the increased intensity of the risk to personal information. The Breach Clarity score identifies the level of risk on a scale of 1 to 10—the higher the score, the more severe the breach and level of risk.

This week features a slew of ongoing breach complexes involving the compromise of a data processor, which allowed perpetrators to gain access to the breached organizations’ clients’ data – dramatically expanding the scope of the breach. In spite of the breach being more than a year old, the Blackbaud breach complex continues to claim more victims, with six more Blackbaud-linked breaches added to our database this week. In total we have seen more than five hundred organizations affected by the Blackbaud breach, making it the most far-ranging breach complex we have encountered to date. The Barrett Business Services breach illustrates the challenge of managing vendor relationships to appropriately secure data, since they did not do business directly with the breached organization, but instead were affected through yet another vendor, Perkins & Co., which in turn used Netgain Technologies as a cloud hosting provider.

All of the breach complexes covered this week began with a ransomware attack, which has proven a lucrative tactic against data processors who face tremendous pressure to quickly restore access to locked-down files. In the case of Netgain, we know that the breached organization paid an undisclosed ransom amount for the decryption key to regain access to the compromised files. However, this certainly does not prevent the cybercriminals from retaining the stolen data and later selling it on criminal marketplaces.

New breaches added: 46

Harbor Health Services, Inc. (Third-Party PeakTPA)

BreachIQ score: 5

A ransomware attack against PeakTPA, a vendor providing administrative services for claims payment with Harbor Health Services (HHS), exposed data on HHS’ customers as it passed through PeakTPA’s systems. In ransomware attacks, the goal of the attack is typically to extort the infected organization into paying to regain access to their files, although some ransomware strains also take the encrypted files and send them to the group managing the malware. Exposed data types include Social Security numbers, addresses, insurance claim information and medical information such as diagnoses.

What should you do? Since the information stolen in this breach creates a high risk of fraudulently opened credit (loan accounts), safeguards like locking or freezing your credit are the best place to start. If you expect to need to have your credit account unlocked, enrolling in credit monitoring through the provider offered by the breached organization or through a free service can help keep you informed of potentially suspicious changes to your credit report.

More information

Marines’ Memorial Association & Foundation (Third-Party Blackbaud)

BreachIQ score: 5

A ransomware attack against software provider Blackbaud resulted in cybercriminals stealing data belonging to a large number of Blackbaud’s clients, including the Marines’ Memorial Association & Foundation. Although the initial Blackbaud attack occurred in early 2020, the number of organizations identified as having data compromised continues to grow. To date, Breach Clarity is aware of over five hundred organizations involved in the Blackbaud breach complex.  The data compromised from the Marines’ Memorial Association & Foundation includes Social Security numbers, financial account information, addresses, names and dates of birth.

What should you do? Since the information stolen in this breach creates a high risk of fraudulently opened credit (loan accounts), safeguards like locking or freezing your credit are the best place to start. If you expect to need to have your credit account unlocked, enrolling in credit monitoring through the provider offered by the breached organization or through a free service can help keep you informed of potentially suspicious changes to your credit report.

More information

PKF O’Connor Davies (third-party Netgain Technology)

BreachIQ score: 5

A ransomware attack against Netgain technologies, a cloud hosting provider for PKF O’Connor Davies (PKFOD) allowed cybercriminals to compromise records containing sensitive personal information on customers of PKFOD. Data exposed from PKFOD customers includes Social Security numbers, financial account information and passport numbers as well as tax documents.

What should you do? Since the information stolen in this breach creates a high risk of fraudulently opened credit (loan accounts), safeguards like locking or freezing your credit are the best place to start. If you expect to need to have your credit account unlocked, enrolling in credit monitoring through the provider offered by the breached organization or through a free service can help keep you informed of potentially suspicious changes to your credit report.

More Information

Barrett Business Services, Inc. (Vendor Perkins & Co., Third-Party Netgain Technology LLC)

BreachIQ Score: 4

This breach is very similar to the PKF O’Connor Davies incident, described above, only instead of Barrett Business Services directly doing business with Netgain, their data was exposed through yet another third-party provider, Perkins & Co., which in turn used Netgain to host its clients’ data in the cloud. Data exposed from Barrett Business Services varies by individual victim, but could include name, address, Social Security number and employment-related information such as employee identification numbers and benefits information.

What should you do? Since the information stolen in this breach creates a high risk of fraudulently opened credit (loan accounts), safeguards like locking or freezing your credit are the best place to start. If you expect to need to have your credit account unlocked, enrolling in credit monitoring through the provider offered by the breached organization or through a free service can help keep you informed of potentially suspicious changes to your credit report.

More information

About the Breach Clarity Score

Breach Clarity, recently acquired by Sontiq, created an algorithm that deeply analyzes and assigns every publicly reported data breach a Breach Clarity score, most often from 1 to 10. The higher the score, the more severe. (In rare and extreme cases, the score can exceed 10.)

The idea for the Breach Clarity score came from data breach expert Jim Van Dyke, who realized the public should be able to access the same analysis he used as an expert witness to discern data breach risks in the country’s biggest data breach cases. Breach Clarity’s artificial intelligence algorithm simulates that advanced, objective analysis and is available to anyone as a free tool in the fight against identity fraud and cybercrime. The score, risks and recommended action for any publicly reported data breach is available at Breach Clarity.

Featured eBook
7 Must-Read eBooks for Security Professionals

7 Must-Read eBooks for Security Professionals

From AppSec to SecOps, Security Boulevard eBooks deliver in-depth insights into hot topics that matter to the Cybersecurity and DevSecOps professionals. Our staff of writers are the best in the business, with decades of practical and award-winning experience and credentials. We are excited to share our 2019 favorites. Take a look and download some of ... Read More
Security Boulevard

Kyle Marchini

Kyle Marchini is a product manager at Breach Clarity, where he oversees the development and implementation of data breach intelligence solutions for financial institutions, identity security providers and other organizational partners. Prior to his work at Breach Clarity, Kyle was a Senior Analyst for Fraud Management at research-based advisory firm Javelin Strategy & Research. He deeply studied both fraud management and consumer behavior, directing some of the industry’s most widely-cited research on identity fraud. His work has been cited on topics ranging from the impact of fraud and breaches on consumers’ banking relationships to the role of emerging technologies such as behavioral analytics in mitigating fraud risk.

kyle-marchini has 27 posts and counting.See all posts by kyle-marchini