Sontiq BreachIQ Data Breach Report: Week of Sept. 27
Each week, Sontiq uses its BreachIQ capability to identify recent notable reported data breaches. These breaches are highlighted because of the heightened identity security risks to the victims. BreachIQ uses a proprietary algorithm to analyze more than 1,300 factors of a data breach and create a risk score on a scale of 1-10. The higher the score, the more severe the breach and level of risk.
One of the major challenges we’ve found in motivating consumers to take action about data breaches is a lack of context for the severity of risk created by the data breach. Unfortunately, coverage of data breaches frequently falls into one of two camps: Either the breach is covered as a devastating blow to consumers’ identity security and privacy, or the incident is portrayed as a trivial mishap that is unlikely to have serious consequences. In reality, of course, most breaches fall somewhere in the middle; they create meaningful risks to victims’ identities which can be mitigated by specific actions by those affected. Within BreachIQ, we tend to think about the risks created by breaches within the context of the severity of the identity crimes enabled by the data exposed in the breach:
Low Risk (BreachIQ score 1-3): Data breaches in this tier are the least likely to result in cases of identity theft, scams and fraud that would harm affected consumers. Typically, this means that the breach exposes victims to direct risk from fairly low impact fraud types (e.g. low sophistication spam or phishing messages) and that fraudsters would need to supplement the data exposed in this breach with other types of PII to commit most fraud types.
Moderate Risk (BreachIQ score 4-6): Data breaches in this range create a meaningful risk of identity theft, scams or fraud that could result in some degree of harm to affected consumers. Most breaches in this category contain all the data needed to commit at least one type of fraud (e.g. a breach that exposes card numbers, security codes, expiration dates, etc.), but often expose victims to a narrower range of threats than the highest-risk breaches.
High risk (BreachIQ score 7-10): Data breaches in this tier are likely to lead to identity theft, scams or fraud that significantly harm affected consumers. The highest-risk breaches expose rich identity data types that are used in a wide variety of fraud schemes. For instance, a breach that exposes a victim’s name, social security number, date of birth and other biographical details like income or employment history can be used to open fraudulent new accounts, take over existing financial accounts or file a tax return in the victim’s name.
New breaches added: 39
Horizon House, Inc.
A cyberattack against Horizon House allowed the perpetrator to gain access to records containing sensitive personal information between March 2 and March 5, 2021. Exposed data types include Social Security numbers, driver’s license numbers, financial account information, health insurance information, medical records such as diagnoses and treatment information and more.
What should you do? Since the information stolen in this breach creates a high risk of fraudulently opened credit (loan accounts), safeguards like locking or freezing your credit are the best place to start. If you expect to need to have your credit account unlocked, enrolling in credit monitoring through the provider offered by the breached organization or through a free service can help keep you informed of potentially suspicious changes to your credit report.
Simon Eye Management
A cyberattack against Simon Eye Management allowed the perpetrator to gain access to a number of employee email accounts. In this case, it appears that the primary objective of the attack was to fraudulently wire funds out of the company’s accounts and manipulate invoices to deceive the company into sending funds to the perpetrator. However, the attack also allowed the perpetrator to gain access to sensitive personal information contained in messages and attachments that passed through the affected email accounts from May 12 to May 18, 2021. Exposed data types vary by victim, but include medical records such as treatment and diagnoses, insurance policy details and claims information. For a smaller number of victims, Social Security numbers and financial account information were also compromised.
What should you do? Since the information stolen in this breach creates a high risk of fraudulently opened credit (loan accounts), safeguards like locking or freezing your credit are the best place to start. If you expect to need to have your credit account unlocked, enrolling in credit monitoring through the provider offered by the breached organization or through a free service can help keep you informed of potentially suspicious changes to your credit report.
Palos Community Consolidated School District 118
A ransomware attack against Palos Community Consolidated School District compromised records containing sensitive personal information for school district personnel and students. In ransomware attacks, the goal of the attack is typically to extort the infected organization into paying to regain access to their files. Many ransomware strains also take the encrypted files and send them to the group managing the malware. Since the school district declined to pay the ransom, the perpetrator publicly released compromised files, including scanned tax forms, spreadsheets with employee contact information, as well as some student records. Exposed data types vary by individual, but include Social Security numbers, phone numbers, addresses, and more.
What should you do? Since the information stolen in this breach creates a high risk of fraudulently opened credit (loan accounts), safeguards like locking or freezing your credit are the best place to start. If you expect to need to have your credit account unlocked, enrolling in credit monitoring through the provider offered by the breached organization or through a free service can help keep you informed of potentially suspicious changes to your credit report.
Republic Services (formerly Flowers Sanitation)
A cyberattack against Flowers Sanitation’s website (now acquired by Republic Services) allowed the perpetrator to deploy malicious code designed to capture customer information as it was entered on the site during checkout between February 2019 and July 7, 2021. Exposed data types include credit and debit card information, email address, and password. Fortunately, this kind of attack only captures data as it is entered into the website, so purchases made with saved card information should not be affected.
What should you do? When credit or debit card data is stolen, you should contact your issuer to determine whether you need a replacement card. Many card issuers also allow you to set up alerts for large or unusual purchases. These alerts can help you quickly identify suspicious activity and notify your bank or credit union of the fraud.
