Sontiq BreachIQ Data Breach Report: Week of Nov. 8
Each week, Sontiq uses its BreachIQ capability to identify recent notable reported data breaches. These breaches are highlighted because of the heightened identity security risks to the victims. BreachIQ uses a proprietary algorithm to analyze more than 1,300 factors of a data breach and create a risk score on a scale of 1-10. The higher the score, the more severe the breach and level of risk.
One of the major challenges we’ve found in motivating consumers to take action about data breaches is a lack of context for the severity of risk created by the data breach. Unfortunately, coverage of data breaches frequently falls into one of two camps: Either the breach is covered as a devastating blow to consumers’ identity security and privacy, or the incident is portrayed as a trivial mishap that is unlikely to have serious consequences. In reality, of course, most breaches fall somewhere in the middle; they create meaningful risks to victims’ identities which can be mitigated by specific actions by those affected. Within BreachIQ, we tend to think about the risks created by breaches within the context of the severity of the identity crimes enabled by the data exposed in the breach:
Low Risk (BreachIQ score 1-3): Data breaches in this tier are the least likely to result in cases of identity theft, scams and fraud that would harm affected consumers. Typically, this means that the breach exposes victims to direct risk from fairly low impact fraud types (e.g. low sophistication spam or phishing messages) and that fraudsters would need to supplement the data exposed in this breach with other types of PII to commit most fraud types.
Moderate Risk (BreachIQ score 4-6): Data breaches in this range create a meaningful risk of identity theft, scams or fraud that could result in some degree of harm to affected consumers. Most breaches in this category contain all the data needed to commit at least one type of fraud (e.g. a breach that exposes card numbers, security codes, expiration dates, etc.), but often expose victims to a narrower range of threats than the highest-risk breaches.
High risk (BreachIQ score 7-10): Data breaches in this tier are likely to lead to identity theft, scams or fraud that significantly harm affected consumers. The highest-risk breaches expose rich identity data types that are used in a wide variety of fraud schemes. For instance, a breach that exposes a victim’s name, social security number, date of birth and other biographical details like income or employment history can be used to open fraudulent new accounts, take over existing financial accounts or file a tax return in the victim’s name.
New breaches added: 53
City of Titusville, Florida
A cyberattack against the city of Titusville, Florida allowed the perpetrator to gain access to an employee email account from Nov. 19, 2020 and Feb. 18, 2021, compromising sensitive personal information contained in emails and attachments that passed through the affected account. Exposed data types vary by individual, but include Social Security numbers, driver’s license numbers, financial account information, credit and debit card information, usernames and passwords and more.
What should you do? Any time a breach exposes data that is this sensitive, victims should take the time to make sure that they have put essential protections in place across all aspects of their identity. This includes locking or freezing your credit report; using strong authentication on your bank accounts, email and other important services and making sure that you have set up alerts for suspicious activity on your accounts.
More Information
Viverant PT, LLC
A cyberattack against Viverant PT allowed the perpetrator to gain access to an employee email account. While it appears that the primary objective of this attack was to send fraudulent emails from the account, it also allowed the perpetrator to access sensitive personal information contained in emails and attachments that passed through the affected account. Exposed data types vary by individual, but include Social Security numbers, driver’s license numbers, credit and debit card information, medical records such as diagnoses and treatments and more.
What should you do? Any time a breach exposes data that is this sensitive, victims should take the time to make sure that they have put essential protections in place across all aspects of their identity. This includes locking or freezing your credit report; using strong authentication on your bank accounts, email and other important services and making sure that you have set up alerts for suspicious activity on your accounts.
More Information
Aronsohn Weiner Salerno & Kaufman, P.C.
A cyberattack against Aronsohn Weiner Salerno & Kaufman, P.C. allowed the perpetrator to gain access to the organization’s Microsoft Office 365 environment, compromising sensitive personal information contained in emails and attachments that passed through affected email accounts. Exposed data types vary by individual, but include Social Security numbers, driver’s license numbers, medical records such as diagnoses and treatments, credit and debit card information, financial account information and more.
What should you do? When credit or debit card data is stolen, you should contact your issuer to determine whether you need a replacement card. Many card issuers also allow you to set up alerts for large or unusual purchases. These alerts can help you quickly identify suspicious activity and notify your bank or credit union of the fraud.
More Information
Morgan Brown & Joy, LLP
A cyberattack against Morgan Brown & Joy, LLP allowed the perpetrator to gain access to two employee email accounts from January 22 and March 2, 2021, compromising sensitive personal information contained in emails and attachments that passed through the affected accounts. Exposed data types vary by individual, but include Social Security numbers, driver’s license numbers, financial account information, credit and debit card information, usernames and passwords and more.
What should you do? Since the information stolen in this breach creates a high risk of fraudulently opened credit (loan accounts), safeguards like locking or freezing your credit are the best place to start. If you expect to need to have your credit account unlocked, enrolling in credit monitoring through the provider offered by the breached organization or through a free service can help keep you informed of potentially suspicious changes to your credit report.
More Information
