Sontiq BreachIQ Data Breach Report: Week of September 27

0

Each week, Sontiq uses its BreachIQ capability to identify recent notable data breaches reported. These violations are highlighted due to the increased risks to the security of the identity of victims. BreachIQ uses a proprietary algorithm to analyze over 1,300 data breach factors and create a risk score on a scale of 1 to 10. The higher the score, the more serious the breach and the level of risk.

One of the main challenges we have encountered in motivating consumers to take action in the event of a data breach is the lack of context as to the severity of the risk created by the data breach. Unfortunately, coverage for data breaches often falls into one of two camps: either the breach is seen as a devastating blow to consumer identity security and privacy, or the incident is described as an incident. commonplace that will probably not have serious consequences. In reality, of course, most breaches are somewhere in the middle; they create significant risks for the identity of victims which can be mitigated by specific actions on the part of the persons concerned. Within BreachIQ, we tend to think of the risks created by breaches in the context of the seriousness of the identity crimes enabled by the data exposed in the breach:

Low risk (BreachIQ score 1-3): Data breaches at this level are the least likely to result in identity theft, scams, and fraud that could harm affected consumers. Typically, this means that the breach exposes victims to direct risk from relatively low impact types of fraud (for example, unsophisticated spam or phishing messages) and that fraudsters should supplement the exposed data. in this violation with other types of PII to commit most types of fraud. .

Moderate risk (BreachIQ score 4-6): Data breaches in this range create a significant risk of identity theft, scams or fraud which could result in some degree of harm to affected consumers. Most breaches in this category contain all of the data necessary to commit at least one type of fraud (e.g., a breach that exposes card numbers, security codes, expiration dates, etc.), but expose often the victims have a narrower range of threats than the highest. – risk of infringements.

High risk (BreachIQ score 7-10): Data breaches at this level are likely to lead to identity theft, scams or fraud that significantly harm affected consumers. The riskiest breaches expose rich identity data types that are used in a wide variety of fraud schemes. For example, a breach that exposes a victim’s name, social security number, date of birth, and other biographical details such as income or employment history can be used to open new fraudulent accounts, take over accounts. existing financial accounts or file an income tax return on behalf of the victim. .

New breaches added: 39

Horizon House, Inc.

BreachIQ Score: 7

A cyber attack on Horizon House allowed the perpetrator to access files containing sensitive personal information between March 2 and March 5, 2021. The types of data exposed include social security numbers, driver’s license numbers , financial account information, health insurance information, medical records such as diagnoses and treatment information and more.

What should you do Since the information stolen during this breach creates a high risk of fraudulent opening of credit (loan accounts), protective measures such as foreclosing or freezing your credit are the best place to start. If you anticipate needing to unlock your credit account, signing up for credit monitoring through the provider offered by the breached organization or through a free service can help you stay informed about potentially suspicious changes to your credit report.

More information

Simon Eye management

BreachIQ Score: 5

A cyberattack on Simon Eye Management allowed the attacker to gain access to a number of employee email accounts. In this case, it appears that the main objective of the attack was to fraudulently transfer funds from company accounts and manipulate invoices to trick the company into sending funds to the perpetrator. However, the attack also allowed the attacker to access sensitive personal information contained in messages and attachments that passed through the affected email accounts from May 12 to 18, 2021. The types of data exposed vary. depending on the victim, but include medical records such as treatment. and diagnostics, insurance policy details and claims information. For a smaller number of victims, social security numbers and financial account information were also compromised.

What should you do Since the information stolen during this breach creates a high risk of fraudulent opening of credit (loan accounts), protective measures such as foreclosing or freezing your credit are the best place to start. If you anticipate needing to unlock your credit account, signing up for credit monitoring through the provider offered by the breached organization or through a free service can help you stay informed about potentially suspicious changes to your credit report.

More information

Palos Community Consolidated School District 118

BreachIQ Score: 4

A ransomware attack on Palos Community Consolidated School District compromised records containing sensitive personal information for school district staff and students. In ransomware attacks, the objective of the attack is usually to extort the infected organization to pay to regain access to its files. Many strains of ransomware also take the encrypted files and send them to the group that manages the malware. Since the school district refused to pay the ransom, the author released compromised files, including scanned tax forms, spreadsheets with employee contact information, and student records. The types of data exposed vary among individuals, but include social security numbers, phone numbers, addresses, and more.

What should you do Since the information stolen during this breach creates a high risk of fraudulent opening of credit (loan accounts), protective measures such as foreclosing or freezing your credit are the best place to start. If you anticipate needing to unlock your credit account, signing up for credit monitoring through the provider offered by the breached organization or through a free service can help you stay informed about potentially suspicious changes to your credit report.

More information

Republic Services (formerly Flowers Sanitation)

BreachIQ Score: 4

A cyberattack on the Flowers Sanitation website (now acquired by Republic Services) allowed the offender to deploy malicious code designed to capture customer information as it was entered on the site during the payment between February 2019 and July 7, 2021. Data types exposed include credit and debit. card information, email address and password. Fortunately, this type of attack only captures the data as entered on the website, so purchases made with the card information saved should not be affected.

What should you do When credit or debit card data is stolen, you should contact your issuer to determine if you need a replacement card. Many card issuers also allow you to set up alerts for large or unusual purchases. These alerts can help you quickly identify suspicious activity and notify your bank or credit union of the fraud.

More information


Source link

Share.

About Author

Comments are closed.