Managing Director of Fintech Research at Cornerstone Advisors
“A new company called Breach Clarity may have a better approach. The company analyzes every publicly reported U.S. data breach based on more than 1,000 factors, then computes a score for each breach and provides consumers with recommendations on what they should do. Breach Clarity’s approach goes beyond just providing information and advice. By analyzing the types of data that were breached, the firm can predict what types of financial crimes could be committed in the future.”
A ransomware attack against the systems of 1919 Investment Counsel (1919ic) compromised files containing sensitive personal information on current and former employees. It does not appear that any client or customer data was exposed in this breach. In ransomware attacks, the goal of the attack is typically to extort the infected organization into paying to regain access to their files, although some ransomware strains also take the encrypted files and send them to the group managing the malware. The data compromised from 1919ic includes Social Security numbers, financial account information, driver’s license or other ID images, and more.
What should you do? This breach carries a high risk of account takeover – unauthorized access to victims’ bank accounts. Setting up strong authentication, such as use of temporary passcodes at login, can protect your financial accounts. Victims should also review the alerts offered by their bank or credit union to ensure that they are notified of suspicious login attempts or transfers out of their bank accounts.
An attack on Luxottica’s website exposed information shared by patients while making appointments at the eye care service provider. For most victims, this exposed data including contact information and medical information such as prescriptions, health conditions, or procedures. However, for a smaller number of victims, this also included Social Security numbers or credit and debit card information.
What should you do? The medical information exposed can provide valuable background information on victims that is particularly useful for scammers. Victims of this breach should be on high alert for individuals contacting them claiming to be from their bank, insurance, healthcare provider, or other trusted organizations. If you receive a suspicious call or email, you should end the call and contact the organization directly.
If you have been notified that your Social Security number or card information has been exposed in the breach, you should contact your issuer to determine whether you need a replacement card. Many card issuers also allow you to set up alerts for large or unusual purchases. These alerts can help you quickly identify suspicious activity and notify your bank or credit union of the fraud.
An attack on the website of Christy Sports allowed cybercriminals to steal information entered into the checkout section of the organization’s online store. The breach exposed data entered while making online purchases including credit and debit card numbers, email addresses, home addresses, and more.
What should you do? When credit or debit card data is stolen, you should contact your issuer to determine whether you need a replacement card. Many card issuers also allow you to set up alerts for large or unusual purchases. These alerts can help you quickly identify suspicious activity and notify your bank or credit union of the fraud.
Unauthorized access to an employee’s email account at Mercy Iowa City exposed sensitive personal information. While it appears that the primary objective of the attack was to use the email account to send spam and phishing messages, it also allowed the cybercriminal to access any personal information included in emails and attachments sent to that email account. Data types exposed include Social Security numbers, driver’s license numbers, medical records, health insurance information, and more.
What should you do? Since the information stolen in this breach creates a high risk of fraudulently opened credit (loan accounts), safeguards like locking or freezing your credit are the best place to start. If you expect to need to have your credit account unlocked, enrolling in credit monitoring through the provider offered by the breached organization or through a free service can help keep you informed of potentially suspicious changes to your credit report.