Every week brings with it a series of data breaches, where business or consumer data is exposed. Looking at those highlighted by intelligent identity security firm Sontiq, Digital Journal highlights some areas that will be of interest to readers.
Sontiq deploys the BreachIQ, which is a proprietary data breach risk assessment that uses an AI-driven algorithm to analyze more 1,300 factors associated with a publicly-reported data breach. This enables different data breaches to be rated in terms of their severity and compared.
Hoya Optical Labs of America, Inc.
This incident has been afforded the highest severity level and it involved a ransomware attack against Hoya Optical Labs of America. This led to compromised files containing sensitive personal information Hoya reports in their breach notification letter that the group behind the attack has published data they claim to have compromised in this incident.
Exposed data types varies by victim and includes Social Security numbers, financial account information, credit and debit card information, driver’s license numbers, and more.
This impacted have been advised to freeze their credit reports.
Farmingdale Meat Market
A ransomware attack against Farmingdale Meat Market compromised computers and servers containing sensitive personal information. The preliminary analysis of the breach indicates that a fairly small amount of data (around 30mb) was actually removed from the affected systems, suggesting that this attack was more focused on the ransom demand than on stealing and reselling data.
However, this does not conclusively show that data was not stolen and will not appear on criminal marketplaces.
American Councils for International Education
A database configuration error at American Councils for International Education (American Councils) enabled a number of the program’s finalists to access data on applicants, finalists, and other participants in American Councils’ programs.
Exposed data types include Social Security numbers, financial account information, insurance information, and more.
Thompson Flanagan Benefits Group, LLC
A phishing attack against an employee of Thompson Flanagan Benefits Group allowed the perpetrator of the attack to gain access to the employee’s email address as well as any personal information contained in messages and attachments that passed through the account.