• According to the Identity Theft Resource Center’s (ITRC) Q1 2021 Data Breach Report, data compromises are up 12 percent, and the number of individuals impacted 564 percent compared to Q4 2020.  
  • The rise is in large part to 59 late-reported compromises in Q4 2020 and a 42 percent increase in the number of supply chain attacks in Q1 2021 versus Q4 2020.  
  • The Q1 trends continue to point to a rise in cybercrimes focused on stealing company resources using personal information.  
  • To learn about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notified.  
  • For more information, or if someone believes they are the victim of identity theft, consumers can contact the ITRC toll-free at 888.400.5530 or via live-chat on the company website www.idtheftcenter.org.  

Pointing in All Directions  

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for April 9, 2021. Each week, we look at the most recent and interesting events and trends related to data security and privacy. President Harry Truman once said that if you put all the government experts in a straight line, they’d point in all directions. That might be a good title for this week’s episode where we look at the data compromise and cybersecurity trends for the first quarter of the year in the ITRC’s Q1 2021 Data Breach Report. There’s a little something for everyone in these numbers. 

Data Compromises Rise 12 Percent 

According to the ITRC’s Q1 2021 Data Breach Report, the number of publicly-reported U.S. data breaches and exposures are up 12 percent from Q4 2020 to 363 total compromises. That’s a slight reversal of the trend in 2020. However, part of the reason for the increase was 59 compromises that occurred late in Q4 2020 but were recorded in Q1 2021. With that said, the number of breaches would have been down nearly a quarter in the first three months of this year compared to the final three months of last year. 

Number of Individuals Impacted Rise 564 Percent 

The number of individuals impacted, though, is up significantly. Fifty-one (51) million people had their data compromised in Q1 2021 versus eight million in Q4 2020. That’s a 564 percent increase. If people set aside the late notices from 2020, the primary reason for the gap between compromises versus people impacted is a 42 percent rise in the number of supply chain attacks compared to Q4 2020.  

Supply Chain Attacks to Blame for Increasing Numbers 

We’ve talked about this kind of attack before. Supply chain attacks happen when cybercriminals attack a vendor to access the systems or data of the company’s customers. Think Blackbaud in 2020 or Accellion this year. Supply chain attacks at 27 third-party vendors impacted 137 U.S. organizations and seven million individuals this quarter. There were 19 supply chain attacks in Q4 2020. 

Top Root Causes for Q1 2021 Data Compromises  

By the way, phishing and ransomware attacks remained the number one and two root causes of data compromises in Q1, according to the Q1 2021 Data Breach Report. Malware was a distant third, but supply chain attacks were only slightly behind. At the current growth rate, supply chain attacks could pass malware in Q2 2021. 

Blackbaud Continues to Result in New Data Breach Notices 

The double-digit jump in supply chain attacks in Q1 2021 does not include the continual impact of third-party exploits first reported in 2020. The mid-year 2020 attack against IT provider Blackbaud continues to result in new data breach notices: 62 in Q1 2021 that impacted an estimated 146,000 individuals. To date, nearly 13 million people and 555 organizations have been affected by this single event. 

SolarWinds Supply Chain Attack 

Q4 2020 ended with a blockbuster revelation of a supply chain attack against key cybersecurity and software companies – namely SolarWinds – that was the tip of a much bigger iceberg. In Q1 2021, major supply chain attacks against MicrosoftAccellion and other service organizations were announced. The attacks put the personal information of millions of individuals and corporate IPs at risk.  

Cybercriminals Continue to Focus on Credential Theft  

Here’s the bottom line from the Q1 2021 Data Breach Report: The Q1 trends continue to point to a rise in cybercrimes focused on stealing company resources using personal information. The broader trend of cybercriminals preferring to exploit multiple organizations through a single point-of-attack may also be accelerating.  

That may sound like good news for individuals. However, what it means is that businesses and individuals alike need to adapt to the new ways cybercriminals are behaving.  

Contact the ITRC 

If anyone has questions about keeping their personal information private and how to protect it, they can visit www.idtheftcenter.org, where they will find helpful tips on these and many other topics. That’s also where people will find the detailed version of our Q1 2021 Data Breach Report

If someone thinks they have been the victim of an identity crime or a data breach and needs help figuring out what to do next, they should contact us. People can speak with an expert advisor on the phone, chat live on the web or exchange emails during our normal business hours (6 a.m.-5 p.m. PST). Visit www.idtheftcenter.org to get started.   

Be sure to listen next week to our sister podcast, The Fraudian Slip, where we will talk about identity management and how companies are coming together to protect identity information. We’ll be back soon with another episode of the Weekly Breach Breakdown. 

  • IT security provider Accellion suffered an attack on their file-sharing product. It resulted in multiple entities being impacted by the Accellion data breach, including the Office of the Washington State Auditor.  
  • A data breach at Astoria Company, LLC. led to a database with 300 million user’s data being offered for sale by cybercriminals. According to Night Lion Security, the database is believed to have 20 million users’ Social Security numbers (SSNs) and bank account information, and 30 million users ’ sensitive medical data. 
  • The California Department of Motor Vehicles suffered a security incident after third-party, Automatic Funds Transfer Services, Inc., was the victim of a ransomware attack in early February. The attack may have compromised 38 million records of millions of Californians over the last 20 months. 
  • For more information about February data breaches, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC) data breach tracking tool, notified.   
  • If you believe you are a victim of identity theft from a data breach, contact the ITRC toll-free at 888.400.5530 or through live-chat on the company website. 

Notable February Data Breaches in 2021 

Of all the data breaches the Identity Theft Resource Center (ITRC) tracked in February, three stood out: Accellion, Astoria Company, LLC. and the California Department of Motor Vehicles. All three data events are notable for unique reasons. One event happened when a file-sharing product was targeted in a highly sophisticated cyberattack that affected many well-known entities; another event, which occurred after an attack by ShinyHunters, led to a 300 million user database being offered for sale – a database that includes an array of sensitive personally identifiable information (PII); the third event may have compromised as many as 38 million driving records. 

Accellion 

IT security provider, Accellion, was the target of an attack, first disclosed in late December, that targeted Accellion’s 20-year-old file-sharing product, File Transfer Appliance (FTA). According to TechTarget, the attackers utilized a zero-day vulnerability in FTA in what Accellion called a “highly sophisticated cyberattack.” Threat actor motivations were not immediately clear. However, FireEye recently published research that showed the Accellion data breach was the work of threat actors the vendor identified as UNC2546, which have connections to Clop ransomware. 

The Accellion data breach has impacted multiple entities in the U.S. They include Flagstar Bank, Jones Day, Qualys, Kroger, University of Colorado and, most notably, the Office of the Washington State Auditor. The breach may have also impacted Goodwin Law, Southern Illinois University School of Medicine, Trillium Community Health Plan and Harvard Business School.  

Image of Accellion Data Breach impacting multiple entities as tracked in ITRC’s Notified Data Breach dashboard

The information exposed varies by entity. However, a notice from the Office of the Washington State Auditor says the data includes personal information from about 1.6 million unemployment claims made in 2020 to the office, as well as other information from some state agencies and local governments. 

Astoria Company, LLC. 

Marketing company Astoria Company, LLC. fell victim to an attack by the ShinyHunters cybercrime group. According to Night Lion Security, the threat intelligence team became aware of several new large data breaches being sold by ShinyHunters, including a 300 million user database from Astoria.  

The Astoria database is believed to have 40 million users’ Social Security numbers (SSNs), 20 million users’ SSNs and bank account information, and 30 million identities linked to sensitive medical data. Night Lion Security says every lead within the database contained, at a minimum, names, email addresses, dates of birth, mobile phone numbers, physical address and IP addresses. 

California Department of Motor Vehicles 

The California Department of Motor Vehicles (DMV) is investigating a security breach that may have compromised as many as 38 million records of millions of Californians over the last 20 months. According to Patch, a company the California DMV contracts with to verify vehicle registration addresses – Automatic Funds Transfer Services, Inc. – was the victim of a ransomware attack in early February. Automatic Funds Transfer Services, Inc. has access to the names, addresses, license plate numbers and vehicle identification numbers of registrants. However, the DMV says it does not have access to SSNs, birthdates, voter registration information, immigration status or driver’s license information. 

In a recent press release, the DMV said its systems have not been compromised, and it is unknown if DMV data shared with Automatic Funds Transfer Services, Inc. has been compromised. The DMV immediately stopped all data transfers to the company and notified law enforcement, including the Federal Bureau of Investigation (FBI).  

What to Do if These Breaches Impact You 

Anyone who receives a data breach notification letter should follow the advice offered by the company. The ITRC recommends immediately changing your password by switching to a 12+-characterpassphrase, changing the passwords of other accounts with the same password as the breached account, considering using a password manager, and keeping an eye out for phishing attempts claiming to be from the breached company.  

The California DMV asks anyone who spots suspicious activity on their account to report it to law enforcement.  

The Office of the Washington State Auditor has set up a website for the latest information on the Accellion data breach and its impacts on the State Auditor’s Office. 

notified 

For more information about February data breaches, or other data breaches, consumers and businesses should visit the ITRC’s data breach tracking tool, notified, free to consumers. 

Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.    

Contact the ITRC 

If you believe you are the victim of an identity crime or your identity has been compromised in a data breach, you can speak with an ITRC expert advisor at no-cost by phone (888.400.5530) or live-chat. Just go to www.idtheftcer.org to get started. 

  • While there were only a handful of supply chain attacks in 2020, there have already been three high-profile attacks in 2021 with the Accellion data breach, the SITA data breach and the Microsoft Exchange server attack.  
  • The Identity Theft Resource Center (ITRC) began to see a rise in supply chain cyberattacks in the second half of 2020 with the Blackbaud data breach and the SolarWinds cyberattack.  
  • For more information on these incidents and the recent rise in supply chain attacks, listen to the ITRC’s Weekly Breach Breakdown podcast. 
  • To learn about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notified.   
  • For more information, or if someone believes they are the victim of identity theft, consumers can contact the ITRC toll-free at 888.400.5530 or via live-chat on the company website www.idtheftcenter.org

Don’t Shoot the Messenger

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for March 12, 2021. Each week, we look at the most recent and interesting events and trends related to data security and privacy. We’ve focused for the past two episodes on data privacy and how state laws are giving consumers more rights and businesses more obligations to keep personal information safe and secure. This week, we talk about the challenges of doing just that – protecting data – while supply chain attacks are on the rise 

In Shakespeare’s Antony and Cleopatra, a messenger is sent to inform the Egyptian Queen that her lover has married another, prompting a threat to treat his eyes as the Ptolemaic version of tennis balls. In response, the messenger reminds Cleopatra that “I that do bring the news made not the match.” Today, we would say the title to this week’s episode is – “Don’t shoot the messenger.” 

Yet, this is where many businesses find themselves now as they send out data breach notices to customers – even though they did not cause the problem. A vendor did. 

A Look Back at the Blackbaud Data Breach 

People might recall that one of the highest-profile cyberattacks in 2020 involved a company known as Blackbaud. The company, an IT provider to nonprofits, healthcare and education institutions, was breached and the data of more than 500 companies and 12 million individuals were held for ransom. People might also recall that these kinds of attacks where a cybercriminal can get the information of many companies from a single vendor is known as a supply chain attack. 

The ITRC’s 2020 Data Breach Report Studies the Blackbaud Data Breach

Supply Chain Attacks on the Rise  

There were only a handful of supply chain attacks in all of 2020. However, so far in 2021, there have been three high-profile attacks – two in the last two weeks. One of the events involves one of the biggest names in technology: Microsoft. 

This cluster of attacks reinforces a trend the ITRC saw take hold toward the second half of 2020 with the Blackbaud breach. It was followed by the block-buster cyberattack against the IT services company SolarWinds, which impacted cabinet-level agencies in the U.S. government and an undetermined number of private sector companies (believed to be in the thousands). 

Accellion Data Breach 

While the SolarWinds attack appears to be the work of cybercriminals seeking intelligence information for the Russian government (not consumer data to sell), the ransomware group that attacked software provider Accellion wanted information that it could hold hostage or sell outright. It did not want information from Accellion, but from the customers whose information could be stolen from Accellion’s tech platform. 

The criminals went to the time and expense of reverse-engineering the 20-year-old Accellion platform and found new flaws, as well as old ones. They unpatched ones that allowed criminals to extract information from high-profile clients – including law firms, telecommunications companies, universities, grocery store chains and government agencies in the U.S. and other countries. 

SITA Data Breach 

We don’t know how a supply chain cyberattack against tech provider SITA was executed. However, we know that the company processes the frequent flier information of 90 percent of the world’s airlines. The company describes the cyberattack as “highly sophisticated,” and member airlines have started informing their frequent fliers of the breach.  

Microsoft Exchange Server Attack 

The third supply chain cyberattack in this most recent string is also the most dangerous. A cybercriminal group based in China was able to exploit flaws in Microsoft Exchange servers. The kinds that run the ubiquitous Outlook email software inside organizations. The threat actors inserted backdoors into company email systems that could be used to take control of the email system from outside the network where the server resides. 

More than 100,000 organizations worldwide could be impacted by the cyberattack, including at least 30,000 in the U.S. Government officials and Microsoft leaders have all encouraged organizations operating Exchange servers to patch their servers immediately. They have also made a series of tools available to help users determine if the attack has impacted them. 

Fortunately, these issues do not involve the cloud-based Microsoft 365 services used by individuals and small businesses that include Outlook email. 

Contact the ITRC 

If anyone has questions about keeping their personal information private and how to protect it, they can visit www.idtheftcenter.org, where they will find helpful tips on these and many other topics. That includes small businesses, too. 

If someone thinks they have been the victim of an identity crime or a data breach and needs help figuring out what to do next, they should contact us. People can speak with an expert advisor on the phone, chat live on the web, or exchange emails during our normal business hours (6 a.m.-5 p.m. PST). Visit www.idtheftcenter.org to get started. 

Be sure to check out the most recent episode of our sister podcast, The Fraudian Slip. We will be back next week with another episode of the Weekly Breach Breakdown. 


1.6 Million people who filed for unemployment claims in 2020 in Washington state have had their personal information exposed in a data breach. The Washington State data breach was due to data stolen from a third-party company, Accellion.  

What Personal Information Was Exposed in the Washington State Data Breach?

· Names

· Social Security numbers

· Driver’s License or state identification numbers

· Bank information

· Place of Employment

Are You One of the 1.6 Million People Impacted by the Washington State Breach? Here’s What You Should Do.

1. A threat actor could attempt to take over existing accounts or open new ones using your information – now or in the future.

Read next: Info Sheet – Email Account Takeover: What to do When You Have Been Hacked

2. Your unemployment benefits could be stolen. Organized cybercriminals have already used stolen credentials and other identity information to apply for unemployment benefits through state websites, including Washington resulting in legitimate claims being denied or payments re-directed. State officials reported more than $500 million in fraudulent claims in 2020.

3. You could find yourself the victim of identity-related tax fraud. Taxpayers in have received Form 1099 G’s that report how much income a taxpayer received from government benefits like unemployment benefits – even though they did not apply for or receive benefits.

Read next: Info Sheet – What Consumers Need to Know About a Data Breach

Steps to Take Now

· Obtain a free credit report

· Freeze your credit for free.

· If you do not want to freeze your credit, consider a fraud alert on your credit report

· Review your accounts and account statement for any suspicious activity

· For free guidance and assistance from the Washington state data breach, call and speak to an ITRC Victim Advisor at 888.400.5530 or click “Chat now.”

· Stay up to date on the latest news about this breach on the Washington State Auditors page: https://sao.wa.gov/breach2021/

Access our free Help Center with more than 50 Info Sheets and Action Plans.

More About Data Breaches & Resources

While data breaches do not automatically mean your identity will be misused, you are at increased risk of an identity crime. The online publication Threat Post pointed out in a Feb 10, 2021 report that “Users who had personal data exposed in a third-party breach were five-times more likely to be targeted by phishing or malware, which highlights just how damaging these types of data breaches can be, even in the long run.”

As noted in the ITRC’s 2020 Data Breach Report, phishing is the most common form of a cyberattack that results in a data breach today, usually in connection with ransomware. Together these attacks represent 62 percent of attacks in 2020 that resulted in the release of consumer information. 

More about Identity Theft

The use of your Social Security number can result in many different forms of identity crimes. Below is information so you know what to look for and what to do if you become a victim. You can call and speak to an ITRC Advisor at any time for active tips and victim assistance at 888.400.5530 or click “Chat now.”

Data Breach Notifications

Tax Identity Theft

  • Bonobos suffered a data breach when the hacking group, ShinyHunters, downloaded and posted a database on a free hacker forum, compromising close to three million accounts.  
  • ShinyHunters also stole a database from online dating website MeetMindful.com, compromising 1.4 million accounts and exposing 2.28 million user’s information. Data in the database included IP addresses, encrypted account passwords and Facebook information. 
  • A U.S. Cellular data breach occurred after hackers were able to scam employees to gain access to one retail store’s computer, affecting 276 people.  
  • For more information about January data breaches, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC) data breach tracking tool, notified.   
  • If you believe you are a victim of identity theft from a data breach, contact the ITRC toll-free at 888.400.5530 or through live-chat on the company website. 

Notable January Data Breaches in 2021 

Of all the data breaches the Identity Theft Resource Center (ITRC) tracked in January, three stood out: Bonobos, MeetMindful.com and U.S. Cellular. All three data events are notable for unique reasons. One compromised close to three million accounts; another includes a compromised dating website, leading to the attacker leaking millions of user’s data; the third event happened when criminals successfully targeted a handful of retail store employees, leading to malware being added to the company’s point-of-sale system.  

Bonobos Breach

The E-commerce apparel company, Bonobos recently suffered a data compromise after Black-hat hacker group, ShinyHunters, downloaded a cloud backup of a database and then posted the full database to a free hacker forum, compromising 2.8 million accounts. 

According to bleepingcomputer.com, the 70 GB database consisted of addresses and phone numbers for seven million shipping addresses, account information for 1.8 million registered customers and 3.5 million partial credit card records. The article says that one threat actor claims to have already cracked the passwords for 158,000 accounts. The hacker turned the cracked passwords into a ‘combolist’ used in credential stuffing attacks to log in using the stolen credentials at other sites. 

Bonobos is emailing data breach notification letters to people who may have been affected. 

MeetMindful.com 

Online dating company, MeetMindful, had more than 1.4 million user accounts compromised and 2.28 million user details exposed after the same hacker group, ShinyHunters, struck the dating site by leaking a 1.2 GB file on a publicly accessible hacking forum. 

According to ZDNet, some of the most sensitive information in the file includes names, email addresses, locations, IP addresses, encrypted account passwords and Facebook information. Not all of the leaked accounts have full details included in them. However, for many of the MeetMindful users, the provided data can be used to trace their dating profiles back to their real-world identities.  

U.S. Cellular 

Mobile wireless carrier, U.S. Cellular, recently suffered a data breach after hackers gained access to protected systems by installing malware on a computer at a U.S. Cellular retail store. According to Forbes, hackers targeted multiple U.S. Cellular retail store employees who had access to the company’s customer relationship management (CRM) software.

The Office of the Vermont Attorney General reports that hackers may have gained access to a wireless customer account and wireless phone number. Employees were successfully scammed by unauthorized individuals and downloaded software onto a store computer. Since the employees were already logged into the CRM, the downloaded software allowed the unauthorized individual to remotely access the store computer and enter the CRM system under the employee’s credentials.  

The U.S. Cellular data breach affected 276 people and exposed names, addresses, PIN codes and mobile phone numbers, as well as information about wireless services, including service plan, usage and billing statements known as Customer Proprietary Network Information (CPNI). 

What to Do If These Breaches Impact You 

Anyone who receives a data breach notification letter should follow the advice offered by the company. The ITRC recommends immediately changing your password by switching to a 12+-character passphrase, changing the passwords of other accounts with the same password as the breached account, considering using a password manager, and keeping an eye out for phishing attempts claiming to be from the breached company.

If you receive a suspicious email, especially if it asks to click on a link, download a file, or verify your login & password, ignore it. Victims of the U.S. Cellular data breach should contact U.S. Cellular to establish a new PIN, reset their password, and contact U.S. Cellular at 888.944.9400 with any questions or concerns 

notified  

For more information about January data breaches, or other data breaches, consumers and businesses should visit the ITRC’s data breach tracking tool, notified, free to consumers.

Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.   

Contact the ITRC 

If you believe you are the victim of an identity crime or your identity has been compromised in a data breach, you can speak with an ITRC expert advisor at no-cost by phone (888.400.5530) or live-chat. Just go to www.idtheftcer.org to get started.

Also, victims of a data breach can download the free ID Theft Help app to access resources, a case log and much more.  

  • The Identity Theft Resource Center (ITRC) unveiled its 15th annual data breach report, which revealed a 19 percent decrease in breaches and a 66 percent decrease in individuals impacted. 
  • The ITRC 2020 Data Breach Report identifies a trend that cybercriminals are less interested in stealing large amounts of consumers’ personal information. 
  • Threat actors are now more interested in taking advantage of bad consumer behaviors to attack businesses using stolen credentials like logins and passwords.  
  • The report also states an increase in ransomware attacks, supply chain attacks and unsecured databases. 
  • For more information on the latest data breach information, visit the ITRC’s interactive data breach tracking tool, notified. It is updated daily and free to consumers.   
  • Consumers and victims can receive free support and guidance from a knowledgeable live-advisor by calling 888.400.5530 or visiting idtheftcenter.org to live-chat. 

Each January, the Identity Theft Resource Center (ITRC) releases its annual data breach report, breaking down the numbers, trends, attack methods and much more. For the last 15 years, the ITRC has tracked publicly-reported data breaches in an effort to make businesses and consumers aware of the latest information. While parts of the ITRC’s 2020 Data Breach Report reveal encouraging statistics, some worrisome trends also exist. 

The Number of Data Breaches and People Impacted Decrease 

After a 17 percent increase in data breaches in 2019 (1,473), the number decreased by 19 percent in 2020 (1,108). Even better, the number of individuals impacted dropped by 66 percent. In years past, the ITRC saw data breaches on the rise. However, there is a reason for the decline in breaches and consumers impacted.  

A Shift in the Cybercriminals Tactics 

The ITRC 2020 Data Breach Report shows the continuation of one trend from 2019. Cybercriminals are less interested in stealing large amounts of consumers’ personal information. Instead, threat actors are more interested in taking advantage of bad consumer behaviors to attack businesses using stolen credentials like logins and passwords. It is why ransomware and phishing attacks directed at organizations are now the preferred data theft method by cyberthieves.   

The shift comes as no surprise to the ITRC. One ransomware attack can generate as much revenue in minutes as hundreds of individual identity theft attempts over months or years. Coveware reports that the average ransomware payout has grown from less than $10,000 per event in Q3 2018 to more than $233,000 per occurrence in Q4 2020.    

Other Notable Findings 

There were other notable findings in the report: 

  • Supply chain attacks are becoming increasingly popular with attackers since they can access the information of larger organizations or multiple organizations through a single, third-party vendor. Often, the attacked organization is smaller, with fewer security measures than the companies they serve.   
  • Unemployment benefits fraud hit consumers hard in 2020 and could continue well into 2021. Organized cybercriminals used stolen credentials and other identifying information to apply for unemployment benefits through state websites. In fact, Washington and Maryland each reported more than $500 million in fraudulent benefit claims and California more than $11 billion in 2020. The U.S. Department of Labor estimated the total identity-related fraud at more than $26 billion in all 50 states and the District of Columbia during that same timeframe. The unemployment benefits fraud attacks are another example of it being easier and more profitable to commit a cybercrime using stolen, legitimate credentials than hacking into a company’s computer network.  
  • Case studies on Blackbaud and Vertafore break down what happened in each data compromise and how it happened. For more information on these case studies, download the ITRC 2020 Data Breach Report 

Staying One Step Ahead of the Cybercriminals 

While it is encouraging to see the number of data breaches and the number of people impacted by them decline, businesses and consumers should understand that this problem is not going awayCybercriminals are just shifting their tactics to find a new way to attack businesses and consumers. People need to adapt their practices to stay one step ahead of the threat actors.  

What You Can Do 

Ransomware attacks, stolen credentials and unsecured databases affect consumers and businesses in many different ways. Here are what businesses and consumers can do to protect themselves from each threat: 

  • Ransomware attacks  While ransomware attacks do not typically affect consumers, businesses should 1) frequently back up their systems, 2) patch any software flaws as soon as they are noticed, and 3) refuse to pay any ransomware demands.  
  • Stolen credentials – To protect themselves, consumers should 1) not reuse any passwords, 2) switch to a 12-character unique passphrase, 3) use a password manager if needed, 4) use multi-factor authentication when possible, and 5) consider creating online accounts so cybercriminals cannot open one in your name. 
  • Unsecured databases  It is a misconception that cloud service providers are responsible for cybersecurity. To prevent leaving a database unsecured, businesses should 1) properly configure cybersecurity tools for cloud environments and 2) apply the same level of effort to protecting cloud environments as an on-premise system and data assets. 

To download the ITRC 2020 Data Breach Reportclick here. 

To learn more about the latest data breaches, visit the ITRC’s interactive data breach tracking tool, notified. It is updated daily and free to consumers.   

For anyone that has been a victim of a data breach, the ITRC recommends downloading its free ID Theft Help app to manage the various aspects of an individual’s data breach case.  

Consumers and victims can receive free support and guidance from a knowledgeable live-advisor by calling 888.400.5530 or visiting idtheftcenter.org to live-chat.  

In 2020, the number of individuals impacted by a data breach was down 66 percent from 2019; cybercriminals continue to shift away from mass attacks seeking consumer information and towards attacks aimed at businesses using stolen logins and passwords  

SAN DIEGO, January 28, 2021 – Today, the Identity Theft Resource Center® (ITRC), a nationally recognized non-profit organization established to support victims of identity crime, released its 15th annual Data Breach Report. According to the report, the number of U.S. data breaches tracked in 2020 (1,108) decreased 19 percent from the total number of breaches reported in 2019 (1,473). In 2020, 300,562,519 individuals were impacted by a data breach, a 66 percent decrease from 2019.  

The 2020 Data Breach Report shows the continuation of a trend from 2019: cybercriminals are less interested in stealing large amounts of consumers’ personal information. Instead, threat actors are more interested in taking advantage of bad consumer behaviors to attack businesses using stolen credentials like logins and passwords. Due to the shift in tactics, ransomware and phishing attacks directed at organizations are now the preferred data theft method by cyberthieves.  

Ransomware and phishing attacks require less effort, are largely automated, and generate much higher payouts than taking over individuals’ accounts. One ransomware attack can generate as much revenue in minutes as hundreds of individual identity theft attempts over months or years. According to Coveware, the average ransomware payout has grown from less than $10,000 per event in Q3 2018 to more than $233,000 per event in Q4 2020. 

Download the ITRC’s 2020 Data Breach Report 

“While it is encouraging to see the number of data breaches, as well as the number of people impacted by them decline, people should understand that this problem is not going away,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center. “Cybercriminals are simply shifting their tactics to find a new way to attack businesses and consumers. It is vitally important that we adapt our practices, and shift resources, to stay one step ahead of the threat actors. Although resources continue to decline for victims of identity crimes, the ITRC will continue to help impacted individuals by providing guidance on the best ways to navigate the dangers of all types of identity crimes.” 

One notable case study highlighted in the ITRC’s 2020 Data Breach Report is the ransomware attack on Blackbaud, a technology services company used by non-profit, health and education organizations. A professional ransomware group stole information belonging to more than 475 Blackbaud customers before informing the company the information was being held hostage. The stolen information included personal information relating to more than 11 million people that was later reported to have been destroyed by the cybercriminals after Blackbaud paid a ransom.  

Another notable finding was that supply chain attacks are becoming increasingly popular with attackers since they can access the information of larger organizations or multiple organizations through a single, third-party vendor. Often, the organization is smaller, with fewer security measures than the companies they serve.  

To learn more about the latest data breaches, visit the ITRC’s interactive data breach tracking tool, notified. It is updated daily and free to consumers.  

For anyone that has been a victim of a data breach, the ITRC recommends downloading its free ID Theft Help app to manage the various aspects of an individual’s data breach case. 

Consumers and victims can receive free support and guidance from a knowledgeable live-advisor by calling 888.400.5530 or visiting idtheftcenter.org to live-chat. 

About the Identity Theft Resource Center  

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a non-profit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org, toll-free phone number 888.400.5530, and ID Theft Help app. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified.   

Media Contact 

Identity Theft Resource Center 
Alex Achten 
Earned & Owned Media Specialist 
888.400.5530 Ext. 3611 
media@idtheftcenter.org  

  • A T-Mobile repeat data breach event resulted from unauthorized access to 200,000 customer accounts, including call records.
  • It is the fourth time T-Mobile has sent a data breach notification since 2018. The T-Mobile data breach in December was the second one in 2020.
  • An investigation into the SolarWinds data hack has not revealed any evidence suggesting the attackers sought or stole mass amounts of personal information. The target appears to be either intellectual property or the personal information of particular individuals for espionage purposes.
  • For information about recent data breaches, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC) new data breach tracking tool, notifiedTM.
  • Keep an eye out for the ITRC’s 15th Annual Data Breach Report. The 2020 Data Breach Report will be released on January 27, 2021. 
  • For more information, or if someone believes they are the victim of identity theft, consumers can contact the Identity Theft Resource Center toll-free at 888.400.5530 or via live-chat on the company website. 
https://soundcloud.com/idtheftcenter/the-weekly-breach-breakdown-podcast-by-itrc-second-verse-same-as-the-first-season-2-episode-1

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for January 8, 2021. Each week, we look at the most recent and interesting events and trends related to data security and privacy. We started this podcast and a sister monthly program in 2020 in response to the shifts in privacy, security and identity issues: the changes in how criminals collect and use consumer and, increasingly, business information.

One of the trends that the ITRC has identified, and will explore in a report this spring, is the rise in the number of repeat data breaches, even as the overall number of data events is declining. That leads us to the title of this week’s episode – “Second Verse, Same as the First.”

While most of us were prepping for a socially distanced Christmas celebration, one of the largest mobile telephone companies posted a data breach notice on its website. It was not the first time T-Mobile issued a breach notice; it was the fourth time since 2018.

T-Mobile Repeat Data Breach Event

T-Mobile announced that an unauthorized party accessed a small percent of customer accounts, about 200,000 accounts, in early December 2020. The compromised data may have included call records — such as when a call was made, how long the call lasted, the phone numbers called and other information that might be found on a customer’s bill.

T-Mobile says the hackers did not access names, home or email addresses, financial data and account passwords or PINs. An investigation is on-going.

The December data event is the second time an attacker accessed customer information in the same year. Just months into 2020, a breach of the T-Mobile employee email system allowed criminals to see customer data and potentially misuse it. Information about more than one million prepaid customers was exposed in 2019, and cybercriminals compromised nearly two million accounts in 2018.

A Shift in Data Thieves Tactics

Research conducted by the ITRC shows the number of consumers who report being the victim of more than one identity crime has increased 33 percent in the past 18 months. It comes at a time when data thieves are shifting their tactics and targets. Our research shows they are focusing more on business data and less on mass amounts of consumer personal data.

While data breaches are dropping, cyberattacks are rising. The two are not the same. That’s an important distinction as a large and consequential cybersecurity breach occurred in late December 2020 and is likely still underway.

SolarWinds Data Hack Update

We talked about the attack in our last podcast before the holiday break, but the scope of this attack warrants an update.

Here’s what happened: A group of professional cybercriminals affiliated with the Russian government’s intelligence service was able to insert software into a common technology service used by governments and private companies, known as SolarWinds. An estimated 18,000 organizations have been exposed to the malware, including some of the largest agencies in the U.S. government – the Departments of Commerce, Treasury, Justice, State and most of the Fortune 500.

The good news for consumers is at this point, after nearly a month of investigation, there is no indication the attackers sought or stole mass amounts of personal information. As is common with this particular group of threat actors, the target appears to be intellectual property or the personal information of specific individuals for espionage purposes – not profit.

We will release a detailed report on the impact of identity-related crimes in May. We will issue our report on 2020 data breaches and trends on January 27, just a few weeks from now.

Contact the ITRC

If you have questions about how to protect your information from data breaches and data exposures, visit www.idtheftcenter.org, where you will find helpful tips on this and many other topics.

If you think you have already been the victim of an identity crime or a data breach and you need help figuring out what to do next, contact us. You can speak with an expert advisor on the phone (888.400.5530), chat live on the web or exchange emails during regular business hours. Just visit www.idtheftcenter.org to get started.

Next week listen to our sister podcast, The Fraudian Slip, which focuses on identity-related fraud when we talk with the Deputy Chief of the Internal Revenue Service’s Criminal Division about identity crimes and how they might impact your taxes.

  • Last week, FireEye, a cybersecurity provider, revealed their tools to detect and block sophisticated cyberattacks were stolen in a security breach. 
  • This week we learned attackers, believed to be affiliated with Russia’s state security service, infiltrated government agencies and potentially thousands of companies through a software update from IT management company SolarWinds that was issued months ago. 
  • So far, there is no indication that the Nation/State attackers were after consumer information. These groups tend to be more interested in information they can use for intelligence or espionage. 
  • For information about recent data breaches, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC) new data breach tracking tool, notifiedTM
  • Keep an eye out for the ITRC’s 15th Annual Data Breach Report. The 2020 Data Breach Report will be released on January 27, 2021.  
  • For more information, or if someone believes they are the victim of identity theft, consumers can contact the Identity Theft Resource Center toll-free at 888.400.5530 or via live-chat on the company website.  

Subscribe to the Weekly Breach Breakdown Podcast  

Every week the Identity Theft Resource Center (ITRC) looks at some of the top data compromises from the previous week and other relevant privacy and cybersecurity news in our Weekly Breach Breakdown Podcast on SoundCloud. This week, on the last breach breakdown podcast of 2020, we look at the FireEye and SolarWinds hacks, which have shaken the cybersecurity community. 

Also available on Apple Podcasts and Spotify.

Data Breaches Down/Security Breaches Up 

2020 has been a difficult year for many. However, there have been some encouraging trends that the ITRC has talked about in previous breach breakdown podcast episodes. One of the most promising trends includes cybercriminal’s lack of interest in consumer information, resulting in a significant drop in data breaches and the number of people impacted by them.  

Unfortunately, you can’t say the same of a companion crime, security breaches. One cannot have a mass data breach without also experiencing a cybersecurity failure. With that said, it is possible to have a security breach without impacting consumer data. That is what dominates the news as we wrap up 2020 – a massive security breach involving two leading technology companies: FireEye and SolarWinds. 

What You Need to Know About FireEye 

FireEye, a cybersecurity provider, supports large organizations worldwide with tools that detect and defend against cyberattacks. When there are attacks on companies and governments, FireEye often gets the call to figure out what happened and how it happened. 

What You Need to Know About SolarWinds 

SolarWinds, a software company, claims to help more than 33,000 companies, including virtually all Fortune 500 companies and every major agency in the U.S. government. SolarWinds’ software helps organizations with large, complex computer systems manage their networks and devices.  

FireEye and SolarWinds Hacked 

Last week, FireEye revealed their tools to detect and block sophisticated cyberattacks, the kind launched by governments, had been stolen due to a security breach. A few days later, the U.S. Treasury and Commerce Departments announced they were hacked. It was followed by announcements of hacks at the National Institutes of Health as well as the Departments of Homeland Security and State. 

This week, we learned that the security breaches were the result of threat actors believed to be affiliated with Russia’s state security service. The attackers infiltrated these government agencies and FireEye through a software update from SolarWinds that was issued months ago. SolarWinds believes as many as 18,000 customers may be affected by the malware inserted by the attackers into the SolarWinds update.  

What the FireEye and SolarWinds Hacks Mean for Consumers 

It is too early to tell what the FireEye and SolarWinds Hacks mean for consumers. So far, there is no indication that the Nation/State attackers were after consumer information. These groups tend to be interested in information that can be used for intelligence or espionage, not making money by stealing and selling consumer data.  

There is another reason to believe consumer information may be safe from the FireEye and SolarWinds hacks. SolarWinds software does not access or manage consumer data. As ITRC Chief Operating Officer James Lee says in the podcast, think of SolarWinds as a traffic cop. They can tell people what businesses are on the street and how to get there, but they cannot take people there and open the door for them. 

With enough time and motivation, the attackers could have wandered around a SolarWinds customer’s networks to access some consumer information. However, experts don’t believe that happened on a mass scale. The ITRC will post more details if we find consumer information is involved.  

How We Know About the Attacks 

We know about this and other breaches because of laws and regulations that require organizations, even government agencies, to issue breach notices. Many of those rules do not set a specific timeline for when a notice must be given. That is about to change for banks governed by the Federal Deposit Insurance Corporation (FDIC).  

For the past 15 years, the FDIC rules only required that regulators be notified of a data or security breach within a reasonable period of time. This week, the FDIC approved a new regulation that sets the notification period at 36 hours whenever a security issue or system’s failure significantly impacts operations. That is stricter than the 72 hours required by the State of New York, the toughest notification law in the U.S. The FDIC rule only requires regulators to receive a notice. State laws still govern public notices.  

notifiedTM    

For information about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notifiedTM. It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.   

Contact the ITRC   

If you believe you are the victim of an identity crime or data breach and need help figuring out what to do next, contact us. You can speak with an expert advisor at no-cost by calling 888.400.5530 or chat live on the web. Just visit www.idtheftcenter.org to get started.  

Twenty-three episodes from 2020 are in the books. We will be back in January to share more insights into data breaches and identity trends. Join us in 2021 on our weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.   

  • A Canon data breach resulted from a ransomware attack on the company by the Maze ransomware group. Canon is just one of many companies recently hit with a ransomware attack, a trend the Identity Theft Resource Center predicts to continue in 2021.  
  • The mobile video game Animal Jam suffered a data breach affecting 46 million users after threat actors stole a database. However, WildWorks, the game’s owner, has been very transparent throughout the entire process, setting an example of how businesses should approach data breaches. 
  • Insurance tech company Vertafore discovered files containing driver-related information for 28 million Texas residents were posted to an unsecured online storage service.  
  • For more information about recent data breaches, consumers and businesses should visit the ITRC’s data breach tracking tool, notifiedTM.  
  • Keep an eye out for the ITRC’s 15th Annual Data Breach Report. The 2020 Data Breach Report will be released on January 27, 2021. 
  • If you believe you are a victim of identity theft from a data breach, contact the ITRC toll-free at 888.400.5530 or through live-chat on the company website.  

Notable Data Compromises for November 2020 

Of all the data breaches the Identity Theft Resource Center (ITRC) tracked in November, three stood out: Canon, WildWorks – Animal Jam, and Vertafore. All three data events are notable for different reasons. One highlights a trend and prediction made by the ITRC; another shows transparency by the company throughout the process; the third leaves 28 million individuals’ driver-related information exposed. 

Canon 

Camera manufacturer Canon recently suffered a data breach that was caused by a ransomware attack, but the company only acknowledged the attack was the result of ransomware in November. According to techradar.com and Bleeping Computer, the Canon IT department notified their staff in August that the company was suffering “widespread system issues affecting multiple applications, Teams, email and other systems.” On November 25, the company acknowledged the Canon data breach was due to a ransomware attack by the Maze ransomware group.  

It is unknown how many people are affected by the Canon data breach. However, files that contained information about current and former employees from 2005 to 2020, their beneficiaries, and dependents were exposed. Information in those files included Social Security numbers, driver’s license numbers or government-issued identification numbers, financial account numbers provided to Canon for direct deposit, electronic signatures and birth dates. 

Canon is just one of many companies that have been hit with a ransomware attack. As the ITRC mentioned in its 2021 predictions, cybercriminals are making more money defrauding businesses with ransomware attacks and phishing schemes that rely on poor consumer behaviors than traditional data breaches that rely on stealing personal information. As a result of the ransomware rise, data breaches are on pace to be down by 30 percent in 2020 and the number of individuals impacted down more than 60 percent year-over-year.  

WildWorks – Animal Jam 

Animal Jam, an educational game launched by WildWorks in 2010, suffered a data breach after threat actors stole a database. According to the WildWorks CEO, cybercriminals gained access to 46 million player records after compromising a company server. The information exposed in the Animal Jam data breach includes seven million email addresses, 32 million usernames, encrypted passwords, approximately 15 million birth dates, billing addresses and more. 

WildWorks has been very transparent throughout the entire process. The company provided a detailed breakdown of the information taken in the Animal Jam data breach, how the data event happened, where the information was circulated, whether people’s accounts are safe and the next steps to take. The ITRC believes WildWorks has set an example of how other businesses should share information with impacted consumers after a data breach.  

Anyone affected by the Animal Jam data breach should change their email and password for their account (consumers should switch to a 12-character passphrase because it is easier to remember and harder to guess). Users should also change the email and password of other accounts that share the same email and password. If any users think their account was used illegally, they are encouraged to contact the Animal Jam security team by emailing support@animaljam.com  

Vertafore 

Vertafore, a Denver based insurance tech company, recently discovered three files containing driver-related information were posted to an unsecured online storage service. The files included data from before February 2019 on nearly 28 million Texas drivers. Vertafore says the files have since been secured, but they believe the files were accessed without authorization. To learn more about this data breach, read the ITRC’s latest blog, and listen to our podcast on the event. 

Unfortunately, companies continue to leave databases unsecured, which is tied with ransomware as the most common cause of data compromises, according to IBM. Consumers impacted by the Vertafore data event need to follow the advice given by Vertafore and the Texas Department of Public Safety

notifiedTM  

For more information about recent data breaches, consumers and businesses should visit the ITRC’s data breach tracking tool, notifiedTM, free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.  

Contact the ITRC 

If you believe you are the victim of an identity crime or your identity has been compromised in a data breach, you can speak with an ITRC expert advisor at no-cost by phone (888.400.5530) or live-chat. Just go to www.idtheftcer.org to get started. Also, victims of a data breach can download the free ID Theft Help app to access resources, a case log and much more.