ITRC-Notified-Mint-Mobile-Data-Breach-2021
  • data breach of telecommunications company Mint Mobile occurred after some phone numbers were ported and data was accessed. The Mint Mobile data breach is one of the latest data events to affect a telecommunications company, highlighting the risk of mobile breaches. 
  • Insurance company BackNine suffered a data compromise due to a misconfigured database, impacting 711,000 files with information including Social Security numbers (SSNs) and medical diagnoses. The data event stresses the importance of being careful when using cloud databases. 
  • CNA Financial Corporation fell victim to a ransomware attack, leading to a data breach that impacted 75,349 people. Attacks like this, which involved SSNs, on businesses continue to rise. 
  • For more information about July data breaches, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC) data breach tracking tool, notified.    
  • If you believe you are a victim of identity theft from a data breach, contact the ITRC toll-free at 888.400.5530 or through live-chat on the company website www.idtheftcenter.org.   

Notable July Data Breaches 

Of the 163 data events the Identity Theft Resource Center (ITRC) tracked in July, three stand out: Mint Mobile, BackNine and CNA Financial Corporation. All three data events are notable for unique reasons. One highlights the risk of mobile breaches. Another is an example of the need to be careful with cloud databases. The third is a ransomware attack that involves Social Security numbers (SSNs).  

Try our Latest Breaches feature at notified.idtheftcenter.org

Mint Mobile 

A Mint Mobile data breach occurred after phone numbers were ported by cybercriminals and data was accessed. Sometime between June 8-10, a threat actor ported the phone numbers for a handful of Mint Mobile subscribers to another carrier without authorization. According to Bleeping Computer, Mint Mobile disclosed that an unauthorized person also potentially accessed subscribers’ personal information, including call histories, names, addresses, emails and passwords.  

Try our Custom Breach Search feature at notified.idtheftcenter.org

Bleeping Computer reports that Mint Mobile has not said how the threat actor gained access to subscribers’ information. However, based on the accessed data, hackers likely hacked user accounts or compromised a Mint Mobile application used to manage customers.  

The Mint Mobile data breach is the latest to shine a light on the risk of mobile data breaches and the need for better security for customer-facing support systems. In January, the ITRC highlighted a similar breach of U.S. Cellular where hackers gained access to protected systems by installing malware on a computer at a U.S. Cellular retail store.  

BackNine 

A data breach of BackNine, an insurance technology startup, led to 711,000 files being impacted. According to TechCrunch, a security lapse exposed insurance applications at BackNine after one of its cloud servers was left unprotected on the internet. The storage server was misconfigured, and anyone with internet access could view the files.  

Personal information exposed includes names, addresses, phone numbers, SSNs, medical diagnoses, medications taken and detailed completed questionnaires about an applicant’s health, past and present. Other files included lab and test results, such as bloodwork and electrocardiograms. Some files also contained driver’s license numbers. The exposed documents date as far back as 2015 to as recent as July 2021.  

The BackNine data event is a prime example of why companies need to be careful when using cloud databases. If a cloud database is not configured correctly, anyone can access it and may commit an array of identity crimes. It is also important organizations do what they can to protect sensitive data to maintain people’s trust.  

CNA Financial Corporation 

Insurance company CNA Financial Corporation suffered a data breach linked to a ransomware attack. According to CNA’s breach notice, an investigation revealed that the threat actor accessed certain CNA systems at various times from March 5, 2021, to March 21, 2021, and copied a limited amount of information before deploying the ransomware.  

The breach notice states that the data event impacted 75,349 people, and information in the stolen files includes names, SSNs and, in some instances, information related to health benefits for certain people. CNA says, right now, there is no reason to believe the data was stolen or misused. However, they are offering free credit monitoring and fraud protection services through Experian. CNA is just one of many ransomware attacks on businesses being seen by the ITRC. 

What to Do if These Breaches Impact You 

Anyone who receives a data breach notification letter should follow the advice offered by the impacted company. The ITRC suggests you immediately change your password and switch to a 12+-character passphrase, change the passwords of other accounts with the same password as the breached account, consider using a password manager and to keep an eye out for phishing attempts that claim to be from the breached organization.   

Mint Mobile warns users affected by the Mint Mobile data breach to protect other accounts that use their phone numbers for validation purposes and reset account passwords since threat actors could have used the ported numbers for additional attacks. 

CNA Financial Corporation asks impacted individuals to review their “Information About Identity Theft Protection” document, which includes information on placing a fraud alert or credit freeze on a credit file.  

notified 

For more information about July data breaches, or other data compromises, consumers and businesses should visit the ITRC’s data breach tracking tool, notified, free to consumers.   

Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.      

Contact the ITRC 

If you believe you are the victim of an identity crime or your identity has been compromised in a data event, you can speak with an ITRC expert advisor at no cost by phone (888.400.5530) or live-chat. Just go to www.idtheftcer.org to get started.