The Weekly Breach Breakdown: Ready, Get Set, Party! – Identity Theft Resource Center Sees Increase in Fourth-Party Data Breaches

• The Identity Theft Resource Center (ITRC) tracked 191 data compromises in April, impacting 5 million people. The compromises of TMX Finance Corporate Services, the American Bar Association and Guardian Analytics affected 6.5 million of the 7.5 million victims. All three breach notices lacked attack vector details.
• From January 1, 2023, to April 30, 2023, the ITRC tracked 55 third-party breaches and four fourth-party data breaches. The ITRC saw notifications attributed to three fourth-party data breaches just in April alone.
• Third and fourth-party data breaches are also impacting more than just medical providers and companies. A data breach at cybersecurity firm Fortra impacted medical provider Brightline. It affected companies that do business with Brightline – both medical and non-medical companies.
• To learn about data compromises, consumers and businesses should visit the ITRC’s improved data breach tracking tool, notified.
• The ITRC has launched a beta test of a new service for businesses that want to ensure they receive a notice when a data breach is entered into the ITRC’s data compromise database. For more information, fill out our interest form here and click “notified business alerts”.
• If you believe you are the victim of an identity crime, contact the ITRC. Call toll-free at 888.400.5530 or live-chat on the company website idtheftcenter.org.

Ready, Get Set, Party!

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for May 12, 2023. Thanks to Sentilink for their support of the podcast and the ITRC. Each week, we look at the most recent events and trends related to data security and privacy. This week, we focus on some of the top data breaches in April, as well as some trends we identified in the month, such as fourth-party data breaches – yes, fourth-party – and the far-reaching impacts of medical data compromises.

Everyone loves a good party. Many of us have probably posted pictures online from some of those parties. There is nothing like trying to find the right caption for that picture to make sure all your friends see the fun you had. Right now, in the data breach world, we know our caption, which is the title of this podcast (and ironically will be the caption of this podcast when we post it online) – Ready, Get Set, Party!

Notable Breaches in April

Before we get into the third and fourth-party data breach information, let’s recap what happened in April. The ITRC tracked 191 data compromises impacting 7.5 million people. TMX Finance Corporate Services, the American Bar Association, and Guardian Analytics were the top three breaches of the month in regards to the number of victims impacted, affecting a combined nearly 6.5 million of the 7.5 million victim total.

Notable Breaches Lack Attack Vector Details

All three data breaches were due to a cyberattack but did not provide additional attack vector details. Sound familiar? Last week, we, once again, discussed this problem that continues to get worse. In April, 46 percent of the compromises did not provide specific details on the attack vector method. So far, in 2023 through April 30, 42 percent of compromises have not provided specific details on the attack vector method.

The lack of information puts consumers and businesses at higher risk of becoming the victim of an identity crime. We will continue to speak about this trend to encourage positive change.

The Rise in Fourth-Party Data Breaches

On to third and fourth-party data breaches. Through April 30, the ITRC has tracked 55 third-party breaches and four fourth-party data breaches. A third-party breach is when the vendor of a company suffers a data compromise. A fourth-party data breach is when the vendors of a vendor are impacted by a breach. The ITRC has seen notifications attributed to three fourth-party data breaches just in April alone.

Forth-Party Medical Breaches Impact More Than Just Medical Companies

We have also begun to see third and fourth-party medical data breaches impact more than just medical providers and companies. Take the Fortra, a cybersecurity firm, data breach, for example. Their breach impacted medical provider Brightline, which affected companies that do business with Brightline – both medical and non-medical companies.

These are trends that we will continue to follow.

ITRC Breach Alert for Business Coming Soon

The ITRC continues a beta test of a new service for businesses, Breach Alert for Business, that want to ensure they receive a notification when a data breach at a vendor or partner is entered into the ITRC’s data compromise database. For more information, fill out our interest form here and click “notified business alerts”.

Contact the ITRC

If you want to know more about how to protect your business or personal information, or if you think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone, chat live on the web, or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

ITRC to Release 2022 Trends in Identity Report

Thanks again to Sentilink for their support of the ITRC and this podcast. Next week, we will release our second-ever report that looks at the trends in identity based on information from the victims that contact the ITRC – the 2022 Trends in Identity Report. Next Friday, we will have an episode of our sister podcast, the Fraudian Slip, breaking down all of the findings from the report and what they mean. We will return in two weeks for another episode of the Weekly Breach Breakdown.