• Scripps Health cyberattack led to a pause in the healthcare provider’s medical services for weeks and the exposure of personal and financial information for more than 147,000 people.  
  • A Herff Jones data compromise was discovered after multiple students reported fraudulent transactions with their payment cards. 
  • A data exposure of an unsecured database divulged an elaborate Amazon review scam. The database had direct messages between Amazon vendors and customers willing to provide fake Amazon reviews in exchange for free products. 
  • For more information about May data breaches, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC) data breach tracking tool, notified.   
  • If you believe you are a victim of identity theft from a data breach, contact the ITRC toll-free at 888.400.5530 or through live-chat on the company website www.idtheftcenter.org.  

Notable May Data Breaches 

Of all the data compromises the Identity Theft Resource Center (ITRC) tracked in May, three stand out: Scripps Health, Herff Jones, and an unsecured database with fake Amazon reviews. All three data events are notable for unique reasons. In one, a ransomware attack led to the exposure of sensitive information and a healthcare system having to shut down its systems, impacting thousands of patients. Another event was discovered after graduating students from several universities in the U.S. noticed fraudulent transactions on their payment cards. The third compromise revealed an Amazon review scam after messages were found between Amazon vendors and customers willing to provide fake Amazon reviews for free products. 

Scripps Health 

On May 1, Scripps Health, a San Diego-based healthcare system, suffered a ransomware attack that shut down many of its systems for nearly a month. According to HealthITSecurity, attackers gained access to the network, deployed malware, and exfiltrated copies of data on April 21. It was recently revealed that more than 147,000 patients, staff and physicians may have had their personal and financial information compromised as part of the Scripps Health cyberattack. However, electronic medical record applications were not accessed during the attack. Instead, the data was stolen from other documents stored on the network. 

The information exposed in the Scripps Health cyberattack includes names, addresses, dates of birth, health insurance information, medical record numbers, patient account numbers, and clinical information such as physician name, dates of service and treatment information. According to a notice from Scripps Health, for less than 2.5 percent of patients, Social Security numbers and driver’s license numbers were also affected.  

The Scripps Health ransomware attack is just the latest in a long list. Ransomware attacks are considered one of the top cybersecurity threats in 2021. Cybersecurity firm Proofpoint found that ransomware attacks are now viewed as the top cybersecurity threat by nearly half, 46 percent, of Chief Information Security Officers in a survey from earlier in the year. 

Herff Jones 

Bleeping Computer reports that students from several universities in the U.S. recently made claims about fraudulent transactions after using payment cards at cap, gown and class ring maker Herff Jones. Most students reported losses between $80 and $1,200, while one student reported a friend was charged $4,000 for a PS5 gaming system.  

Herff Jones, unaware of the compromise until students complained on social media about the fraudulent charges, immediately began an investigation. While the investigation is still ongoing, the company says they identified the theft of certain customers’ payment information. It is still unknown the impact of the Herff Jones data compromise, including the number of records exposed and what records may have been compromised aside from payment card information. In a statement, Herff Jones said that they have taken steps to mitigate the potential impact and notified law enforcement.  

Unsecured Database with Fake Amazon Reviews 

A data exposure of an Elasticsearch database divulged an elaborate Amazon review scam. According to Safety Detectives, the database, which contained over 13 million records and anywhere from 200,000 to 250,000 affected users, had direct messages between Amazon vendors and customers willing to provide fake Amazon reviews in exchange for free products. 

The Safety Detectives research team says the server was left open without any password protection or encryption. The personal data of people providing fake Amazon reviews, as well as Amazon vendors, could be found in leaked messages on the database. The information exposed includes full names, emails, usernames, PayPal addresses, links to Amazon profiles and more. The data exposure reminds us that no one is immune from being impacted by a data compromise, whether it is a cybercriminal or a regular consumer. For more information on this data compromise, read the ITRC’s blog on the incident. 

What to Do if These Breaches Impact You 

Anyone who receives a data breach notification letter should follow the advice offered by the company. The ITRC recommends immediately changing your password by switching to a 12+-character passphrase, changing the passwords of other accounts with the same password as the breached account, considering using a password manager and keeping an eye out for phishing attempts claiming to be from the breached company.   

In an interview with NBC 7 San Diego on the Scripps Health cyberattack, ITRC CEO Eva Velasquez advises anyone impacted to freeze their credit and report the incident to their creditors and bank.  

Regarding the Herff Jones data compromise, the company encourages people with questions to reach out to their customer service team at 855.535.1795 between 9 a.m. and 9 p.m. EST Monday through Friday until they identify and notify impacted customers.  


For more information about May data breaches, or other data breaches, consumers and businesses should visit the ITRC’s data breach tracking tool, notified, free to consumers.  

Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.     

Contact the ITRC 

If you believe you are the victim of an identity crime or your identity has been compromised in a data breach, you can speak with an ITRC expert advisor at no cost by phone (888.400.5530) or live-chat. Just go to www.idtheftcer.org to get started.