Posts

Everything’s Bigger in Texas

Welcome to the Identity Theft Resource Center’s (ITRC’s) Weekly Breach Breakdown for September 10, 2021. Our podcast is possible thanks to support from Experian. Each week we look at the most recent events and trends related to data security and privacy. For the past two weeks, we’ve concentrated on what happens when you receive a notice that your personal information has been compromised. This week, we’re going to talk about a data breach involving personal information for children and the unique risks created when children’s personal information is exposed.

When you grow up in the southern U.S, you learn very quickly that the saying “Everything’s bigger in Texas” is absolutely true. The Lone Star state is twice the size of Germany. Texans eat 54,000 tons of catfish each year. That’s six times the weight of the Eiffel Tower. There are high school football stadiums in Texas that seat more than 19,000 people, enough to fit the entire population of three average-size U.S. cities.

Dallas I.S.D. Data Breach

This week, the Dallas, Texas Independent School District (Dallas I.S.D.) has earned a different distinction: the target of a significant data breach.

More than 145,000 students attend 230 schools across the district that employs 22,000 people. That doesn’t include independent contractors and vendors who also serve the Dallas schools.

School officials announced late Friday before Labor Day that an “unauthorized third-party” had accessed, downloaded and stored personal information on a cloud data storage site. The stolen data included information on current and former students and their parents as well as current and former employees and contractors dating back to 2010.

The compromised information includes full names, addresses, Social Security numbers (SSNs), phone numbers, dates of birth, and employment and salary information for current and former employees and contractors. The breached data also includes full names, SSNs, dates of birth, parent and guardian information, and grades for current and former students. According to the school district, some students’ custody status and medical conditions may have also been exposed.

What Happened

As is typical in the early days of data breaches, there are many unknowns and a lot of reluctance to share information about what happened. Dallas I.S.D. has hired forensic investigators to determine how the cybercriminals gained access to the student, parent and employee information. However, little is known about how cybercriminals got their hands on the employees, contractors and student’s personal information.

School officials are not calling this a ransomware attack. However, they acknowledge that they have communicated with the data thieves who claim the information has not been sold or shared, but has been removed from the cloud database. Ransomware attacks against schools have dramatically increased as students return for the new school year and identity criminals look for children’s personal information. One cybersecurity firm reports seeing more than 1,700 attacks against schools around the world each week in July.

The Impacts of a Children’s Personal Information Being Stolen

Dallas I.S.D. is offering credit monitoring and identity theft recovery services for one year. The ITRC always recommends data breach victims take advantage of those offers. However, the release of student information is especially troubling as criminals who take control of a young person’s identity can cause significant harm over time.

Imagine a high school student applying for college and being denied financial aid or admission because someone had used their SSN to report income or obtain credit. An identity thief can abuse the personal information for children for years before the parents or child learn of the crime.

Freeze Your Child’s Credit

It’s important for parents to not only freeze their own credit, but to freeze their children’s credit, too. That won’t prevent your child’s information from being exposed in a data breach. However, it will keep a cybercriminal from using the children’s personal information to ruin their credit and perhaps their education and work opportunities when they grow up.

Contact the ITRC

If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an ITRC expert advisor on the phone (888.400.5530), chat live on the web or exchange emails during our normal business hours (6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Experian for supporting the ITRC and this podcast. Listen next week as we talk about credit freezes with the founder of Frozen Pii on our sister podcast, The Fraudian Slip. We will be back in two weeks with another episode of the Weekly Breach Breakdown.

  • Mobile telecom providers U.S. Cellular, Mint Mobile and T-Mobile have all been breached in 2021. In fact, T-Mobile has been breached twice in 2021, and once in December 2020.
  • If your mobile phone account is breached, you should freeze your credit, change your passwords and PIN numbers, and use multi-factor authentication (MFA or 2FA) using an app, not text messages, to protect yourself when available.
  • You should also follow the steps in any data breach notification letter you receive or read in a public notice.
  • Keep an eye out for phishing emails, closely monitor your financial accounts and contact your Department of Motor Vehicles (DMV) if your license number is exposed in the breach.
  • If you believe your phone account is breached, or want to learn more, contact the Identity Theft Resource Center. Call toll-free (888.400.5530) or live-chat on the company website www.idtheftcenter.org.

The Rise in Mobile Data Breaches

The Identity Theft Resource Center (ITRC) has seen mobile data breaches rise, particularly in 2021. Customers of mobile phone companies that have not reported a breach also want to know what to do if their phone account information is exposed.

In January, U.S. Cellular suffered a data breach after hackers were able to scam employees to gain access to one retail store’s computer. In July, some Mint Mobile customers had phone numbers ported, leading to data being accessed. One month later, T-Mobile was breached when bad actors compromised their systems, impacting millions of documents. In fact, it is the second T-Mobile data breach in 2021 and the third since December 2020. Right now, Bleeping Computer reports that well-known threat actor ShinyHunters claims to be selling a database containing the personal information of 70 million AT&T customers. However, AT&T says they did not suffer a data breach.

Telecommunications companies continue to be targeted by identity criminals due to the importance of mobile devices in our daily lives. The rise in mobile data breaches means everyone needs to be prepared if they are impacted by a compromise. There are steps you can take to protect your information and if your phone account is breached.

What You Should do to Protect Yourself if Your Phone Account is Breached

  • Freeze your credit. Monitoring your credit is informative because it alerts you to changes on your credit reports that may need further investigation if your phone account is breached. However, it does not offer protection. While it tells you what happened, it does not stop anything from happening. A credit freeze does. Freezing your credit is free, easy and does not impact your credit.
  • Change your mobile phone account password and PIN numbers. Also, change the passwords of other accounts with the same password or PINs as the breached account. You do not want the same passwords or PINs on more than one account. Cybercriminals want you to do that because they can commit credential stuffing attacks. The ITRC recommends you switch to a unique 12+ character passphrase because they are harder for criminals to crack. You can also use a password manager to generate and keep track of your credentials.
  • Use multi-factor authentication (MFA or 2FA) on your accounts. MFA and 2FA provide an added layer of security, making it harder for hackers to gain access if your phone account is breached. Also, if possible, use an authentication app rather than having a code sent by text to your phone because the text messages can be spoofed and intercepted in a SIM swapping scheme. Authentication apps are available for free from Microsoft, Google and other software providers.
  • FOR BUSINESSES: Don’t lose control over the information you don’t have. Don’t collect more information than you need. Don’t keep the sensitive information longer than you need to complete the transaction. Keep what data you do collect and maintain safe and secure by encrypting it. Finally, make sure you offer MFA or 2FA for your customers’ and prospects’ protection when logging into their accounts.

Next Steps to Take if Your Phone Account is Breached

  • Watch for data breach notification letters. It is easy to ignore a breach notification. However, there are usually important steps in the notices, like how to activate free identity protection services. Follow the advice offered by the impacted company.
  • Be on the lookout for phishing emails. Identity criminals may look to exploit the data breach to get you to click on a malicious link or share sensitive information.
  • Closely monitor your financial accounts (credit cards, banking, utilities, etc.) If you see anything out of the ordinary, it may be a sign of fraudulent activity.
  • Contact the Department of Motor Vehicles (DMV) if your license is impacted. Notify the DMV in your state that your information may have been exposed. See if you can place an alert on your license number and check your driving record.

Contact the ITRC

Data breaches are inevitable. Consumers can do everything right and still have their phone account breached. If you believe your phone account is breached or want to learn more, contact the ITRC. You can speak with an expert advisor by phone (888.400.5530) or live-chat on the company website www.idtheftcenter.org. Advisors will answer any question you may have and help you through the resolution process.

The ITRC does not want anyone to panic. While it can be frightening if your phone account is breached, you will be able to work through any misuse of your information if you have a plan.

T-Mobile recently suffered its second data breach since February 2021 and its third breach since December 2020. The latest T-Mobile data breach leaves many current, former and prospective customers wondering what happened, how it happened and what they need to do to stay safe.

What Happened?

According to T-Mobile, a bad actor compromised T-Mobile’s systems. The company says they located and closed the access point they believe was used to gain entry to their servers.

On August 17, 2021, T-Mobile confirmed that approximately 47 million people were impacted by the data breach. T-Mobile also said the data stolen from their systems included personal information like customers’ names, dates of birth, Social Security numbers (SSNs), and driver’s license/identity information for current, past, and prospective customers.

However, in an update on August 20, 2021, T-Mobile said they discovered that phone numbers, as well as the typical numbers that allow a mobile phone to be identified and join a network (the International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI)), were also compromised. T-Mobile identified another 5.3 million current customer accounts that had one or more associated names, addresses, dates of birth, phone numbers, and IMEIs and IMSIs illegally accessed.

The Verge reports that the Federal Communications Commission (FCC) is investigating the T-Mobile data breach that may have impacted as many as 100 million customers.

What Does It Mean to You?

Identity criminals can use information like your SSN and driver’s license to commit an array of identity crimes like false applications for loans, credit cards or bank accounts in your name. IMEIs and IMSIs could be used to track your mobile device or assist in SIM swapping attacks where someone hijacks your phone number to intercept multi-factor authentication codes or other information.

What Can You Do to Protect Yourself from the T-Mobile Data Breach?

  • Freeze your credit. T-Mobile is offering identity protection services to impacted customers, including credit monitoring. While monitoring your credit is informative, it does not offer protection. It tells you what happened but does not stop anything from happening. A credit freeze does. Freezing your credit is free, easy and does not impact your credit.
  • Change your passwords and PIN numbers. You want to make sure you do not use the same passwords or PINs on more than one account. The Identity Theft Resource Center (ITRC) recommends you switch to a unique passphrase (something you can remember that is at least 12 characters long). You can also use a password manager to generate and keep track of your credentials. Cybercriminals want us to reuse passwords on more than one account because it makes it easier for them to commit identity crimes.
  • Use multi-factor authentication (MFA or 2FA) on your accounts. MFA and 2FA provide an added layer of security. Also, if possible, use an authentication app rather than having a code sent by text to your phone because the text messages can be spoofed and intercepted in a SIM swapping scheme. Authentication apps are available for free from Microsoft, Google and other software providers.
  • Have a plan if your IMEI or IMSI information is used fraudulently. It’s unknown if or how the IMEI or IMSI information stolen in the T-Mobile data breach will be used. However, it is important you have a plan if it is. There is no reason to panic about your phone being disabled. However, in the unlikely event it is, plan how you will contact T-Mobile. You can do this through their website t-mobile.com, an in-person visit to a T-Mobile store or using a landline telephone.  
  • FOR BUSINESSES: You can’t lose control over the information you don’t have. Don’t collect more information than you need. Don’t keep the sensitive information longer than you need to complete the transaction. Also, keep what data you do collect and maintain safe and secure by encrypting it. Finally, make sure you offer MFA or 2FA for your customers’ and prospects’ protection when logging into their accounts.

What Are the Next Steps to Take?

  • Closely monitor your financial accounts (credit cards, banking, utilities, etc.) for any signs of fraudulent activity.
  • Stay alert for a data breach notification, as well as any potential identity fraud due to the T-Mobile data breach. While it is easy to ignore a breach notification, there are usually important steps in the notices, like how to activate free identity protection services. In T-Mobile’s notification letter, the company offers two years of free identity protection services. They also recommend all eligible T-Mobile customers sign up for scam blocking protection through the company’s Scam Shield, and directs people to a customer support webpage with breach information and access to tools.
  • Be on the lookout for phishing emails exploiting the T-Mobile data breach to get you to click on a malicious link or share sensitive information.
  • Act if your driver’s license is impacted. If your driver’s license information has been compromised, contact the Department of Motor Vehicles (DMV) in your state to notify them your information may have been exposed. See if you can place an alert on your license number and check your driving record.

Contact the ITRC

While this T-Mobile data breach leaves uncertainty for many, the ITRC does not want anyone to panic. As long as you have a plan, you will be able to address any misuse of your information.

The ITRC remains available to help you. If you have questions about the T-Mobile data breach or believe you may be impacted by it, contact the ITRC toll-free by phone (888.400.5530) or live-chat on the company website (www.idtheftcenter.org). ITRC expert advisors will walk you through the steps you need to take and help you create a resolution plan.

  • data breach of telecommunications company Mint Mobile occurred after some phone numbers were ported and data was accessed. The Mint Mobile data breach is one of the latest data events to affect a telecommunications company, highlighting the risk of mobile breaches. 
  • Insurance company BackNine suffered a data compromise due to a misconfigured database, impacting 711,000 files with information including Social Security numbers (SSNs) and medical diagnoses. The data event stresses the importance of being careful when using cloud databases. 
  • CNA Financial Corporation fell victim to a ransomware attack, leading to a data breach that impacted 75,349 people. Attacks like this, which involved SSNs, on businesses continue to rise. 
  • For more information about July data breaches, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC) data breach tracking tool, notified.    
  • If you believe you are a victim of identity theft from a data breach, contact the ITRC toll-free at 888.400.5530 or through live-chat on the company website www.idtheftcenter.org.   

Notable July Data Breaches 

Of the 163 data events the Identity Theft Resource Center (ITRC) tracked in July, three stand out: Mint Mobile, BackNine and CNA Financial Corporation. All three data events are notable for unique reasons. One highlights the risk of mobile breaches. Another is an example of the need to be careful with cloud databases. The third is a ransomware attack that involves Social Security numbers (SSNs).  

Try our Latest Breaches feature at notified.idtheftcenter.org

Mint Mobile 

A Mint Mobile data breach occurred after phone numbers were ported by cybercriminals and data was accessed. Sometime between June 8-10, a threat actor ported the phone numbers for a handful of Mint Mobile subscribers to another carrier without authorization. According to Bleeping Computer, Mint Mobile disclosed that an unauthorized person also potentially accessed subscribers’ personal information, including call histories, names, addresses, emails and passwords.  

Try our Custom Breach Search feature at notified.idtheftcenter.org

Bleeping Computer reports that Mint Mobile has not said how the threat actor gained access to subscribers’ information. However, based on the accessed data, hackers likely hacked user accounts or compromised a Mint Mobile application used to manage customers.  

The Mint Mobile data breach is the latest to shine a light on the risk of mobile data breaches and the need for better security for customer-facing support systems. In January, the ITRC highlighted a similar breach of U.S. Cellular where hackers gained access to protected systems by installing malware on a computer at a U.S. Cellular retail store.  

BackNine 

A data breach of BackNine, an insurance technology startup, led to 711,000 files being impacted. According to TechCrunch, a security lapse exposed insurance applications at BackNine after one of its cloud servers was left unprotected on the internet. The storage server was misconfigured, and anyone with internet access could view the files.  

Personal information exposed includes names, addresses, phone numbers, SSNs, medical diagnoses, medications taken and detailed completed questionnaires about an applicant’s health, past and present. Other files included lab and test results, such as bloodwork and electrocardiograms. Some files also contained driver’s license numbers. The exposed documents date as far back as 2015 to as recent as July 2021.  

The BackNine data event is a prime example of why companies need to be careful when using cloud databases. If a cloud database is not configured correctly, anyone can access it and may commit an array of identity crimes. It is also important organizations do what they can to protect sensitive data to maintain people’s trust.  

CNA Financial Corporation 

Insurance company CNA Financial Corporation suffered a data breach linked to a ransomware attack. According to CNA’s breach notice, an investigation revealed that the threat actor accessed certain CNA systems at various times from March 5, 2021, to March 21, 2021, and copied a limited amount of information before deploying the ransomware.  

The breach notice states that the data event impacted 75,349 people, and information in the stolen files includes names, SSNs and, in some instances, information related to health benefits for certain people. CNA says, right now, there is no reason to believe the data was stolen or misused. However, they are offering free credit monitoring and fraud protection services through Experian. CNA is just one of many ransomware attacks on businesses being seen by the ITRC. 

What to Do if These Breaches Impact You 

Anyone who receives a data breach notification letter should follow the advice offered by the impacted company. The ITRC suggests you immediately change your password and switch to a 12+-character passphrase, change the passwords of other accounts with the same password as the breached account, consider using a password manager and to keep an eye out for phishing attempts that claim to be from the breached organization.   

Mint Mobile warns users affected by the Mint Mobile data breach to protect other accounts that use their phone numbers for validation purposes and reset account passwords since threat actors could have used the ported numbers for additional attacks. 

CNA Financial Corporation asks impacted individuals to review their “Information About Identity Theft Protection” document, which includes information on placing a fraud alert or credit freeze on a credit file.  

notified 

For more information about July data breaches, or other data compromises, consumers and businesses should visit the ITRC’s data breach tracking tool, notified, free to consumers.   

Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.      

Contact the ITRC 

If you believe you are the victim of an identity crime or your identity has been compromised in a data event, you can speak with an ITRC expert advisor at no cost by phone (888.400.5530) or live-chat. Just go to www.idtheftcer.org to get started.   

  • In 2020, the Federal Trade Commission (FTC) received nearly 100,000 business or personal loan fraud reports, many of them related to Small Business Administration (SBA) loan identity fraud.
  • That’s more than double the number of loan fraud reports from a year earlier. The Identity Theft Resource Center (ITRC) has also seen a spike in SBA loan identity crime reports since the COVID-19 pandemic.
  • Identity thieves apply for SBA loans (primarily Economic Injury Disaster (EIDL) and Paycheck Protection Program (PPP) loans) using stolen Social Security numbers and business Employer Identification numbers (EINs).
  • Scammers are also targeting consumers through phishing schemes in an attempt to steal their Social Security Numbers and other personal information needed to commit SBA loan identity fraud.
  • If anyone believes they are the victim of an SBA loan identity crime or would like to learn how to protect themselves from becoming a victim, they can contact the ITRC to speak with an advisor toll-free at 888.400.5530 or via live-chat. Just go to www.idtheftcenter.org to get started.

Small Business Administration (SBA) loan identity fraud spiked in 2020 due to COVID-19, and it continues to be a growing issue in 2021. The Federal Trade Commission (FTC) says in 2019, they received 43,920 reports of fraud involving business or personal loans; the number more than doubled in 2020 as the FTC had 99,650 reports. The FTC acknowledges that not all of the reports are related to SBA loan identity fraud, but also notes many of them are.

The Identity Theft Resource Center (ITRC) has seen a spike in calls and live-chats around SBA loan-related identity theft. The contacts continue today as contact center advisors work to help victims. Here is a testimonial from one victim who turned to the ITRC regarding their SBA loan identity crime case:

“I want to thank you for all your suggestions. You are the third (organization) I have contacted and by far the most helpful. I received a form from the Small Business Administration, and after returning it with the police report and the Identity Theft Report, I was informed that my debt with them would be canceled. It is such a huge weight off me. I did everything you suggested, and our credit is frozen with all the CRA’s. Thank you again.”

There are different forms of SBA loan-related identity theft of which  businesses and consumers should be aware:

Economic Injury Disaster Loans (EIDLs)

Economic Injury Disaster (EIDL) loans, loans for businesses that suffer substantial economic injury located within a disaster area, have always been available through the SBA. However, they have been expanded as part of the CARES Act to provide relief to businesses experiencing financial loss due to COVID-19. Identity fraud from an EIDL loan occurs when a threat actor applies for an EIDL loan using either a consumer’s Social Security Number (SSN) or a business’s Employer Identification Number (EIN).

Paycheck Protection Program Loans (PPPs)

Paycheck Protection Program (PPP) loans were designed to help businesses maintain their payroll and keep their workforce during COVID-19, and they are available through a lender. Identity fraud from a PPP loan occurs when an identity thief applies for a PPP loan using a stolen SSN, a business EIN or other stolen personal information needed to obtain a loan.

What to do if You Are a Victim of SBA Loan Identity Fraud

If a consumer or a business is the victim of an SBA loan identity crime (whether it’s from either an EIDL or PPP loan), they should take the following steps:

  1. Go back to the source of the loan to notify them of the identity fraud. If the identity fraud is from an EIDL loan, the victim should contact the SBA. If the fraud involves a PPP loan, the affected party should contact the lender that issued the loan. See below for more information on what the SBA requires people to submit, where to submit it, and details on their process.
  2. File an Identity Theft Report with the FTC at www.IdentityTheft.gov. An Identity Theft Report is one of the required documents by the SBA to cancel the loan debt as quickly as possible. Other documents needed include photo identification issued by a federal or state agency and a completed and signed Declaration of Identity Theft. For more information on the steps required by the SBA, click here.
  3. Place a credit freeze to lock credit files until they are needed.A credit freeze is the most effective way to ensure new loans or accounts are not opened.
  4. A less effective option is to place a fraud alert on credit files to alert potential creditors to take extra precautions before extending credit.
  5. Verify with the Secretary of State’s Office or another government agency where the business is registered to ensure the company’s ownership and registration status have not been changed.

Contact the ITRC

Anyone who believes they are a victim of SBA loan identity fraud should contact the ITRC for more information. People can speak to an advisor by phone (888.400.5530) or by live-chat to develop a resolution plan. Anyone who wants to document their steps can use the ITRC’s ID Theft Help app’s case log feature. Consumers who want to learn more can also check out our latest education resources at www.idtheftcenter.org.

  • A Canon data breach resulted from a ransomware attack on the company by the Maze ransomware group. Canon is just one of many companies recently hit with a ransomware attack, a trend the Identity Theft Resource Center predicts to continue in 2021.  
  • The mobile video game Animal Jam suffered a data breach affecting 46 million users after threat actors stole a database. However, WildWorks, the game’s owner, has been very transparent throughout the entire process, setting an example of how businesses should approach data breaches. 
  • Insurance tech company Vertafore discovered files containing driver-related information for 28 million Texas residents were posted to an unsecured online storage service.  
  • For more information about recent data breaches, consumers and businesses should visit the ITRC’s data breach tracking tool, notifiedTM.  
  • Keep an eye out for the ITRC’s 15th Annual Data Breach Report. The 2020 Data Breach Report will be released on January 27, 2021. 
  • If you believe you are a victim of identity theft from a data breach, contact the ITRC toll-free at 888.400.5530 or through live-chat on the company website.  

Notable Data Compromises for November 2020 

Of all the data breaches the Identity Theft Resource Center (ITRC) tracked in November, three stood out: Canon, WildWorks – Animal Jam, and Vertafore. All three data events are notable for different reasons. One highlights a trend and prediction made by the ITRC; another shows transparency by the company throughout the process; the third leaves 28 million individuals’ driver-related information exposed. 

Canon 

Camera manufacturer Canon recently suffered a data breach that was caused by a ransomware attack, but the company only acknowledged the attack was the result of ransomware in November. According to techradar.com and Bleeping Computer, the Canon IT department notified their staff in August that the company was suffering “widespread system issues affecting multiple applications, Teams, email and other systems.” On November 25, the company acknowledged the Canon data breach was due to a ransomware attack by the Maze ransomware group.  

It is unknown how many people are affected by the Canon data breach. However, files that contained information about current and former employees from 2005 to 2020, their beneficiaries, and dependents were exposed. Information in those files included Social Security numbers, driver’s license numbers or government-issued identification numbers, financial account numbers provided to Canon for direct deposit, electronic signatures and birth dates. 

Canon is just one of many companies that have been hit with a ransomware attack. As the ITRC mentioned in its 2021 predictions, cybercriminals are making more money defrauding businesses with ransomware attacks and phishing schemes that rely on poor consumer behaviors than traditional data breaches that rely on stealing personal information. As a result of the ransomware rise, data breaches are on pace to be down by 30 percent in 2020 and the number of individuals impacted down more than 60 percent year-over-year.  

WildWorks – Animal Jam 

Animal Jam, an educational game launched by WildWorks in 2010, suffered a data breach after threat actors stole a database. According to the WildWorks CEO, cybercriminals gained access to 46 million player records after compromising a company server. The information exposed in the Animal Jam data breach includes seven million email addresses, 32 million usernames, encrypted passwords, approximately 15 million birth dates, billing addresses and more. 

WildWorks has been very transparent throughout the entire process. The company provided a detailed breakdown of the information taken in the Animal Jam data breach, how the data event happened, where the information was circulated, whether people’s accounts are safe and the next steps to take. The ITRC believes WildWorks has set an example of how other businesses should share information with impacted consumers after a data breach.  

Anyone affected by the Animal Jam data breach should change their email and password for their account (consumers should switch to a 12-character passphrase because it is easier to remember and harder to guess). Users should also change the email and password of other accounts that share the same email and password. If any users think their account was used illegally, they are encouraged to contact the Animal Jam security team by emailing support@animaljam.com  

Vertafore 

Vertafore, a Denver based insurance tech company, recently discovered three files containing driver-related information were posted to an unsecured online storage service. The files included data from before February 2019 on nearly 28 million Texas drivers. Vertafore says the files have since been secured, but they believe the files were accessed without authorization. To learn more about this data breach, read the ITRC’s latest blog, and listen to our podcast on the event. 

Unfortunately, companies continue to leave databases unsecured, which is tied with ransomware as the most common cause of data compromises, according to IBM. Consumers impacted by the Vertafore data event need to follow the advice given by Vertafore and the Texas Department of Public Safety

notifiedTM  

For more information about recent data breaches, consumers and businesses should visit the ITRC’s data breach tracking tool, notifiedTM, free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.  

Contact the ITRC 

If you believe you are the victim of an identity crime or your identity has been compromised in a data breach, you can speak with an ITRC expert advisor at no-cost by phone (888.400.5530) or live-chat. Just go to www.idtheftcer.org to get started. Also, victims of a data breach can download the free ID Theft Help app to access resources, a case log and much more.  

  • Timberline Billing Service recently determined a supposed ransomware attack led to encrypted files and information removed from their network. So far, the Identity Theft Resource Center (ITRC) has tracked 14 impacted schools.  
  • A database exposure was recently discovered at BankSight Software Systems, exposing over 300 million records for at least 100,000 people.  
  • MAXEX exposed 9 GB of internal data, including confidential banking documents, system login credentials, emails, the company’s data breach incident response policy, and reports from penetration tests. 
  • For more information about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notifiedTM
  • For more information, contact the ITRC toll-free at 888.400.5530, or by live-chat via the company website. People can also download the free ID Theft Help app to access advisors, resources, a case log and much more. 

There were many notable data breaches in October, all tracked by the Identity Theft Resource Center (ITRC). Since 2005, the ITRC has compiled publicly-reported U.S. data breaches as part of our data breach tracking efforts. The ITRC tracks both publicly-reported data breaches and data exposures in a database containing 25 different information fields that are updated daily. Of the notable data breaches in October, Timberline, BankSight and MAXEX top the list. 

Timberline Billing Service 

Timberline Billing Service, a company that claims Medicaid for education agencies in Iowa, recently determined that someone accessed their network between February 12, 2020 and March 4, 2020. The supposed ransomware attack led to encrypted files and information removed from the system.

However, the investigation was unable to determine what information was removed. The information exposed includes names, dates of birth, Medicaid I.D. numbers, billing information, support service code and identification numbers, medical record numbers, treatment information, medical information regarding diagnoses and symptoms and Social Security numbers. However, the information exposed varies from school to school.  

Of the 190 schools in Iowa Timberline assists, so far, the ITRC has tracked 14 impacted schools: 

  • Fort Dodge Community School District 
  • Iowa City Community School District 
  • Cherokee Community School District 
  • Kingsley-Pierson Community School District 
  • Central Decatur Community School District 
  • Clinton Community School District 
  • Muscatine Community School District 
  • Saydel Community School District 
  • Sheldon Community School District 
  • Mid-Prairie Community School District 
  • Hudson Community School District 
  • Dallas Center-Grimes Community School District 
  • Knoxville Community School District 
  • Oskaloosa Community School District 

Timberline says they are taking steps to enhance their security systems, resetting all user passwords, requiring frequent password rotations and migrating school and student data to a cloud location. Timberline is also offering a year of identity monitoring services through Experian to impacted children. Impacted individuals should monitor their accounts for any suspicious activity and contact the appropriate company and act if needed.  

BankSight Software Systems, Inc. 

vpnMentor’s research team recently discovered an exposed BankSight database, exposing over 300 million records for at least 100,000 individuals. According to vpnMentor, the exposed information includes the following: names, Social Security numbers, email addresses, phone numbers, home and business addresses, employment and business ownership details, financial data for businesses and individuals, and personal notes from people looking for loans or postpone on loan payments, exposing private family and business information.  

vpnMentor says they contacted BankSight, and BankSight shut down the server one day later. The information exposed allows a hacker to create sophisticated fraud schemes and target customers of BankSight’s clients. BankSight customers should contact the company to determine the steps to take to protect their client’s data.  

MAXEX, LLC.  

Of the notable data breaches in October, MAXEX does not impact the most people. However, it potentially creates the most significant risk to affected individuals. According to BankInfoSecurity, MAXEX, a residential mortgage trading company, exposed 9 GB of its internal data, including software development for its loan-trading platform. The data also had confidential banking documents, system login credentials, emails, the company’s data breach incident response policy, and reports from penetration tests done years ago.

The company also leaked the complete mortgage documents for at least 23 people in New Jersey and Pennsylvania. The records include tax returns, IRS transcripts, credit reports, bank account statements, scans of birth certificates, passports and driver’s licenses, letters from employers, divorce records, academic transcripts and Social Security numbers for the mortgage applicants and their children.  

MAXEX says they have retained security experts and contacted law enforcement agencies. They also have a computer forensics unit tracing the source of the breach and providing resolution advice. The company says they have fixed the issue that led to the breach. MAXEX says its mortgage trading platform was unaffected. However, links to the data are circulating on forums where stolen data is posted. On one platform, the information has been downloaded more than 1,000 times, according to BankInfoSecurity.  

While the data compromise only impacted a limited number of people, it does not always matter how many people it affected. Rather, the information that was exposed or stolen. Impacted individuals should begin contacting the appropriate companies to determine the next steps to take. Some of the steps to take include freezing your and your child’s credit, checking your reports for suspicious activity, and taking part in credit monitoring or identity monitoring services.  

notifiedTM 

For more information about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notified. It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free. 

Contact the ITRC 

If you believe you are the victim of an identity crime or your identity has been compromised in a data breach, like one of the notable data breaches in October, you can speak with an ITRC expert advisor on the website via live-chat or by calling toll-free at 888.400.5530. Finally, victims of a data breach can download the free ID Theft Help app to access advisors, resources, a case log and much more. 


Read more of our latest information & educational resources below

QR Code Security Threats Begin to Grow as Digital Barcode Popularity Rises

Unsubscribe Email Scam Looks to Trick Consumers