The Weekly Breach Breakdown Podcast by ITRC - Don't Panic - S5E30

Show Transcript

Welcome to the Identity Theft Resource Center's (ITRC) Weekly Breach Breakdown for September 20, 2024. I'm Alex Achten, Director of Communications & Media Relations of the ITRC. Thanks to Sentilink for supporting the ITRC and this podcast. Each week, we look at the most recent events and trends related to data security and privacy. Today, I will talk about some of the notable data breaches in August, including the National Public Data breach.

As a kid growing up in the early 2000s, one of my favorite bands was Coldplay. I am not sure what it was about Chris Martin and his alternative rock, post-Britpop band, but my brother and I were hooked. While prepping for this week's podcast, I could not help but think of their 2000 hit "Don't Panic." There has been lots of news about data breaches lately, particularly the National Public Data breach. While all data compromises should be taken very seriously, the song's title applies to some of the latest breach news: Don't Panic. Let's get into it. 

The ITRC tracked 273 data compromises in August 2024, impacting nearly six million people. The top three breaches by victim count were National Public Data, Young Consulting LLC and Patelco Credit Union. 

Of all the notable data breaches, let's start with National Public Data. A few weeks ago, ITRC COO James E. Lee was on this podcast discussing a federal court lawsuit filed in Florida that claimed National Public Data was attacked by identity thieves who offered 2.9 billion records for sale in a criminal marketplace for $3.5 million. As James pointed out, the criminals stole 2.9 billion records covering three decades of information. However, that's not the same as 2.9 billion people. At that time, there was no data breach notice. Now, there is.

According to a filing with the Office of the Maine Attorney General, there were 1.3 million victims impacted, not 2.9 billion. However, it is important to note that 1.3 million victims may not be the final victim count. We will continue to monitor the National Public Data breach. 

The ITRC encourages people to freeze their credit to protect themselves. It is the single most important thing to do. Also, exercise good cyber-hygiene by having a unique 12+ character passphrases on each account (and switch to passkeys when offered). Use multifactor authentication everywhere it is available to provide you with an added layer of security.

There were two other notable data breaches in the month: Young Consulting LLC, a Blue Shield of California vendor, and Patelco Credit Union. Those compromises impacted over 1.5 million people. 

According to another filing with the Office of the Maine Attorney General and the data breach notice, unauthorized access was gained to Young Consulting’s network between April 10 and April 13. Young Consulting identified that information relating to certain data owners, including Blue Shield, may have been impacted. On June 28, Young Consulting notified Blue Shield of California that files were accessed, impacting 954,177 people. Information involved includes names, Social Security numbers (SSNs), dates of birth and insurance claim information. 

The Patelco Credit Union data compromise impacted 726,000 people after the credit union detected a ransomware attack. Information impacted includes first and last names with SSNs, Driver's License numbers, dates of birth and email addresses. 

If you receive a data breach notice for one of the notable data breaches in August or any compromise, follow the advice in the notice and watch for phishing attempts that claim to be from the breached organization – all of this on top of the advice given earlier to freeze your credit, use long and unique passphrases or passkeys, as well as implement multifactor authentication, when possible. 

We won't get too deep into discussing some of the notable data breaches in September. However, Acadian Ambulance Service, Inc. suffered a data breach, exposing the sensitive information of over 2.8 million people. Also, data compromises of Slim CD, Inc. and Wisconsin Physicians Service Insurance Corporation (due to MOVEit) impacted nearly 1.7 million and 947,000 people, respectively. To learn more about these data events, visit the ITRC's data breach tracking tool, notified. 

Next month, the ITRC will release its data breach findings for the third quarter of the year. We will have more on the notable data breaches in the quarter, as well as the latest trends, as we head into the last three months of the year. 

If you want to know more about how to protect your business or personal information or think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone, via text message, chat live on the web, or exchange emails during our normal business hours (6 a.m.-5 p.m. PT). Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the ITRC and this podcast. Next week, we will have an episode of our sister podcast, the Fraudian Slip, featuring National Cybersecurity Alliance Executive Director Lisa Plaggemier. Plaggemier and ITRC President and CEO Eva Velasquez will discuss Cybersecurity Awareness Month, data security and privacy, and much more. We will return in two weeks with another episode of the Weekly Breach Breakdown. I'm Alex Achten. Until then, thanks for listening.