When you see a news story about a data breach, you shouldn’t always expect it to disappear after the initial report.

Occasionally, follow up stories may appear stating that the number of data breach victims was higher than expected, or that the entity in question experienced another cyberattack after the dust settled from the first incident.

When a data breach impacts an organization you have come into contact with, it’s always a good idea to keep tabs on it just in case follow-up developments arise down the line.

In this installment of the BlackCloak Thursday Threat Update, we’ll cover an update to the 23andMe data breach, as well as a breach involving a medical transcription company that affects millions around the country.


23andMe breach now affecting nearly seven million users

What we know: Genetic testing company 23andMe has disclosed that the information belonging to 6.9 million users was compromised in a data breach that took place earlier this year. Initially, 23andMe believed the cyberattack only affected a small percentage of its users, however, further developments have found unauthorized individuals were able to access 5.5 million users of its DNA relatives feature and 1.4 million who have used its Family Tree profile feature.

Recommendations: 23andMe has required all users to change their passwords and enable dual factor authentication for their accounts. Be sure your new password is completely unique, and has the proper amount of numbers and special characters. Additionally, you should use an authenticator app when choosing dual factor methods, not just for your 23andMe account, but for all accounts you have.


Millions impacted by medical transcription company breach

What we know: Medical transcription company Perry Johnson & Associates fell victim to a data breach this past May, affecting millions of people across the country. At least four million New York residents had their data exposed, and Cincinnati-based Mercy Health said neary nine million patients were affected by the breach. While payment card information and passwords were not compromised in the breach, Social Security numbers, names, addresses and dates of birth were caught up in the incident.

Recommendations: If you belong to one of the impacted organizations, be sure to place a credit freeze and fraud alert on your accounts, even if you don’t receive a data breach notification letter. It’s best to play it safe and ensure all of your accounts are properly monitored. New York Attorney General Letita James also advises anyone to report incidents of fraud to the Federal Trade Commission, and to inform those impacted by the breach to inform their insurance companies about the situation to see whether they have protocols in place for these scenarios.


Read up on new attacks, and the tools at your disposal

It’s always a good idea to know what cyberattacks are currently in circulation, as well as the tools at your disposal to protect yourself in the event that your personal information is at risk. By knowing what’s out there, you can mitigate potential damages by proactively using those tools should a data breach notification letter arrive in your inbox.


Learn how to protect your privacy from social engineering attacks and when to deploy a credit freeze and fraud alert on your accounts.