When personal information is stolen in a data breach, each compromised data point poses a different risk to the victim.

Stolen email addresses and phone numbers can lead to an increase in phishing attempts, while Social Security numbers could be used by cybercriminals to conduct instances of identity theft.

Either way, it’s important to know what pieces of information were exposed in an incident to know exactly what you should do if you become a victim of a data breach.

In this installment of the BlackCloak Thursday Threat Update, we’ll take a look at a healthcare data breach where sensitive information was stolen, as well as an incident where the data points belonging to millions of people were leaked online.


Data belonging to 20 million TruthFinder, Instant Checkmate users leaked online

What we know: The data of 20 million TruthFinder and Instant Checkmate users was discovered on a hacking forum. The person posting the data claimed it belonged to anyone who used the services up to April 16th, 2019. The compromised data points included users’ names, email addresses, telephone numbers, encrypted passwords and password reset tokens. Instant Checkmate confirmed it experienced a data breach, and is conducting an investigation.

Recommendations: As email addresses and phone numbers were exposed in the breach, TruthFinder and Instant Checkmate users should be on the lookout for phishing emails, as well as SMS text message phishing attacks, which is a technique known as “smishing.” Remember: No legitimate organization will ever ask you to turn over personal information or login credentials to remedy an issue. In its data breach announcement, Instant Checkmate even said it will “never ask you for your password, social security number or payment information via email or telephone.” Additionally, you should also reset your password if you are a user of either of the services. Be sure your password is strong, and isn’t the same as any other password you use online.


Sensitive information stolen in healthcare breach

What we know: Revenue cycle management company Reventics experienced a data breach affecting more than 250,000 patients. Memphis-based Regional One Health said in a data breach notice some of its patients were among those affected by the incident. Compromised data points include patients’ names, addresses, medical records, Social Security numbers, dates of birth and financial information.

Recommendations: Anyone who receives a data breach notification letter can contact Revantics’ toll-free assistance line at (833) 753-4765 Monday through Friday from 9AM to 9PM. As Social Security numbers and financial information were exposed in the breach, it’s also a good idea to monitor your accounts for suspicious activity, and also consider placing a credit freeze and fraud alert on your accounts as well. 


Best practices can save the day

While data breaches may ultimately be out of your control, there are plenty of ways you can limit your cyber risk right now, which may save you a lot of headaches later on.

Learn how to craft strong passwords to protect your online accounts, and how you can prevent and respond to malicious actors who may try to impersonate you on social media.