Five data breaches that occurred earlier this year pose the greatest risk for scams relating to the ongoing COVID-19 pandemic, according to the inventor of a cybersecurity algorithm.
In order to pull off a COVID-19 scam, cybercriminals need a person’s contact information and account information as well as the “identifiers” that person used to access those accounts, Jim Van Dyke, CEO of Breach Clarity, said in a press release.
Breach Clarity evaluates publicly reported data breaches and scores the risk they pose based on the information that was reportedly exposed. That information can be accessed at breachclarity.com.
The five data breaches that have put people at greater risk from COVID-19 scams occurred at ToonDoo, a comic strip website; LimeLeads, a business-to-business contact database; Health Share of Oregon, a coordinated care organization that serves Medicaid users in three Oregon counties; Tetrad, a market analysis firm; and hotel chain Marriott International.
The data breaches at those five companies affected millions of people, according to news reports. In nearly every instance, their email addresses were exposed; however, a breach at the Health Share of Oregon also exposed protected health information, insurance account numbers, Social Security numbers and more.
According to news reports, those five data breaches led to millions of people having personal information like their email addresses exposed.
“COVID-19 has created an enormous amount of uncertainty and chaos at a scale we’ve not seen before. People are scared, anxious and desperate for anything that might help them through this troubling time,” Van Dyke said in the release. “That makes them incredibly vulnerable.”
Van Dyke also identified smaller data breaches at the U.S. Small Business Administration and the Arkansas Division of Workforce Services that posed a “particularly concentrated risk to victims” because the breaches occurred in COVID-19 assistance programs.
Breach Clarity’s algorithm “simulates the cybercriminal mindset,” Al Pascual, the company’s COO, said.
“It considers the newly available, formerly private, data and calculates the attacks, tricks and traps that are most likely to be deployed with that intelligence,” Pascual said.