Each week Breach Clarity, recently acquired by Sontiq, compiles a list of what it considers to be notable data breaches—those that are worth highlighting because of the increased intensity of the risk to personal information. The Breach Clarity score identifies the level of risk on a scale of 1 to 10—the higher the score, the more severe the breach and level of risk.
This week’s spotlight breaches contain a breach perpetrated by a former employee of the County of Orange’s Social Service Agency. Insider threats like these can be especially pernicious. With authorized access to customer or employee personal information, employees are able to overcome many of the countermeasures in place to stop malicious external actors. Unlike external fraud threats, insiders also have a much greater ability to manipulate the system, making it far easier to commit certain types of fraud that are typically too labor-intensive to be profitable for external actors. This includes schemes like student loan fraud and medical fraud, both of which can be difficult to profit from without assistance from an insider who can divert funds to an account under the control of the fraudster.