San Francisco Employees’ Retirement System breached, exposing 74,000 members’ information
Exploit: Unauthorized database access
SFERS: Public employee benefits program
Risk to Small Business: 1.980 = Severe An unauthorized user accessed a critical database managed by the program’s third-party vendor, causing a significant data breach. The breach, which occurred on February 24, 2020, wasn’t discovered until the end of March. An analysis of the incident couldn’t be completed until this month, leaving many people unaware that their information might be compromised. This data breach reveals the cybersecurity risk that accompanies third-party partnerships but also the often-lengthy delay between breach identification and notification.
Individual Risk: 2.602 = Moderate The data breach did not compromise Social Security numbers or bank data, but it did include members’ names, addresses, dates of birth, and beneficiary information. This data can be used in a variety of different cybercrimes. Most notably, cybercriminals are using stolen data to craft spear phishing messages that can result in even more problematic cybersecurity incidents.
Customers Impacted: 74,000
How it Could Affect Your Customers’ Business: Third-party vendors are an inevitable part of doing business in 2020. However, these relationships expose companies to potential data breaches that are outside of their control. In this environment, having an extra layer of protection to prevent network or account access is a critical component of any defensive strategy.
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.