More Than 22 Million Identities Exposed in High-Risk Data Breaches in Final Quarter of 2022 That May Impact Public Sector Agencies
Medical identity theft the leading risk category for third consecutive quarter, according to new TransUnion public sector report
More than 22 million Americans had personally identifiable information exposed in data breaches over Q4 2022, including driver’s licenses, passports and Social Security numbers. Impact to government agencies is likely as fraudsters and other criminals may use personal information to commit medical identity and tax refund theft as well as other forms of fraud.
“More than anything, this report should give government agencies a sense of where they should focus their efforts to curb fraud and prevent further victimization. Getting access to this information to understand the current type and severity of data breaches is a great first step.”
These and other findings are included within the “Public Sector Breach Intelligence Dashboard,” a report by TransUnion (NYSE: TRU), and Sontiq (a TransUnion company), analyzing data from Sontiq’s BreachIQ™ solution.
“More than anything, this report should give government agencies a sense of where they should focus their efforts to curb fraud and prevent further victimization,” said Jeff Huth, senior vice president of TransUnion’s public sector business. “Getting access to this information to understand the current type and severity of data breaches is a great first step.”
For the third quarter in a row, medical identity theft was most common type of fraud risk among public sector categories, as more than 14 million individuals had their information exposed. The stolen information can be used for crimes, including health insurance fraud and illegally obtaining prescription drugs.
Overall, there were fewer high-risk breaches compared to the previous quarter (321 in Q4 vs 429 in Q3); however, the risk severity score was up 2% in the last quarter. The report calculates risk severity by considering the number of people affected as well as the sensitivity of information exposed and the type of fraud that could be enabled with the data exposed.
Number of Consumers with Data Exposed in Each Fraud Category
Evading the Law
“At times there is an intuitive trend in the types of data breaches that occur; for example we can anticipate a significant rise in tax refund fraud in the coming months,” said Greg Schlichter, director of research and consulting for TransUnion’s public sector business. “However, this report can help government agencies prepare for and respond to emerging threats that may not be predicted by seasonality.”
Federal and state implications
The report also observed types of breaches most common in certain states. Breaches related to medical identity fraud were widespread across the U.S. with Alabama, Colorado, and Oklahoma experiencing the most severe instances of data exposure.
Additionally, those same states saw higher levels of data breaches that could lead to fraudsters assuming stolen or synthetic identities that help them evade law enforcement agencies, like Customs and Border Patrol.
Government agencies can take several actions to prevent fraud and protect consumers. These steps include improving identification and device proofing tools, and assessing databases for duplicative information; e.g., a Social Security number being used for more than one person. A more proactive measure might include strengthening data privacy and security standards required of certain organizations to prevent data breaches from happening in the future.
What consumers can do
“Discovering you’re a victim of identity theft can be a frustrating and vulnerable experience,” said Margaret Poe, head of consumer credit education at TransUnion. “Knowing what to do next can help you take control of the situation and get on the path to recovery.”
First, consumers should take immediate action to protect their credit with a credit freeze and fraud alert. Both are free to use and won’t affect one’s credit score. Next, consumers should report the fraud to their bank, any other financial institutions they have accounts with, and file a report with the FTC at identitytheft.gov.
It’s also important for consumers to check their credit report for any inaccuracies that occurred due to fraud. Consumers can request a credit report for free weekly through 2023 from annualcreditreport.com. If consumers find any inaccuracies, they can dispute them online for free through TransUnion’s online dispute process.
For more information about the research, read the “Public Sector Breach Intelligence Dashboard.”
About TransUnion (NYSE: TRU)
TransUnion is a global information and insights company with over 12,000 associates operating in more than 30 countries. We make trust possible by ensuring each person is reliably represented in the marketplace. We do this with a Tru™ picture of each person: an actionable view of consumers, stewarded with care. Through our acquisitions and technology investments we have developed innovative solutions that extend beyond our strong foundation in core credit into areas such as marketing, fraud, risk and advanced analytics. As a result, consumers and businesses can transact with confidence and achieve great things. We call this Information for Good® — and it leads to economic opportunity, great experiences and personal empowerment for millions of people around the world. http://www.transunion.com/business
Sontiq (pronounced Son-tick), a TransUnion company, is an intelligent identity security company arming businesses and consumers with a full range of award-winning identity and cyber monitoring solutions, as well as best-in-class restoration and response offerings. Sontiq products empower millions of customers and organizations to be less vulnerable to the financial and emotional consequences of identity theft and cybercrimes. Sontiq has an outstanding track record for delivering high-touch support and fraud remediation services, demonstrated through its 99% customer satisfaction ratings. www.sontiq.com