Recently, Central Licensing Bureau, Inc. confirmed that the company experienced a data breach following a ransomware attack. According to the CLB, the breach resulted in the first and last names, addresses, dates of birth, Social Security numbers and driver’s license numbers of affected parties being compromised. On July 8, 2022, CLB filed an official notice of the breach and sent out data breach letters to all affected parties.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Central Licensing Bureau data breach, please see our recent piece on the topic here.
Additional Details About the Central Licensing Bureau Data Breach
According to an official notice filed by the company, on November 29, 2021, Central Licensing Bureau detected a ransomware attack in which an unauthorized party accessed and disabled portions of the company’s computer systems. In response, CLB enlisted the assistance of a third-party cybersecurity forensic firm to further secure its systems and investigate the incident. As a result of this investigation, the Central Licensing Bureau learned that the unauthorized party orchestrating the attack was able to gain access to certain files containing consumer data.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, Central Licensing Bureau then reviewed the affected files to determine which consumers were affected and what information of theirs was accessible to the unauthorized party. The Central Licensing Bureau completed this process on June 10, 2022. While the breached information varies depending on the individual, it may include your first and last name, address, date of birth, social security number, and driver's license number.
On July 8, 2022, Central Licensing Bureau sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Founded in 1982, Central Licensing Bureau, Inc. is a company that provides support services to the insurance industry. More specifically, CLB provides licensing services for insurance companies, agents and corporations nationwide, including resident and non-resident licensing, license renewals, secretary of state corporate qualifications, and insurance company appointments. The company also facilitates third-party administrator, adjuster and surplus lines and manages general agency licensing. The Central Licensing Bureau employs more than 30 people and generates approximately $7 million in annual revenue.
Ransomware Attacks: One of the Leading Causes of Data Breaches
For those who are familiar with the data breach world, “ransomware attack” is a term they’ve certainly become familiar with. Ransomware attacks, along with email phishing attacks, are the two most common ways that cyber criminals conduct their attacks. For example, according to the Identity Theft Resource Center, the number of ransomware attacks increased from 158 in 2020 to 321 in 2021. While 321 attacks may not sound like a large number, each ransomware attack affects thousands of people. To put this in perspective, the Identity Theft Resource Center reports that over 41 million people were victimized by ransomware attacks in 2021 alone.
Ransomware attacks are not a new phenomenon; however, over recent years, hackers have shown a renewed interest in this particular type of attack. In part, this is because technological developments now allow cybercriminals to specifically target valuable data types. Moreover, the manner in which cyber criminals carry out these attacks has also changed over time, making them more dangerous than ever before.
Originally, a ransomware attack involved a hacker somehow installing malicious software on a victim’s device or computer network. Often, this was done in conjunction with an email phishing attack or by placing malicious code on the back-end of a company’s website. The malicious software would encrypt the data on the victim’s device, preventing them from logging in. Instead, when the victim tried to log in to their computer, they would be greeted with a message from the hackers demanding they pay a ransom if they wanted to regain access to their computer.
However, in recent years, hackers have begun threatening to publish the data they obtained from a company on the dark web if the ransom is not paid. From the hacker’s perspective, this adds to a company’s incentive to pay the ransom. While not every ransomware attack results in consumer data being published to the dark web, that isn’t a chance that companies (or consumers) want to take, and for good reason. Once data is available on the dark web, it can be accessed by anyone who wants to use the data for their own financial gain—at the expense of the victim.
Given the frequency and risks of these attacks, it is important for both consumers and businesses to understand what ransomware attacks are, how they can be prevented, and what can be done in their aftermath to reduce the worst consequences, including identity theft and other frauds. It is also essential for anyone who falls victim to a data breach to take the necessary steps to protect themselves.
