The Washington Attorney General's Office disclosed a data breach affecting Zillow Group on May 19, 2017, stemming from a clerical error that occurred on May 9, 2017. The incident exposed the personal information of 1,086 Washington residents, including highly sensitive data such as names, Social Security numbers, wage details, and tax information. The breach was not the result of a targeted cyber attack or external hack but rather an internal administrative mistake, leading to unauthorized exposure of confidential records. While the scope was limited to a specific group of individuals, the compromised data particularly Social Security numbers and financial details posed significant risks, including potential identity theft, financial fraud, or misuse of personal information. Zillow Group likely faced regulatory scrutiny and was required to notify affected individuals, offering credit monitoring or identity protection services as mitigation. The incident highlighted vulnerabilities in data handling procedures, emphasizing the need for stricter internal controls to prevent similar errors in the future.
TPRM report: https://www.rankiteo.com/company/zillow-home-loans
"id": "zil036091825",
"linkid": "zillow-home-loans",
"type": "Breach",
"date": "5/2017",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1,086',
'industry': 'Real Estate / Technology',
'location': 'Washington, USA',
'name': 'Zillow Group',
'type': 'Corporation'}],
'data_breach': {'number_of_records_exposed': '1,086',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Information']},
'date_detected': '2017-05-09',
'date_publicly_disclosed': '2017-05-19',
'description': "The Washington Attorney General's Office reported a data "
'breach involving Zillow Group on May 19, 2017. The breach, '
'which occurred on May 9, 2017, was due to a clerical error '
'affecting the personal information of 1,086 Washington '
'residents, including names, Social Security numbers, and '
'other wage and tax information.',
'impact': {'data_compromised': ['Names',
'Social Security Numbers',
'Wage and Tax Information'],
'identity_theft_risk': 'High (PII exposed)'},
'post_incident_analysis': {'root_causes': 'Clerical error leading to '
'unauthorized exposure of PII'},
'references': [{'source': "Washington Attorney General's Office"}],
'regulatory_compliance': {'regulatory_notifications': 'Washington Attorney '
"General's Office"},
'response': {'communication_strategy': 'Public disclosure via Washington '
"Attorney General's Office"},
'title': 'Zillow Group Data Breach (2017)',
'type': 'Data Breach',
'vulnerability_exploited': 'Clerical Error'}