Cyber Incident Victim: ClearBalance

The ClearBalance incident began with unauthorized access to employee email accounts at CSI Financial Services, LLC (operating as ClearBalance) on or around March 8, 2021. The breach remained undetected for nearly seven weeks until April 26, when the company identified and blocked an attempted fraudulent wire transfer. This discovery triggered an investigation that revealed the earlier compromise of email accounts containing sensitive personal and financial data belonging to patients with medical expense loans. The attackers gained access to information spanning multiple categories, though the specific data elements varied across affected individuals. ClearBalance confirmed the email system intrusion as the attack vector but found no evidence that the accessed information had been misused beyond the attempted financial fraud that led to the breach's detection.

The compromised data included patients' full names, Social Security numbers, tax identification numbers, dates of birth, government-issued IDs, telephone numbers, healthcare account numbers and balances, dates of medical service, ClearBalance loan numbers and balances, personal banking details (financial institution names, account numbers, and routing numbers), clinical information, health insurance data, and full-face photographs. PINs and access codes were not exposed. ClearBalance initiated notifications to 209,719 affected individuals following the investigation, disclosing the breach scope and offering mitigation services. These included 24 months of credit monitoring and CyberScan surveillance, a $1 million identity theft insurance policy, identity recovery services, and dark web monitoring for exposed data. The company implemented containment measures upon detecting the intrusion but did not disclose specific technical remediation steps taken to secure the email systems.