A recently announced Evite data breach has some alarming potential outcomes. The internet-driven invitation platform allowed people to sign up for events and virtual meetups, so the very nature of the website gave outsiders a way to contact users via email. Access to the users’ Evite accounts means a hacker could send phishing attempts, malicious links or other scam communications to unsuspecting individuals.

The Evite data breach, which occurred from February to May this year, compromised account information dating back as far as 2013. That information included names, email addresses, usernames and passwords for an as-of-yet unknown number of users. Other optional information that some users provided, such as birthdates and phone numbers, was accessed as well.

Risk Level of Information Exposed

It is tempting to think that this information is not all that sensitive, so therefore, this breach is not too troublesome. Unfortunately, that is not the case. First, any data breach of stored information is a big deal since it means someone has managed to work their way into a cache of collected data. Moreover, usernames, email addresses, and passwords are a massive problem if the users haven’t been practicing solid security hygiene.

There is an interesting twist with the Evite data breach that experts have identified: the notification letter itself. Now that data breach notification letters can legally be emailed—which not only reduces the amount of time for victims to find out, but also greatly reduces the cost to the company who suffered the breach—there is actually a plausible concern that spammers themselves will email the victims. Once news of this or any data breach comes to light, spammers could send out fake emails that appear to come from the affected company. Instead of helping the victims, though, they may contain harmful links, viruses or further phishing attempts. It is important to follow good protocols for your security when receiving a data breach notification email.

What You Can Do About It

For now, Evite users are encouraged to change their passwords and ensure that no other accounts they use shared those same login credentials. This is true even if you do not receive a notification email from Evite. Also, if you do receive any communication from Evite, do not click a link or download an attachment. The company has already said its notification letter while not contain those things, but it is never a good idea to click or download in an email unless you were expecting additional content. Always verify the safety of the link or attachment before opening it, regardless of who you think sent it.

Of course, the Identity Theft Resource Center is here to help. Speak to an identity theft advisor for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Experian proudly provides financial support to the Identity Theft Resource Center.


You might also like…

Imposter Scams Were the Most Reported Complaint in 2018

In New Scam, Criminals Pose as Government Pretending to Help With Identity Theft

Study Explores Non-Economic Negative Impacts Caused by ID Theft 

 

Gift card scams are nothing new, but there is a new avenue for thieves to go after your money. While criminals have long relied on prepaid debit cards or iTunes gift cards for everything from IRS scams to fake online buying and selling, the latest “currency” is Google Play cards. As a result, Google Play gift card scams are on the rise and may already be targeting you or your loved ones.

You may have already learned about avoiding scams involving iTunes gift cards. These cards, which are only intended to be used for Apple Store purchases became a favorite tool for scammers who demanded untraceable payment in this card currency. Now with more criminals aware of the opportunity, the go-to choice for scammers is quickly becoming Google Play gift card scams. Here are some of the ways scammers target consumer finances by demanding payment through Google Play gift cards.

Impersonation Scams

Every malicious thing you have heard about iTunes gift cards, prepaid debit cards and even wire transfers is also true about Google Play gift cards. Callers pretending to be with the IRS, with law enforcement, with medical offices, bogus charities and other plausible outlets, may call and demand payment via gift cards. Remember, no credible agency or company will ask for an untraceable payment via gift card.

Reselling Gift Cards

There are multiple online platforms where users can sell unwanted, unused gift card balances. Criminals have taken advantage of this opportunity and steal the balances from unsuspecting sellers. One commonly reported Google Play gift card scam is the three-way call. The purpose of the call is to have you dial the number on the back of your card and verify the balance while the potential buyer listens. That makes a lot of sense when you think about it. However, as you are entering the card number on your phone’s keypad, the listener is recording the tones. After you end the call and before the scammer buys your card, they simply use the recorded tones to transfer all the money off your card and onto one they own. Avoid Google Play gift card scams by only using reputable sites and verifying buyer reputation when possible.

Balance Inquiry Scams

Checking the balance on your gift cards is a good idea. It helps you know how much to spend and how much you have left on a reloadable card. However, hackers have invented a tool that allows them to wipe gift cards clean by attacking the computer network that keeps up with the balances. In order to avoid that kind of theft, it is a good idea to use your gift cards shortly after receiving them. Also, remember that some types of cards can start to lose value each month if you do not spend them. You can avoid this with a Google Play card by installing the card in your mobile wallet on your Android device.

Protect Card Numbers

Google Play gift cards, just like other gift cards, are only as safe as the information on the magnetic stripe or in the assigned number on the back. If you lose your card or someone gets the number, they have access to your money. Never share your card information with someone who contacts you, and never verify your gift card number for someone.

Providing Emergency Help

One common Google Play gift card scam is for a person to claim they need a Google Play card for some reason, such as to download an app they must have for work or to buy a movie or book they need for school. The only catch is supposedly they are living in a location where they cannot buy the cards. They reach out to you on social media and offer to pay you to buy them a card, giving you the price of the card and a little something extra for your time. Once you read them the information from the back of the card, they will drain the funds off it and you will not be reimbursed. Remember, there is no valid reason why someone should need you to buy them a card, and you will be violating terms of service for gift cards if you provide one.

Google asks its users to remember two very important truths about Google Play gift card scams, and these are true of any kind of reloadable payment card. First, it can never be used for any purpose other than downloading content from the Google Play Store. Second, you must protect the number like cash. No one will ever have a genuine reason to ask you for the number from the back of a card. If you have been a victim of a gift card scam, report the instance to the Federal Trade Commission.

Of course, the Identity Theft Resource Center is here to help. Speak to an identity theft advisor for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Experian proudly provides financial support to the Identity Theft Resource Center.


You might also like…

Imposter Scams Were the Most Reported Complaint in 2018

In New Scam, Criminals Pose as Government Pretending to Help With Identity Theft

Study Explores Non-Economic Negative Impacts Caused by ID Theft 

 

In 2018, more than one million children were victims of identity theft. Keep in mind these are only reported cases meaning there are most likely far more victims than we know. As a parent, it’s important to think about how can we help protect our children from identity theft and the years of repercussions that typically stem from it. The truth is, no person or product can completely prevent identity theft of children or adults. While this might seem like a daunting realization, there are preventative measures and safety tactics to help minimize your child’s risk. Keep reading to learn more.

Why Target Children?

Unfortunately, children have always been viable targets for identity theft. The fact that kids do not take out lines of credit until later in life and are not actively monitoring their credit means criminals can use their untapped Social Security number to obtain credit and abuse it for years, unnoticed. Child identity theft can be committed in a variety of ways. In some cases, the child’s own parent or legal guardian, who has easy access to their PII, might use it to help ends meet and with the right intentions. Whereas in other cases, it is used with malicious intent. Another common way that a child’s PII is compromised is through data breaches, phishing scams and other methods. Criminals will specifically target databases where they know children’s PII is housed like pediatrician offices, daycare centers and summer camps.

Preventative Tips

Only Supply Necessary Information

Often child programs or service providers ask parents for a long list of information regarding their child. Before filling this out, stop and ask three questions: Why is this information needed? How will you protect my child’s data? What happens if I do not provide it?

Often times, summer camps and daycare centers do not need sensitive information about your child, like their Social Security number. Chances are small business like these might not also have the proper cybersecurity in place to store your child’s information safely. Always think twice about providing sensitive information to any business, including those who seem reputable like your pediatrician’s office.

Place a Credit Freeze

To help stop criminals from taking out a line of credit in your child’s name, parents can freeze their child’s credit with the three main credit reporting agencies (CRAs). Placing a freeze helps prevent credit, loans and services from being approved in your name (or your child’s name) without your consent. Helping protect the financial aspect of a child’s identity is only one factor, but can be greatly beneficial. Experian also offers a one-time free child ID scan to help determine where your child’s identity could be used fraudulently.

Avoid Creating Vulnerabilities

Sometimes, even with the best intentions, parents can create vulnerabilities for their children’s identity. This can happen by trusting the wrong person with PII, supplying information to breached businesses or leaving documents unprotected.

One vulnerability specifically comes to mind, a child ID kit. A child ID kit is recommended by law enforcement and child advocate agencies in case of the unfortunate event of a missing child. It contains things like an updated photograph and fingerprints of your child to provide to law enforcement in an emergency. Criminals have taken advantage of parents’ natural instinct to protect their children and offer child ID kit packages that expose children’s information. It is important to note that everything in a child ID kit is completely doable by a parent and does not cost anything to complete or provide to law enforcement, a third party is not needed whatsoever. If you do create an ID kit for your children, make sure to store it in a secure, safe location and do not trust others with the information.

Of course, the Identity Theft Resource Center is here to help. Speak to an identity theft advisor for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Experian proudly provides financial support to the Identity Theft Resource Center.


You might also like…

Imposter Scams Were the Most Reported Complaint in 2018

In New Scam, Criminals Pose as Government Pretending to Help With Identity Theft

Study Explores Non-Economic Negative Impacts Caused by ID Theft 

 

If you are traveling and plan to rent a car, there is a very specific privacy pitfall threatening you. Rental car companies have begun offering premium features in their fleets of vehicles, including things like Bluetooth sound systems, on-board GPS navigation and infotainment devices for everything from playing music to showing movies. The upgraded technologies can pose a threat to your identity.

Most rental car companies have no policy concerning deleting your Bluetooth-enabled activities from the vehicles once you return them. Some privacy organizations have even rented cars with the intention of seeing what past users are still stored in the device. It was a surprise to discover that many big-name rental car companies do not delete old user information, and that previous renters’ info was still easily visible.

Now, this might seem like a small concern in comparison other identity threats – like having your Social Security number stolen – but rental car risks exposing information like downloads, navigation and your phone’s identity. Your personal data should not be accessible to anyone else, especially the random individual who rents a car after you.

It is unfortunate that rental car companies are not concerned as they should be about your personal information. Sadly, this is a trend we see across many industries as misuse of personal data and data breaches are on the rise. Even if companies are not as worried about someone finding out your information via rental car technology, there are still steps consumers can take to minimize car rental risk.

Do not connect

The very first solution is to not connect your phone to the vehicle. This might not be ideal for integrated use, but it is the safest of precautions a consumer can take.

Delete the history

If you choose to connect, delete your own history from the Bluetooth system and the GPS navigator. If you do not know how, ask the service department when you return the car.

Block your name

Some Bluetooth-enabled devices will use a nickname for the device when connecting, such as “Lisa’s iPhone.” If your nickname is in your device and is picked up by the car’s system, it is possible that the next patron could piece together your nickname, your whereabouts (from the GPS) and your social media profiles in order to follow you. This could lead to other malicious activity.

Avoid having the GPS take you home

You already know where you live, so if you are using the GPS in a rental car, do not have it take you all the way to your house. It is enough to take you to your city or town, then shut it off and find your own way for the rest of the trip. This prevents others from finding your home location to plan a robbery or other malicious activity.

Do not skip the inspection

Do not skip the inspection when you return a vehicle. It is a good time to ask for help if you cannot delete your Bluetooth activity, and prevents any disputes later about damage to the vehicle. Some car rental places have started letting you place the keys in the car and leave without seeing an attendant, but avoid this and you will be happy in the long run.

Of course, the Identity Theft Resource Center is here to help. Speak to an identity theft advisor for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Imposter Scams Were the Most Reported Complaint in 2018

In New Scam, Criminals Pose as Government Pretending to Help With Identity Theft

Study Explores Non-Economic Negative Impacts Caused by ID Theft 

 

In what has become an alarming security trend, yet another company has exposed millions of consumers’ profiles online due to a non-password protected web-based server. Ladders, a recruitment site that lets users create a profile that can be shared with potential employers, was using an Amazon-hosted web server to store the profiles; according to a security researcher who discovered the information exposed online—and according to confirmation from the company—13.7 million of those users’ complete profiles were available to anyone who knew to look for them.

While the information didn’t appear to contain Social Security numbers, everything else that you might list in a job application was there. Names, email addresses, physical addresses, work histories, educational level, even whether or not the applicant had a security clearance and in what field were all available.

Fortunately, the information was discovered by Sanyam Jain, who works for a non-profit that specifically looks for overexposed information and reports it. There’s no way of knowing if anyone with malicious intentions got to it beforehand, though. After receiving the report, Ladders took down the database within a short time.

Incidents like this one continue to happen, largely due to poor password security. In far too many of the cases of accidental overexposure or data leak, the company who posted their information didn’t realize the default setting was “open” to the public.

For users of any platform, there’s really no way to prevent this kind of oversharing of their information. Other than contacting the company’s IT department, asking if they host their databases on web-based servers, and then asking if that server is password protected—all of which the IT department is probably not going to share with a member of the general public—there’s not much that individuals can do. But here are some actionable steps:

  1. Establish a secondary email – In cases like this, a spammer could download the database and target the users with spam and potentially harmful emails. If you’re establishing online accounts, you might consider setting up an email address that you only use for those purposes. However, in this case, it must be one that you can still check routinely since the purpose of the account was to be notified about job opportunities.
  2. Password security – Even if the other company doesn’t quite have their passwords nailed down, that doesn’t mean you can’t be safer with good password security. Never reuse a password or make one that’s too easy—remember, humans don’t sit and “guess” your password, but rather, software that can make billions of guesses per second does the job for them. Also, it’s a good idea to change your password from time to time, especially on sensitive accounts.
  3. Don’t throw in the towel – Even if it feels like your information is exposed every single day, that’s not the case. Data breach fatigue is a documented problem, but don’t let the constant news of poor security practices keep you from locking down your information as much as possible.

Of course, the Identity Theft Resource Center is here to help. Speak to an identity theft advisor for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Imposter Scams Were the Most Reported Complaint in 2018

In New Scam, Criminals Pose as Government Pretending to Help With Identity Theft

Study Explores Non-Economic Negative Impacts Caused by ID Theft 

 

Why Has UCSD Failed to Notify HIV Patients of Data Breach?

Data breaches are already upsetting enough, especially when your highly-sensitive personally identifiable information is put at risk. But when it comes to data breaches and fraud, perhaps there’s no greater intrusion than to suffer a data breach of your medical information; somehow though, even that kind of intrusion pales in comparison to being victimized in a breach then victimized again by the company who failed to inform you about it.

Now imagine that the medical information that was breached is of the most private nature, one that could have serious consequences for the victims should it get out.

University of California-San Diego partnered with a health services industry organization known as Christie’s Place to recruit participants for a vital, worthwhile study. The study’s subjects were all HIV-positive women who were examined on their commitment to treatment based on experiences with domestic violence, trauma, mental illness, and substance abuse. Unfortunately, the entire case file for all of the study’s participants was left visible in the computer—accessible to literally anyone who worked or volunteered with Christie’s Place.

Somehow, this data breach has taken yet another upsetting turn: UCSD decided not to inform the patients that their information has been exposed. The details on who was behind that decision have not been very clear, but as of recent reports, the patients are still unaware.

There are some very unclear details emerging from this, including allegations of misconduct and even possible attempts to inflate the numbers of patients receiving support. However, none of those accusations has been proven. More information on those matters can be found here.

In the meantime, the very least that can be argued about this breach and the failure to notify is that patients have not been given an opportunity to take action to secure their information. Some of the participants also may have not shared news of their diagnoses with others, and a violation of this kind could have serious consequences for them. The university has stated that it will notify patients very soon, but there is no specific timeline for that to take place.


You might also like…

Imposter Scams Were the Most Reported Complaint in 2018

In New Scam, Criminals Pose as Government Pretending to Help With Identity Theft

Study Explores Non-Economic Negative Impacts Caused by ID Theft 

 

United States Customs and Border Protection (CBP) announced that it was victim of a data breach at the hands of a third-party partner. The information exposed included photos of license plates and travelers. CBP released a statement about the breach saying,

“In violation of CBP policies and without CBP’s authorization or knowledge, [a subcontractor] transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network,” CBP added. “The subcontractor’s network was subsequently compromised by a malicious cyberattack.”

The hack happened by accessing a database on the third-party’s server that was unauthorized by CBP to exist. Although the third-party who caused the breach was not directly named, The Washington Post reported that the subject line of the emailed statement included “Perceptics.” Perceptics is a company based in Tennessee whose website boast they have been “securing our nation’s boarders for more than 30 years.” They design technology for identifying vehicles and license plates for federal and commercial use.

CBP claims they have conducted a thorough search and have not found any of the stolen information on the dark web. This does not however mean the data is impossible to use for malicious acts. President and CEO of ITRC, Eva Velazquez, sums it up in her NBC7 interview saying, “These things, they stay in perpetuity. It is not going to disintegrate. So even in this moment, if there is not a way to monetize, that does not mean 10 years from now that (stolen information) might not be more valuable.”

While CBP noted their own databases were not affected by this attack, this is not the first data breach under the Department of Homeland Security. Early last year it was reported more than 240 thousand employee records were exposed by a former employee.

ITRC continues to monitor the trend of cybercriminals targeting large third-party versus smaller first party databases. Four million records were exposed in 2018 because of focused cybercrime efforts on vendor security. By targeting popular third-party vendors that work with multiple companies, criminals can collect even more personal identifying information in one attack.


You might also like…

Imposter Scams Were the Most Reported Complaint in 2018

In New Scam, Criminals Pose as Government Pretending to Help With Identity Theft

Study Explores Non-Economic Negative Impacts Caused by ID Theft 

 

In one of the most ironic twists to come along in identity theft-based crime, there is a new scam attempt making the rounds, one that works so well because it tries to protect you from – you guessed it – identity theft. According to one victim’s story, criminals posed as members of government agencies and pretended that the victim’s identity had been stolen and asked him to cooperate in resolving this issue.

It started with a call from a scammer claiming to be from the Social Security Administration (SSA). “Your Social Security number has been used to rent a car,” the scammer said. That seems fairly straightforward and basic. The catch, though, is that the agent eventually transferred the call to someone pretending to be a Border Patrol agent who said the car had been recovered at the border and that there was a large amount of illegal drugs within the vehicle.

The callers threatened the victim in a very plausible way, even admitting that the victim probably had nothing to do with this, but would spend tens of thousands of dollars in attorney’s fees clearing his name. You can read the full story, but the short version is this: before the victim got through with this three-hour ordeal, he bought thousands of dollars in Google Play gift cards, and sent photos of the card numbers and PIN numbers to the scammers. After the callers received the information and money, they vanished.

Here are some of the multiple warning signs that could have prevented this crime if the victim had only known what to look for:

  1. You cannot trust your caller ID to be a verified identity. Any name or number—even your own—can be programmed to appear on that screen.
  2. The Social Security Administration does not call citizens about these or benefits matters.
  3. The government does not call individual consumers and enlist their help in an investigation.
  4. No one will ever call you with a legitimate issue and only give you an hour to comply, so be on your guard against high-pressure tactics.
  5. You will never be told by SSA or any other government agency to buy gift cards and give them the card details.
  6. A simple Google search for the phone number and the story the callers used would have told the victim that this was a scam.

The right thing for the victim to do would have been avoiding the scam with a few simple steps. First, ask for the name and agent identification number, then hang up. Contact the SSA yourself using a verified phone number, and ask the agent about this call. You can do this for any government agency the scammer claims to be from. In fact, imposter scams were the most reported complaint in 2018 to the Federal Trade Commission.

Once you call the agency for yourself, provide the agent’s name and number, and tell them what you were told. You will immediately be informed that your information has not been compromised and this was a scam.

Finally, report the phone call to your local law enforcement agency. They can post the incident on their social media pages so that others in your community are not victimized.

Of course, the Identity Theft Resource Center is here to help. Speak to an identity theft advisor for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read more: Imposter Scams Were the Most Reported Complaint in 2018

 

For years, crimes like identity theft, scams and fraud have targeted residents in different states all across the country. Sometimes the crimes are simply based on opportunity, such as a large-scale data breach of a major company; in that case, the locations of the victims can seem to be somewhat random. Other crimes, however, have targeted residents of specific states, and the reasons for this kind of highly-specific targeting can vary.

Florida has the long-standing yet dubious honor of being one of the most targeted states over the past few years. The state has often topped the list for identity-related crimes, and 2018 was no different. The state ranked number one for fraud reports to the Federal Trade Commission (FTC), and number four for identity theft reports. These numbers are fairly typical for Florida’s ranking in those crimes.

According to different sources, there are a number of reasons why Florida might be such a hot target for criminals. These include state and local government structuring, the resort construction and tourism industries, a large retiree population and the high-density of the state’s population in numerous metro areas. Last year’s total volume of reports to the FTC was over 205,000 from Florida alone, and the average losses from that state were $400 per victim.

An article in the Sun-Sentinel explains, “Thieves and scammers apparently are attracted to Florida for a host of reasons: Its lack of state income tax means less scrutiny from state officials. Its transient population makes it easier for hit-and-run operators to blend in. Its large senior population provides a tempting target of savings and vulnerabilities. And its fast development means a lot of new money floating around.”

Of course, identity theft and fraud crimes are broad categories that encompass a lot of different forms of attack. Criminals can rely on highly-profitable but hard to trace tactics such as benefits fraud, credit card and new account fraud, account takeover and imposter scams. A report by Security.org based on the FTC’s data found that fake debt collection scams were the most commonly reported method of attack at 29 percent (approximately 71,000 reports); meanwhile, reports of identity theft and its related crimes made up another 15 percent, or 38,000 reports. There is a seemingly endless variety of ways that someone with a little bit of know-how can target someone in this way, as these findings have shown.

Fortunately, a lot of the ways that criminals target Florida residents—which truthfully, can all be a threat no matter where you live—can often be thwarted by developing an air of caution. Ignoring requests for your private sensitive information, for example, and refusing to make payments over the phone or via email can head off a lot of these attacks. Securing your accounts with strong, unique passwords can also help, along with changing those passwords frequently. Finally, helping others by spreading the word about common scams and fraud attempts can help protect those around you, which can in turn help protect you.

Of course, the Identity Theft Resource Center is always here to help. If you’re a victim of identity theft or have questions about scams and other issues, speak to an identity theft advisor for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Imposter Scams Were the Most Reported Complaint in 2018

In New Scam, Criminals Pose as Government Pretending to Help With Identity Theft

Study Explores Non-Economic Negative Impacts Caused by ID Theft 

 

This is an emerging data breach incident – this information will be updated as ITRC receives more information. Last update: 06/07/19 10:30 am

Quest Diagnostics is one of the United States’ premier providers of medical testing. They are notifying customers who may be at risk because a third party vendor, American Medical Collection Agency (AMCA), was breached. AMCA reported to Quest that unauthorized users gained access to internal systems. Around 11.9 million Quest patients have potentially been affected, although the company is working to verify that number and patient risk. 200,000 payment cards been previouly found for sale on a well-known dark web market (by Gemini Advisory) and GA linked the cards to AMCA. 15% of the records included additional PII such as: DOB, SSN, and physical addresses. 

The information exposed includes Social Security numbers, financial information and medical information. Quest reported that the information breached did not include laboratory test results. 

We are investigating a data incident involving an unauthorized user accessing the American Medical Collection Agency system,” reads a written statement attributed to the AMCA. “Upon receiving information from a security compliance firm that works with credit card companies of a possible security compromise, we conducted an internal review, and then took down our web payments page.”

“We hired a third-party external forensics firm to investigate any potential security breach in our systems, migrated our web payments portal services to a third-party vendor, and retained additional experts to advise on, and implement, steps to increase our systems’ security. We have also advised law enforcement of this incident. We remain committed to our system’s security, data privacy, and the protection of personal information.”

Quest also noted that since being notified of the breach, the company has stopped new requests to AMCA and are working to notify patients affected in accordance with the law. AMCA is in the process of sending notices to approximately 200,000 LabCorp consumers whose credit card data or bank account information may have been accessed. These individuals have been offered 2 years of credit monitoring and identity theft protection services. 

AMCA provides billing collections services to a company called Optum360, whom is a contractor with Quest Diagnostics. Quest Diagnostics is the only company to make a public notification of being affected by the breach, but there is a chance other companies who work with AMCA could also be associated. The trend of third-party breaches is on the rise as hackers target large databases of vendors who work with sensitive information.

Breach Clarity – the new tool developed to help consumers make sense of their risk when it comes to data breach – can help victims of this breach understand their risk of additional exposure. The tool updates its risk score as new, more detailed information is made publicly available. Breach Clarity will guide consumers on their best course of action given the current information – please check it regularly to understand the updated risk assessment and minimization plans.

While patients are waiting to be notified they were affected, those who think they might be victims can start taking steps to minimize their risk. Financial identity theft and medical identity theft could both be a cause of the breach. You can find resources for financial and medical identity theft in our knowledge center. If you have additional questions regarding data breach, our expert advisors are available to help. Call us toll-free at 888.400.5530 or LiveChat with us. 

For Media Inquiries

About the Identity Theft Resource Center®

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nationally recognized non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft, data breaches, cybersecurity, scams/fraud, and privacy issues. Through public and private support, ITRC provides no-cost victim assistance and consumer education through its call center, website, social media channels, live chat feature and ID Theft Help app. For more information, visit: https://www.idtheftcenter.org

Contact: Charity Lacey, VP of Communications

Email: media@idtheftcenter.org

More media resources here


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read more: First American Financial Breach Exposes Millions of Complete Identities