• When the Identity Theft Resource Center (ITRC) was founded nearly 22 years ago, the root cause of most data breaches and data crimes involved paper. Now, it is far and away cyberattacks.
  • Phishing is the number one attack vector that leads to data breaches, ransomware second and malware third.
  • However, there are ways to protect yourself from cyberattacks. Back up your information, update your software, use strong and unique passphrases, and collect and maintain less information.
  • To learn about recent data breaches, consumers and businesses should visit the ITRC’s data breach tracking tool, notified. 
  • If you believe you are the victim of an identity crime, data breach or want to learn more ways to protect yourself from cyberattacks, contact the ITRC. Call toll-free at 888.400.5530 or live-chat on the company website www.idtheftcenter.org.

The Crimes, They Are Changing

Welcome to the Identity Theft Resource Center’s (ITRC’s)Weekly Breach Breakdown for October 15, 2021. Our podcast is possible thanks to support from Experian. Each week, we look at the most recent events and trends related to data security and privacy. We also use a lot of literary references – especially Shakespeare. Today, though, we turn to a different classic for inspiration – Bob Dylan – in honor of Cybersecurity Awareness Month. October is the time each year when you focus on ways to protect yourself from cyberattacks and other identity crimes. That’s why we’re calling today’s episode: The crimes, they are changing.

The Rise in Digital Data Theft

When the ITRC was founded nearly 22 years ago, the root cause of most data breaches and data crimes involved paper. Digital data theft didn’t arrive until the mid-2000s. Even then, it was usually because someone’s laptop or external hard drive was stolen.

Not so today. Physical attacks and human errors were once the leading cause of data compromises. Today it is far and away cyberattacks. In fact, cyberattacks are so common that the number of data breaches and exposures associated with them so far this year exceeds all forms of data compromises in 2020.

Phishing is the leading attack vector that leads to data breaches. The login and password credentials stolen in these email, text and website-related attacks are often used by cybercriminals to access company networks and databases held hostage in a ransomware assault – the second most common cause of data compromises.

Malware is the third leading cause of identity-related data breaches. It is often used to exploit software flaws or penetrate networks as part of a ransomware attack or just good old-fashioned data theft. Caught in the cross-hairs of all these cyberattacks are consumers – people whose data is held in trust by organizations that are the targets of cybercriminals.

The ITRC to Release Inaugural Business Aftermath Report

We often think of data breaches and ransomware only impacting big businesses whose names we recognize. However, later this month, the ITRC will issue a new report on the impact of identity crimes on small businesses and solopreneurs – the tens of millions of companies with zero or just a handful of employees. Without giving away too much right now, the research shows more than half of all small businesses have experienced one or more data breaches, security breaches or both.

Use Good Cyber-Hygiene Habits to Protect Yourself

What are some ways to protect yourself from cyberattacks both at work and at home?  The actions must be the same. Regular listeners already know the basics of a good cyber defense. Make good back-ups of your information, update or patch your software as fast as possible, and practice good password hygiene. Do not use the same password at work and at home. Each account gets a unique, 12+ character password.

There are two additional ways to protect yourself from cyberattacks you should consider:

  1. Collect and maintain less information. If you are a business, get rid of the personal data you no longer need once you complete a transaction. The same is true for consumers. Don’t keep sensitive information you no longer need. Cyberthieves can’t steal what you don’t have.
  2.  If you are a business leader, train your teams like you’re voting in Chicago – early and often. If you’re a consumer, you can use some routine training, too. Why is this important? Cybercriminals are constantly improving their attack methods and inventing new ones. We need to make sure we know what to do to stay safe from identity scams and cyber risks, and that takes training and education.

Contact the ITRC

If you think you have been the victim of an identity crime or a data breach and need help figuring out what to do next, you can speak with an expert advisor on the phone (888.400.5530), live on the web or exchange emails during our normal business hours. Just visit www.idtheftcenter.org.

Thanks again to Experian for supporting the ITRC and this podcast. Be sure to join us next week for our sister podcast, The Fraudian Slip, when we talk more about cyber education with Zarmeena Waseem of the National Cybersecurity Alliance and our very own ITRC CEO, Eva Velasquez. We will be back in two weeks with another episode of the Weekly Breach Breakdown.

  • The trendline continues to point to a record-breaking year for data compromises.  Phishing is far and away the primary way criminals attack businesses & individuals. 
  • To learn about recent data breaches, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC) data breach tracking tool, notified.  
  • If you believe you are the victim of an identity crime or a data breach, contact the ITRC. Call toll-free at 888.400.5530 or live-chat on the company website www.idtheftcenter.org.   

The ITRC Goes to Washington 

Welcome to the Identity Theft Resource Center’s (ITRC’s)Weekly Breach Breakdown for October 8th, 2021. Our podcast is possible thanks to support from Experian. Each week we look at the most recent events and trends related to data security and privacy. This week we’re going to look at the data breach trends for the third quarter of 2021 and we’re going to talk about a congressional hearing this week. That’s why we’re calling this episode – The ITRC Goes to Washington. Listen to the full episode on your preferred podcast platform.

On Wednesday, the U.S. Senate Committee on Commerce, Science, & Transportation met to hear from a panel of experts on how to enhance data privacy & security. The ITRC was invited to share the latest data breach trends and offer suggestions on how to reduce the cyberattacks that lead to data breaches that ultimately may lead to an identity crime. 

2021 Data Breach Trends & Q3 Analysis 

Committee Chair Maria Cantwell of Washington started the hearing by sharing the latest stats on data breaches, pulled directly from the ITRC’s Q3 Data Breach Analysis that had been issued just about two hours earlier. And here’s what the report concluded: 

• The number of data compromises publicly-reported this year have already exceeded the total number of events in 2021 by 17 percent.  

• The trendline continues to point to a record-breaking year for data compromises. We are only 238 data events away from the all-time high set in 2017. It’s highly likely we will see a new high-water mark between a combined 1700 to 1800 data breaches, data exposures, and data leaks compared to 15.  

• The number of victims increased in Q3 by ~160M individuals. That’s more than all victims in Q1 & Q2 combined. That’s a huge jump and it means a lot of people are at risk of an identity crime, but about 100M of those people are victims of a data exposure related to 20 organizations that did not secure their cloud databases.  Those are lower-risk events since the data had not been copied or removed from the database where it was stored. 

Phishing is far and away the primary way criminals attack businesses & individuals. Ransomware is so pervasive, though, that the total number of data breaches related to a ransomware attack against an organization so far this year exceeds the total number of ALL types of data compromises last year. 

• There is a disturbing trend developing where organizations and state agencies are not sharing specifics about data compromises or reporting them on a timely basis. One state has not posted a data breach notice in the past 12 months.  

• There is some good news in the latest data breach numbers: There have been no publicly reported data compromises in 2021 attributed to payment card skimming devices. If this trend continues, this will be the first year since chip & PIN payment cards were first introduced where they have been no reported data breaches caused by skimmers.  

3 Actions To Address Identity Crimes

The Senate also asked the ITRC for recommendations on how to address the interrelated issues of cyberattacks, data breaches, and identity crimes. We offered three actions that we believe will be helpful: 

• Better cybersecurity standards and practices that are enforceable 

• Better enforcement of laws and regulations 

• And, a better victim notification system  

We also suggested there also needs to be discussion around how to better support victims of identity crimes. 

October is Cybersecurity Awareness Month 

It’s Cybersecurity Awareness Month and the ITRC encourages you to take this time to learn how to protect yourself, your family, and friends from cyber and identity criminals. You’ll find a wealth of information on our website – idtheftcenter.org. Later this month we’ll release our first report on what happens to small businesses and solopreneurs when they suffer a cyber or identity crime. And in November, the ITRC will unveil a new website with new tools and ways to communicate with or team of identity advisors. 

On October 27, we’ll issue our very first Business Aftermath Report. As a companion to our longtime report on the impact of identity crimes on consumers, the Business Aftermath Report will look at what happens to small businesses and solopreneurs after a security breach, a data breach or both.  

Contact the ITRC 

If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an ITRC expert advisor on the phone (888.400.5530), chat live on the web or exchange emails during our normal business hours (6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.  

Thanks again to Experian for supporting the ITRC and this podcast. Be sure to join us next week for another episode of the Weekly Breach Breakdown. 

The number of data breach victims dramatically increased in Q3 2021 due to a series of data exposures during the quarter 

SAN DIEGO, October 6, 2021 – Today, the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, released its U.S. data breach findings for the third quarter (Q3) of 2021. According to the data breach analysis, the number of data breaches publicly-reported in the U.S. decreased nine (9) percent in Q3 2021 (446 breaches) compared to Q2 2021 (491 breaches). However, the number of data breaches through September 30, 2021 has exceeded the total number of events in Full-Year (FY) 2020 by 17 percent (1,291 breaches in 2021 compared to 1,108 breaches in 2020). The trendline continues to point to a record-breaking year for data compromises (the all-time high of 1,529 breaches was set in 2017). 

For Q3 2021, the number of data compromise victims (160 million) is higher than Q1 and Q2 2021 combined (121 million). The dramatic rise in victims is primarily due to a series of unsecured cloud databases, not data breaches. Also, the total number of cyberattack-related data compromises year-to-date (YTD) is up 27 percent compared to FY 2020. Phishing and Ransomware continue to be, far and away, the primary attack vectors. 

Download the ITRC’s 2021 Q3 Data Breach Analysis and Key Takeaways 

“While the total number of data breaches dropped slightly in Q3, we are only 238 data breaches away from tying the all-time record for data compromises in a single year,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “It’s also interesting to note that the 1,111 data breaches from cyberattacks so far this year exceeds the total number of data compromises from all causes in 2020. Everyone needs to continue to practice good cyber-hygiene to protect themselves and their loved ones as these crimes continue to increase.” 

Other findings in the analysis include: 

  • There have been no publicly-reported data breaches to date in 2021 attributed to payment card skimming services.  
  • Some organizations and state agencies are not including specifics about data compromises or reporting them on a timely basis. One state has not posted a data breach notice since September 2020. 

Enhancing Data Security – U.S. Senate Committee Hearing – Oct. 6, 2021

The ITRC will testify before the U.S. Senate Committee on Commerce, Science & Transportation today to present the findings from our Q3 Data Breach Analysis. Watch the hearing on enhancing data security live at 10 a.m. EST/7 a.m. PST.  ITRC COO, James E. Lee, issued a written statement for the record as part of a hearing with the U.S. Senate Committee. 

For more information about recent data breaches, or the increase in the number of data breaches discussed in the latest trend analysis, consumers and businesses should visit the ITRC’s data breach tracking tool, notified.    

Anyone can receive free support and guidance from a knowledgeable live-advisor by calling 888.400.5530 or visiting  www.idtheftcenter.org to live-chat.   

About the Identity Theft Resource Center  

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a national nonprofit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org and toll-free phone number 888.400.5530. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified. The ITRC offers help to specific populations, including the deaf/hard of hearing and blind/low vision communities.  

Media Contact     

Identity Theft Resource Center     
Alex Achten     
Head of Earned & Owned Media Relations      
888.400.5530 Ext. 3611     
media@idtheftcenter.org    

  • A new report from Intel 471 reveals that cybercriminals are going after one-time passwords, known as OTPs.
  • The attackers deceive people into giving them a one-time password or other verification codes via a mobile device, which the criminals use to steal money from the now compromised account.
  • Also, do not share personal information with anyone you do not know until you verify they are who they claim to be.
  • To learn about recent data breaches, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC) data breach tracking tool, notified
  • If you believe you are the victim of an identity crime or a data breach, contact the ITRC. Call toll-free at 888.400.5530 or live-chat on the company website www.idtheftcenter.org.  

Nice Things

Welcome to the Identity Theft Resource Center’s (ITRC’s)Weekly Breach Breakdown for October 1, 2021. Our podcast is possible thanks to support from Experian. Each week we look at the most recent events and trends related to data security and privacy. This week we dig into a troubling development that we all kind of knew was coming but maybe didn’t want to admit it. Cybercriminals are finding ways to steal those one-time passwords you send to your phone by text. 

This is why we can’t have nice things in our adult world. Every time someone comes up with a new way of protecting our personal information from the grubby little fingers of threat actors, the criminals find a new way to steal our data. That seems to be the case when it comes to two-factor authentic education, also known as multifactor authentication, or MFA.

New Report Shows Cybercriminals are Targeting One-Time Passwords

This week, a cybersecurity research team at Intel 471 issued a report that noted, “Two-factor authentication is one of the easiest ways for people to protect any online account.” Now, criminals are trying to circumvent that protection. Cyber thieves are using various tactics to gain account information, including impersonating banks and legitimate services on phone calls.

Using social engineering methods, the attackers deceive people into giving them a one-time password or other verification code via a mobile device, which the crooks then use to steal money from the now compromised account.

The criminals buy easy-to-use applications that send a potential victim a text message requesting their phone number. Once a target’s phone number has been entered into a chat message, the malicious application takes over from there. The researchers at Intel 471 found that about 80 percent of people targeted by cybercriminals will end up providing their information to threat actors, allowing them to drain the money from their accounts.

Variations on these OTP attack schemes include:

  • Specialty software that targets accounts on social media.
  • Media networks such as Facebook, Instagram and Snapchat.
  • Financial services like PayPal and Venmo.

Even an automated tool allows an attacker to make any phone call that appears to be from a specific bank.

Once a call is answered, the criminals use a script to trick potential victims into sharing information such as ATM, PINs, credit card verification codes or one-time passwords. Quoting the Intel 471 researchers again, while SMS and phone-based one-time password services are better than nothing, criminals have found ways to socially engineer their way around the safeguards. It was always a matter of time before the bad guys found a way around this layer of defense in these particular instances. The weak security link is the user who willingly gives information to someone they believe to be a legitimate representative at a company where they do business.

To Avoid an OTP Text Scam, the ITRC Advises You To

  • Always verify the legitimacy of any contact you do not initiate, whether it is a phone call, email, text message or a social media instant message.
  • Don’t share any personal information with anyone you do not personally know and trust until you verify the person contacting you is who they claim to be. Also, make sure they have a good reason for asking you for information they should already know.

Today is the first day of Cyber Security Awareness Month. The ITRC has a full list of activities planned, including participating in industry events and special guests on our sister podcast, The Fraudian Slip. We will also issue two very important reports this month. Next week, on October 6, we’ll publish our Q3 Data Breach Analysis that shows how many new data compromises were reported in the past three months and what the trends tell us.

On October 27, we’ll issue our very first Business Aftermath Report. As a companion to our longtime report on the impact of identity crimes on consumers, the Business Aftermath Report will look at what happens to small businesses and solopreneurs after a security breach, a data breach or both.

Contact the ITRC

If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an ITRC expert advisor on the phone (888.400.5530), chat live on the web or exchange emails during our normal business hours (6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started. 

Thanks again to Experian for supporting the ITRC and this podcast. We will be back next week with another episode of the Weekly Breach Breakdown.

There’s a very specific danger looming online right now, one that seeks to steal both its victims’ money and identifying information. Under the wrong circumstances, this particular threat can even land the victims in jail—romance scams.

What is a Romance Scam?

They prey on people who are lonely or feel unsuccessful at finding love. Victims of romance scams can come from every income level, educational background, gender, age, sexual identity and ethnicity. There’s no single target demographic for this crime because anyone can be tricked by a sweet talker who says exactly what they need to hear.

Unfortunately, with the commercialism of Valentine’s Day all around us, this is the time when scammers up their game. No one wants to be alone on the most romantic day of the year. It’s why it is the time when the bait is thrown out there and the nets are cast, hoping to snare a willing victim.

With that said, romance scams strike at all times of the year. According to the Federal Bureau of Investigation (FBI), people in the U.S. lost over $100 million to romance scams between January 1 and July 31 of 2021.

Different Types of Romance Scams

There are a few different ways that romance scams can manifest, including:

1. Out of towner needs money

One common approach is the social media message from a pleasant-looking person who is “intrigued” by your profile picture. You start talking and learn that this person is an offshore oil rig worker, deep-sea fisherman or even a deployed member of the military. The job is important, as it provides the excuse to be away from a computer and phone, away from their own funds for long periods of time. That way, it’s much more plausible when they need you to send money for some reason. Some reported excuses have included a new engine for the boat since the scammer claims to be stranded at sea and plane tickets home from another country when the scammer says his mother is in the hospital.

2. I want to come see you, but

Some reported romance scams have included victim stories about losing a lot of money because the other person was supposed to come to visit. When they supposedly arrived at the airport, their ticket was for the wrong flight, and they had to pay a fee. Then it was the need for a visa to enter the country. After that, it was more fees – and the game continued.

3. Money laundering romance scams

How do victims end up in criminal trouble for their part in all this? The scammer gets the victim to accept a deposit in their bank account, withdraw the money, and then turn around and wire that money to someone else. The victim is now complicit in stealing money from other victims and forwarding it to other bad guys. Just because they’re also a victim, that doesn’t erase their criminal role in the scam.

4. Crypto romance scams

Scammers trick the victims into thinking they’re investing in cryptocurrencies. They typically target victims on dating apps and other social media sites. Once the criminal gains the victim’s trust, they claim to know about cryptocurrency investment or trading opportunities that will result in substantial profits. The scammer directs the victim to a fraudulent website for an investment opportunity. Once they trick the victim into investing on the platform, they can withdraw a small amount of money to further gain the victim’s trust.

The FBI says after a successful withdrawal, the scammer tells the victim to invest larger amounts of money. When the victim is ready to withdraw more funds, the scammers create reasons why it cannot happen, enticing the victim to provide additional funds. Sometimes a customer service group gets involved, which is also part of the scam. When victims can no longer withdraw any money, scammers typically stop communicating.

What You Can Do to Stay Safe

The internet is filled with authentic opportunities to meet someone special. However, it’s also a breeding ground for scammers. By using reputable dating sites, you might avoid a lot of heartaches. However, the companies who run the sites cannot vet every single profile or message for authenticity. At the same time, social media has made it all too easy for criminals to contact victims with sincere-sounding promises in hopes they will fall for a romance scam.

It’s vital to adopt an air of caution about anyone you meet online to safeguard your heart and your money. A good rule of thumb is this: if you wouldn’t fall for it in person, don’t fall for it online. If the offer seems too good to be true, it probably is. Anyone who declares undying love too early in the relationship or asks for over-the-top favors too soon should not be trusted. If the person’s background story is a little too shady or falls into the stereotype of the romance scammer, be careful. Most of all, keep your personal information and your money close, and don’t be quick to share either one. Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530 or via live-chat on our website www.idtheftcenter.org.  

The post was originally published on 2/11/18 and was updated on 9/28/21

  • While the evolution of passwords has been happening for years, Microsoft is taking things a step further by allowing users to go passwordless.  
  • Now, instead of entering a password, you can sign in to your Microsoft accounts using the Microsoft Authenticator app, Windows Hello biometric access tool, a security key, or a verification code sent by text message or email. 
  • While the Identity Theft Resource Center (ITRC) expects this trend to continue, we recommend people wait a little bit longer before going with no passwords.  
  • The ITRC believes fewer passwords is a good thing. However, going passwordless on one account or a series of accounts is more likely to lead to a false sense of security for those accounts that still require traditional passcodes. 
  • To learn about recent data breaches, consumers and businesses should visit the ITRC’s data breach tracking tool, notified.  
  • If you believe you are the victim of an identity crime or a data breach, contact the ITRC. Call toll-free at 888.400.5530 or live-chat on the company website www.idtheftcenter.org.   

A Password by Any Other Name 

Welcome to the Identity Theft Resource Center’s (ITRC’s)Weekly Breach Breakdown for September 24, 2021. Our podcast is possible thanks to support from Experian. Each week we look at the most recent events and trends related to data security and privacy. This week we revisit a favorite topic that’s been in the news lately – passwords and a passwordless future.  

In Shakespeare’s Romeo & Juliet, our tragic heroine claims she would love her beau no matter who he was by saying, “A rose by any other name would smell as sweet.”  The same cannot be said in our modern times of something with which we all have a love-hate relationship: the password. 

The Evolution of Passwords 

Designed to keep our innermost secrets and personal information safe from prying eyes, passwords have become the holy grail for identity thieves. More valuable than a Social Security number, more sought after than a credit card number.  

Passwords started as simple six or seven-letter codes and have grown into a jumble of letters, symbols and numbers that can span up to 32 characters. For decades, Password123 has been the most popular password in the world until being passed over by Password123456. 

Microsoft Transitions Towards World with No Passwords 

Now comes news that Microsoft has started down the passwordless path, killing passwords as we know them. You can now remove passwords from your Microsoft accounts to embrace a world with no passwords. However, like in Star Trek: The Undiscovered Country, “just because you can do a thing does not mean you must do that thing.”  

Microsoft has been working toward a passwordless future for years. In fact, nearly 100 percent of Microsoft employees have no passwords. Since Microsoft rolled out passwordless authentication for commercial users in March, more than 200 million people worldwide have switched to one of the alternate ways of logging in.  

Users Can Now Use Different Tools to Sign in to Their Accounts  

Now, instead of entering a password, you can sign in to your Microsoft accounts using the Microsoft Authenticator app, Windows Hello biometric access tool, a security key, or a verification code sent by text message or email.  

Should You Go Passwordless? 

For most people, the answer is not yet. Make no mistake, reducing the use of passwords is a very good thing. Cybersecurity researchers estimate there are more than 575 password attacks every second – that’s 18 billion attacks in a year. However, having no passwords on one account or a series of accounts is more likely to lead to a false sense of security for those accounts that still require traditional passcodes.  

Unless you are extremely tech-savvy and very comfortable with a multi-layered cyber security scheme, the ITRC recommends you follow this trend, not lead it. With that said, if you do want to jump into the deep end of the passwordless pool, Microsoft has made it relatively easy to do – and undo later if you change your mind. First: 

  1. Download the Microsoft Authenticator mobile app to your phone and link it to your personal Microsoft Account. Then; 
  1. Visit account.microsoft.com and choose advanced security options. Finally; 
  1. Enable passwordless accounts and approve the change from your Authenticator app. You now have no passwords when it comes to Microsoft.  

Once you have linked your accounts to the Authenticator app, you will be asked to enter a PIN or a time-based code to unlock your account each time you log in.  

If you go passwordless using the Microsoft Authenticator app, your mobile device will be an even more vital part of your daily routine. Be extra careful not to lose your phone and keep it locked in case it’s stolen. That way, thieves can’t easily access your personal information stored on the phone. 

For non-Microsoft users, Google and Apple are also working on technology that will allow you to eliminate or reduce the use of passwords. 

Contact the ITRC 

If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an ITRC expert advisor on the phone (888.400.5530), chat live on the web or exchange emails during our normal business hours (6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.  

Thanks again to Experian for supporting the ITRC and this podcast. Check out our latest episode from our sister podcast, The Fraudian Slip, where we talk about credit freezes with the founder of Frozen Pii. We will be back next week with another episode of the Weekly Breach Breakdown.  

Frozen Pii talks with the ITRC in the newest Fraudian Slip podcast about credit freezes, one of the most important tools in fighting identity crimes 

  • In 2002 California passed the first state law requiring the three credit bureaus to allow people to freeze their credit so no one else could access it. There used to be fees to freeze and thaw your credit. However, it is now free for everyone.  
  • Despite it being free, more than two-thirds of Americans do not take advantage of one of the most powerful weapons to fight identity crimes. Why? Also, why should you freeze your credit? 
  • The Identity Theft Resource Center (ITRC) sat down with Frozen Pii to discuss new ITRC data on credit freezes, the importance of freezing your credit, how it protects you and why people don’t freeze their credit. 
  • You can learn more about credit freezes and other topics discussed in this podcast, as well as how to protect yourself from identity crimes, by visiting the ITRC’s website www.idtheftcenter.org.  
  • If you think you are the victim of an identity crime, you can call the ITRC (888.400.5530) or live-chat on the company website to speak with an expert advisor. You can freeze your credit by visiting www.frozenpii.org.  

Below is a transcript of our podcast with special guest Tom O’Malley, former federal prosecutor and Founder of Frozen Pii 

Welcome to The Fraudian Slip, the Identity Theft Resource Center’s (ITRC) podcast, where we talk about all-things identity compromise, crime and fraud that impact people and businesses. Listen on Apple, Google, Spotify, SoundCloud, Audible, Amazon or Podsite now.  

Why should you freeze your credit? This month, September, we look at one of the most powerful weapons we have in the fight against identity crimes (one of the most under-utilized tools in our arsenal) and why it’s so important. We are talking about credit freezes.  

In 2002 California passed the first state law requiring the three primary credit bureaus – Equifax, Experian and TransUnion – to allow consumers to “freeze” access to their credit reports so no one could open a new account without the person’s knowledge or permission. Eventually, all state’s adopted credit freeze laws.  

In the beginning, there were fees attached to freezing, thawing and re-freezing your credit, which took several days. In fact, 20 percent of Americans spent an estimated $1.4 billion on credit freezes in 2018 before Congress stepped in to require the credit bureaus to make freezing and thawing your credit free of charge.   

Today, what once took days now takes minutes, and no fees are involved. Yet, more than two-thirds of Americans do not take advantage of this tool to keep their credit and identity information safe and secure, according to new ITRC research. Why? Also, why should you freeze your credit? 

Helping us explore the conundrum of credit freezes is the ITRC’s CEO Eva Velasquez and Tom O’Malley, a former federal prosecutor who has taken his experience as a victim of identity theft and turned it into Frozen Pii, a service devoted to making it easy to protect yourself with a credit freeze.  

We talked with Tom O’Malley about the following: 

  • His personal story of identity theft and his idea for Frozen Pii. 
  • How credit freezes protect consumers and why people don’t freeze their credit. 
  • Why should you freeze your credit? 
  • New ITRC data about credit freezes. 
  • The ITRC’s partnership with Frozen Pii, beginning in October. 

We talked with Eva Velasquez about the following: 

  • The history of credit freezes and consumer attitudes. 
  • Why should you freeze your credit? 
  • New ITRC data about credit freezes. 
  • The ITRC’s partnership with Frozen Pii, beginning in October. 

You can learn more about how to protect your personal privacy, as well as get help if you have been the victim of an identity crime by visiting the ITRC’s website www.idtheftcenter.org. While you are there, sign up for our emails that alert you to the latest scams, monthly data breach updates and tips to protect your identity. You can freeze your credit by visiting www.frozenpii.org. Beginning in late October, you will be able to access Frozen Pii directly through the ITRC website.  

Be sure and join us next week for our Weekly Breach Breakdown podcast and next month for another episode of The Fraudian Slip