and two that changed how we should perceive our data…

Since 1999, the Identity Theft Resource Center has been hard at work empowering identity theft victims with the resources and tools to resolve their cases, as well as helping people proactively reduce their risk of becoming a victim of identity theft. One of the most common ways consumers have their information misappropriated is through data breaches. Since 2005, we have recorded over 10,000 publicly notified breaches. Let’s look at the top three major data breaches with the biggest impact to consumers based on our new risk assessment tool, Breach Clarity, developed in partnership with Futurion and its creator Jim Van Dyke.

Based on ITRC’s database of data breach notifications and Breach Clarity’s proprietary processing, Van Dyke says consumers can be better educated on the significance of which breaches rank as the all-time riskiest to the individual consumer in terms of both size and scope.   The new tool includes the potential impact on the affected individual identity-holder, what types of identity theft could occur based on the records exposed and what steps that person needs to take to minimize his/her risk. Here is a look at the top five major data breaches that impacted individuals in the United States:

The U.S. Office of Personal Management

In June 2015, The U.S. Office of Personal Management (OPM) was the target of two separate hacking events exposing background investigation records of 21.5 million Federal government employees and contractors. Some of the information impacted was Social Security numbers (SSN), fingerprint data and security clearance information. Additionally, it also exposed PII of dependents including SSNs, date of birth and other information.

OPM was one of most significant major data breaches in memory, with it ranking a ten in severity on Breach Clarity. Van Dyke says it created a risk through the exposure of security clearance and biometric data for those working in service of our country.

Equifax

Credit reporting agency, Equifax, experienced a hack in 2017 that exposed 146.6 million U.S. consumer’s personal information. “Equifax has been regarded by many to be the worst of all data breaches because this hack generally exposed Social Security numbers for a massive amount of individuals,” Van Dyke said. The information exposed included names, birthdays, SSNs, addresses, phone numbers, Driver’s License numbers, email addresses, payment card information and Tax ID numbers.

While this major data breach ranked ten in severity and exposed so much information, it is not among the worst in terms of per-victim impact. As we learn more about the settlement process <link> for this breach, each individual consumer will need to assess the impact based on their circumstances.

Anthem, Inc.

In 2015 Anthem, Inc. had a major data breach, exposing nearly 79 million sensitive records. Van Dyke says it created a dangerous risk, receiving an overall risk level of eight. Breach Clarity shows that it created a unique pattern of risk that included new financial account creation and tax refund fraud.

There were two other breaches that really changed how consumers viewed their data and how companies should secure it. No two breaches have the same impact, but Facebook and Yahoo brought the spotlight on how companies could manage their users’ data security better. It also reminded users that they are ultimately responsible for the information that is being housed in any particular platform. When all else fails, don’t share it if you don’t want it to be potentially exposed publicly.

Facebook

In 2018, hackers were able to tap into the ever-popular social media landscape stealing account access tokens from Facebook and then using them to access user names, contact details and profile information like usernames, birthdays and device types used to access to access additional information.

“The Facebook breach represents a particularly unique type of breach,” Van Dyke said. “It represents behavioral data that victims may not be prepared to respond to. It is unlikely that even a social media behemoth like Facebook will earn a top risk score in Breach Clarity, yet again we need to continue understanding how personal relationships and behavioral data increase risk of a variety of crimes.”

The security hack affected 50 million accounts and led to tokens being stolen from 30 million of them, resulting in the major data breach getting a risk score of five on Breach Clarity.

Yahoo

After experiencing a major data breach affecting 500 million users in September 2016, Yahoo announced a second breach just months later in December that affected more than one billion user accounts. “Yahoo was one of the biggest data breaches ever,” Van Dyke said. “Both in sheer number of victims and the duration of exposure during which criminals had access to private data.”

An unauthorized third party stole information like names, email addresses, phone numbers, birthdays, passwords and security questions and answers from users. Van Dyke says users who emailed private documents like tax returns may be at particular risk because criminals may have also had access to personal email records. He says Breach Clarity cannot predict all of the possible identity theft and fraud risks because of the varying nature of private data exposed while the criminals had access. This particular major data breach received a risk score of four.

Also, you can use Breach Clarity to see the actionable steps you can take after a data breach. If you think you might have identity theft, speak to one of our advisors for free assistance at 888.400.5530.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

How to File an Equifax Claim for Data Breach Settlement

Should You Consider Credit Monitoring Services as Part of a Breach? 

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

 

If you are one of the millions of consumers who use a voice-activated assistant in your home or through your smartphone, your personal data and activity may become more secure due to new data privacy regulations like the European Union’s GDPR and recent privacy-related legislation. Virtual assistants and chatbot tools will now have to tighten up their security to protect your information.

Siri, Alexa and Google Home are just a handful of the artificial intelligence tools that interact with live people every day. We rely on these devices for everything from looking up a phone number or a favorite song to controlling the utilities that power our homes. Because of that, they are fertile ground for hackers who are looking for private information or who seek to get a picture of our day-to-day activities. The amount of use they get is another reason AI data privacy is so important.

Even if you do not own or use a voice-activated virtual assistant, you have probably interacted with a chatbot online. You may not even know it. These tools use artificial intelligence to provide customer support for businesses. You may have visited a retailer’s website and found a “live chat” button to click or had a pop-up box open with the words, “Hi! How can I help you today?” on the screen. While some businesses still use human customer service reps to provide support, a growing number of companies are already relying on computers to carry on the conversation and solve any problems.

Some experts are already at work helping developers create privacy-compliant AI tools that still have enough room to be useful. If your virtual assistant cannot store your shopping or search history, for example, how will it help you find that great brand of coffee you tried? How will it know what songs or movies to recommend when you tell it to play something “upbeat?” This kind of data collection is what makes AI-driven tools useful and easy to operate, rather than forcing human users to repeat themselves with every interaction.

The first step for developers is to draft a clear policy on what information is collected from users. From there, it is important to store it securely for data privacy. Some states are already requiring chatbots to disclose that they are not actual people and to request permission to record or save the chat conversation. It is a good idea for businesses in every state to start working in that direction since these data privacy laws are already being put in place. On a more personal note, it is important that companies develop AI tools that incorporate the ability to respond accordingly if a minor initiates the interaction. This can prevent a toddler from renting a movie on Amazon or a teenager from asking for critical medical advice from a robot.

The most important step is to remember that technology and innovation are fluid. There is no such thing as a one-and-done law or regulation where privacy and tech intersect. Any data privacy policies or upgrades, especially where AI and chatbots are concerned, must be revisited frequently to ensure they are still complying with the law and protecting the public.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Is Deepfake the Next Step in Cybercrime?

Things to Consider When Using VPN

Shutterbugs Beware! DSLR Ransomware Attack Targets Digital Cameras 

 

As cybercrimes go, ransomware might be one of the nastiest, which is why lots of attention is being brought to recent DSLR ransomware attacks. Using one of several different avenues of attack, a hacker infects a piece of technology with harmful software that locks up the device. The only way to unlock it and restore access is to pay the hacker’s ransom. What makes it so terrible is that it works. Too often, the victim pays the ransom in order to avoid the inconvenience and expense of losing control over their files and devices.

There are many great reasons to own a fancy digital camera, namely that photographers can take great pictures no matter how skilled or novice the user may be. Some of the newer ones are even easier to operate and enjoy than older digital cameras because the pictures can be sent to your computer, emailed to a friend or relative or uploaded to a print service over Wi-Fi without the need to download them with a cable. Just like you can text a friend a picture that you took with your phone, the newer, more capable digital cameras can transmit pictures.

However, that capability is where the vulnerability lies. Security researchers have uncovered malicious software that can be sent to your camera as part of a recent DSLR ransomware attack, such as over free hotel or airport Wi-Fi at a popular tourist spot. Once there, the hackers just have to alert you that all of your photos have been encrypted. The only way to unlock them is to pay the significant ransom.

There is an easy fix to prevent a DSLR ransomware attack, but you have to be aware of the threat first. If your camera allows, simply turn off the Wi-Fi in order to prevent it from accidentally connecting over these suspicious Wi-Fi options. As an added bonus, turning off the Wi-Fi in the camera’s settings except when you are actively using it to transmit your photos will save your battery life while you are using the camera.

It is worth noting that researchers were also able to encrypt someone else’s photos if they had already infected the user’s laptop. If you are plugging in your camera with a USB cable but a hacker has already infected your computer, they can still lock up your photos. Make sure your antivirus software is installed and up-to-date to avoid that threat in a DSLR ransomware attack. Also, camera manufacturers should now be working on security patches that block this vulnerability. That makes it just that much more important to download any software updates that they issue for your devices.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Is Deepfake the Next Step in Cybercrime?

Things to Consider When Using VPN

New Tool Helps Consumers Make Sense of Data Breaches

Consumers have a new law in New York to thank for providing additional protection from identity theft and data breaches. The law, which was passed by the state legislature in June in response to the rash of record-breaking data breaches and updated regulations, spells out how companies must respond when a breach event occurs.

The new law in New York even applies to businesses outside of the state. If the victims of the breach are New Yorkers, the company must comply with the steps outlined in the law no matter where they are located. This can have a domino effect of sorts since disclosing the breach to those residents can help make consumers in other states aware that a breach has occurred, even if they are not going to be receiving notification letters due to their locations.

Moreover, the SHIELD Act in New York will cover biometric data, not just personal identifiable information like Social Security numbers or usernames and passwords. If a company gathers and stores things like fingerprints or blood type, that information is now considered worthy of triggering a data breach notification. In the past, different states have had different rules on what requires a notification letter, and until now, biometric data was not included in New York.

Further, the SHIELD Act will require companies to inform victims as quickly as possible that their information was compromised. If there are more than 500 victims from New York the company is also required to inform the state’s Attorney General’s office. It also outlines which types of information require a notification letter, such as email addresses and passwords, birthdates and SSNs.

The SHIELD Act signed last week by Governor Cuomo, goes into effect in March 2020. It is based on a lot of consumer protection concepts that were put into place in Europe under the GDPR regulations that were enacted last year. The new law in New York was also inspired in part by the Equifax data breach from a year ago, an event in which 147 million consumers had their complete identities stolen by hackers.

For its part, Equifax has now launched its claims website for consumers to find out instantly if their information has been compromised. If it has, the steps for filing a claim and seeking compensation are included on the site. The claims site can be found at EquifaxBreachSettlement.com.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

How to File an Equifax Claim for Data Breach Settlement

How To: Place a Free Credit Freeze

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

 

On Wednesday, July 24, 2019, people could begin filing Equifax claims for the recent data breach settlement, which included filing an Equifax breach settlement claim for a minor. In 2017, Equifax, one of the three largest credit reporting agencies in the world, announced they suffered a data breach. More than 148 million consumers’ identities had been stolen. A settlement was reached in the class-action lawsuit filed with a federal court. As a result, Equifax launched its claims process to help anyone who may have been a victim, including minors.

If you were a minor affected by the Equifax breach settlement but are now over 18-years-old, you must file your own claim and can do it online.

If the minor is still under 18-years old, a parent or legal guardian can make a claim for Credit Monitoring Services on the child’s behalf. However, it must be filed manually and sent out via direct mail. If you file an Equifax breach settlement claim for a minor, you must provide documentation to prove you are the parent or legal guardian of that minor.

Credit Monitoring Services will allow parents to receive alerts when certain personal data appears on suspicious websites, alerts when the Social Security number is associated with new names or addresses or the creation of a consumer report at one or more of the three nationwide Consumer Reporting Agencies. Finally, the minor will receive Identity Restoration Services if their identity is compromised.

The parent or legal guardian can elect to enroll the minor in one-bureau credit monitoring services provided by Equifax that would begin after the Credit Monitoring Services expire for a period of up to 14 years. According to the Equifax breach settlement page, a minor can receive monitoring services as follows: alerts when data elements like Social Security number submitted for monitoring appear on suspicious websites, including underground websites, a file is created, locked, and then monitored and for minors with an Equifax credit file, their credit file is locked and then monitored. The Experian Credit Monitoring Services and the optional one-bureau credit monitoring provided by Equifax together will cover 18 years.

The parent or legal guardian filing an Equifax breach settlement claim for a minor must opt for the minor to receive the one-bureau services when submitting a claim for the Credit Monitoring Services, and the parent or legal guardian will be sent instructions for how to enroll in the one-bureau monitoring before the Credit Monitoring Services expire. The cost of these services will be paid separately by Equifax, not out of the Consumer Restitution Fund.

Before finding out what support your minor may be eligible for while filing an Equifax breach settlement claim for a minor, it is important to know whether or not their information was affected. The website for consumers concerned about the Equifax data breach settlement has a button that will provide that information for you.

Enter your minor’s last name and the last six digits of their Social Security number, and the site will tell you whether or not their data was compromised.

If you discover that your minor’s personal identifiable information (PII) was compromised, your next step is to choose whether or not to participate in the class action suit. Your minor may be eligible for credit monitoring, identity restoration if their information was fraudulently used and a partial refund if they had already been an Equifax credit monitoring customer.

If you decide to file an Equifax breach settlement claim for a minor, you must do so by January 22, 2020. If you wish to state that your minor is not participating, the deadline is November 19, 2019.

The Identity Theft Resource Center recommends you consider all of your minor’s personal circumstances and how the breach and any subsequent identity crime issues impacted your minor before submitting a claim. While the process of recovering after an identity theft incident is costly in time, personal impacts and financial ramifications, filing without thinking through all the possibilities or having all the supporting documentation could short-change your minor’s identity hygiene in the long-run. Potential issues that may arise could include the inability to get financial aid for college, approval for a first apartment or being able to get a loan for a first car.

After determining what kind of Equifax breach claim you need to file for your minor, you can either claim free credit monitoring for up to ten years or a cash payment of $125 if you already have credit monitoring that includes the minor’s social security number – such as a family credit monitoring service.

While filing an Equifax breach settlement claim for a minor, it is important to organize your minor’s case with dated notes, receipts and a summary. The free ID Theft Help App provides an electronic case log feature to track the details of the case.

Depending on the state you live in, credit freezes were not free to all American consumers prior to September 2018. If you decided to pay to freeze your minor’s credit prior to 2018, you could be reimbursed those expenses. NOTE: if you want to submit a credit freeze for a minor now, it must also be done manually. It cannot be done online.

Due to the breach occurring in May 2017, your minor could be reimbursed for costs, expenses or losses due to identity theft even though the breach was announced in September 2017.

Your minor is eligible for identity theft restoration services for the next seven years, regardless of if you decide you do not want them to take part in the class-action suit.

Whether or not your minor takes part in the suit, it is a good idea to place a freeze on their credit report. Remember, you can only do this manually with a minor. You cannot place a freeze online.

All of the documents, dates, claims process and FAQs can be found on the website that has been built to support Equifax claim. If you are not sure if your minor’s information has been affected, visit EquifaxBreachSettlement.Com.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Don’t Fall for Equifax Settlement Scams 

Capital One Data Breach – What To Do If You’re Impacted 

New Tool Helps Consumers Make Sense of Data Breaches

 

 

A new American Express phishing attack that specifically targeted American Express cardholders is unlike other attacks, according to security researchers. It contains a sophisticated method of harming the recipient that experts are not as familiar with.

Phishing attacks are nothing new. They arrive as emails, texts, social media messages or phone calls that appear to come from someone you know. It might look like your boss or co-worker, someone in your email contact list, your bank or your favorite retailer.

Each new phishing attack email has different goals, depending on what kind of ruse they are using. A fake email from your boss might tell you to change a password or send funds to a different account number, but an email from your bank might try to get you to hand over your username and password. Many phishing attacks only want the user to click a link in the email so they can be taken to a fake website where the thief steals their information. Or even worse, a link that downloads a virus to their computer.

In the case of the American Express phishing attack, the link embedded in the American Express phishing emails is two different parts. This way, the hacker can insert malicious code into the link while also confusing your antivirus software. Instead of warning you about a harmful link, your software does not recognize it as malicious.

The email itself was very typical of these kinds of attacks, namely in that it was filled with grammatical errors. Some reports have shown that the spelling and punctuation mistakes, like the ones seen in the American Express phishing attack, are intentional so that only more gullible recipients will interact with it.

Fortunately, the age-old advice about avoiding a phishing attack still holds true. These are some things to keep in mind.

Never click a link or download an attachment that you are not expecting

If the email came from your boss, pick up the phone and verify it. If it appears to come from a company you do business with, ignore the email and go directly to their website. From there, you can see if there is an issue with your account.

Spelling matters

Companies do not send out emails or other messages with multiple errors. If you see any strange mistakes, that is probably a sign it is a fake.

Check the email address and URL

If you look very carefully at the sender’s address or the website address they have included in the message, you might notice something strange. If it says “Amaz0n.com,” for example, it is fake. If the website is Citibank.card.shop.com, instead of the company’s actual web address, again, it is a fake.

Do not trust the caller ID

If the phishing attempt comes by phone, like the American Express phishing attack, do not go by what you saw on the caller ID. It is easy to change the phone number or screen name to say anything the scammer wants, such as “IRS” or “County Sheriff’s Dept.” If you receive a phoned attempt at getting you to verify your identity or make some kind of payment, hang up and contact the company directly using a phone number you have located yourself.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next…

How to File an Equifax Claim for Data Breach Settlement

SCAM: Your Social Security Number Has Been Suspended

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

 

Thousands of schools and students were recently affected by the Pearson data breach. Educational software developer Pearson announced that it suffered a data breach of its AIMSweb platform. The FBI first alerted Pearson to the issue, and after investigating, the company discovered approximately 13,000 educational institutions’ AIMSweb accounts were breached by an unknown individual. There could be thousands of individual student accounts at each different institution, leaving the total number of victims unclear.

It is tempting to think that the Pearson data breach is not very serious because affected students had their names disclosed in the breach, but only some of the students had their email addresses and dates of birth compromised. However, despite the limited dataset, hackers can actually cause serious damage:

  • If the hackers of the Pearson data breach manage to infiltrate any of the email accounts, they can potentially target the students’ other accounts, like retailers, social media, and even work-related accounts
  • With access to the email accounts, the hackers could also be able to target the students’ devices themselves, if the accounts are also linked to their device manufacturers
  • Even without taking over any accounts, the hackers can target the victims with spam emails, phishing attempts and harmful software viruses

Also, if the hackers of the Pearson data breach are able to infiltrate individual schools, having access to the students’ email addresses and birth dates can have other serious implications. Despite not compromising more sensitive information like Social Security numbers and not having any proof that the information has been used maliciously by the hackers, Pearson has stated it will offer free Credit Monitoring Services for affected victims of the Pearson data breach.

It is important to understand the seriousness of a data breach notification letter. In the event of any data breach in which any of your information may have been accessed, you need to take advantage of whatever protection the company is providing. Even if the stolen records do not contain highly sensitive material, this kind of service helps safeguard your information in the event a hacker is able to connect the dots between different data breaches and form a more complete picture of your identity. Ultimately, the Identity Theft Resource Center recommends each potential victim of the Pearson data breach to do what is best for them given their situation.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

How to File an Equifax Claim for Data Breach Settlement

How To: Place a Free Credit Freeze

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

 

With the recent Equifax data breach settlement, as well as the large Capital One breach, many people are asking questions about credit monitoring services. Should I use them? What are its benefits?

The conversation really gained steam when Equifax began offering free credit monitoring services to people impacted by their breach. Credit monitoring services are simply a mechanism for the Credit Reporting Agencies (CRAs) to track a consumer’s credit file in order to detect any suspicious activity or changes. In regards to whether or not you should take advantage –that really depends on your specific situation.

Should I enroll in credit monitoring services?

If you are already receiving credit monitoring services, maybe as a benefit through your employer, financial institution or insurance carrier for example, then passing on the monitoring aspect might make more sense. However, if you do not have access to robust credit monitoring services and have the ability to enroll in free credit monitoring services offered as part of a breach – such as Equifax, it may be a good option.

Should I place a credit freeze as well?

Ultimately, the Identity Theft Resource Center recommends consumers take advance of both credit monitoring services and credit freezes if they fall victim to a data breach. Along with your credit history being tracked, a credit freeze can stop any new accounts from being activated. Credit freezes do not impact existing credit accounts which report your payment history and account health to the CRAs. It only limits access to your credit reports to create new lines of credit.

It is important to remember that should you need to lift a credit freeze for any reason, like in order to apply for a new account like a home mortgage for example, the credit monitoring will catch any other accounts that someone with malicious intent might try to open. However, it is ultimately up to the consumer to decide what is best based in their set of circumstances.

What are the benefits of both?

Credit monitoring services and credit freezes provide their own benefits to keep consumers as safe as possible. The ultimate goal of credit monitoring services is to keep your accounts protected in a possible time of vulnerability. Monitoring can also catch suspicious activity on your existing accounts that may have been compromised due to a breach.

What if I need more help?

At the end of the day, do what is best for you. You can contact the ITRC for free assistance at 888.400.5530 with any questions you might have about your particular situation.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

How to File an Equifax Claim for Data Breach Settlement

How To: Place a Free Credit Freeze

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

 

A newly reported LAPD data breach has affected thousands of police officers and officer candidates in the Los Angeles Police Department. According to the announcement, the information included names, email addresses, birth dates and parts of their Social Security numbers, which led officials to believe it may have been information that was used to set up their accounts while seeking employment with the LAPD.

An alleged hacker reached out to the city to inform them of the breach, then produced samples of the stolen information in the LAPD data breach as proof. The hacker claimed to have received it from external sources rather than by attacking the city’s servers. There is still no proof that the hacker actually has the complete file set instead of just the samples they provided. There is also no word yet as to what the LAPD data breach hacker intends to do with it or what action they expect the city to take next.

Targeting specific organizations or industries is common. Whenever a hacker has the opportunity to access stored data, it can often involve a hospital’s patient records storage or a school’s student files. It is not unheard of for hackers to target a specific police department or even to target the officers themselves, like the LAPD data breach.

For example, an unknown number of teachers were affected by the breach of the Texas Association of School Boards, which had stored profiles on school systems’ employees within that state. The compromised information included names and Social Security numbers. In 2016, all of the employees and former employees of the social media platform Snapchat had their complete identities stolen when a hacker sent a phishing message to someone at the company, pretending to be the CEO. Even the government is not immune from this kind of threat, as the Office of Personnel Management breach in 2015, in which millions of employees’ complete identities and biometric data like fingerprints were stolen, demonstrated.

For their parts, the City of Los Angeles and the LAPD’s police union are taking the LAPD data breach very seriously. Things like credit monitoring and notification letters are important, but victims of the LAPD data breach also have to be on the lookout for any unusual activity involving their identities. They can also place a free credit freeze on their credit reports in order to attempt to block unlawful activity.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

How to File an Equifax Claim for Data Breach Settlement

How To: Place a Free Credit Freeze

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

 

What It Is

Scammers are looking to cash in on the buzz surrounding the Equifax data breach, specifically the ability for consumers to check their data and file a claim if they were affected.

Who It Is Targeting

Any consumers who may have had their information stolen in the Equifax breach could be at risk of an Equifax settlement scam, but scammers may also seek out people who were not affected in order to sell them protection products.

What You Need To Know

Equifax is one of the three major credit reporting agencies, and they were breached in 2018. More than 147 million consumers had their complete identities stolen by hackers. Now, Equifax has launched its settlement website where you can find out if your information was stolen, file a claim for compensation and apply for credit monitoring. Equifax settlement scammers are capitalizing on the buzz surrounding this new website and have already targeted victims.

What You Should Do About It

  • Make sure you are only using legitimate websites for this process, namely the FTC’s site and EquifaxBreachSettlement.com.
  • You do not have to pay anything to file a claim, look into your data, receive credit monitoring services or otherwise participate in this settlement.
  • Never verify your information for someone who contacts you and offers to find out if you have been affected.
  • Never hand over your Social Security number to someone who contacts you in any way.

Read next…

How to File an Equifax Claim for Data Breach Settlement

SCAM: Your Social Security Number Has Been Suspended

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches