• According to a new report from NTT Application Security, the percent of application software being patched has dropped below 50 percent. It is partly because more applications are being tested in the wake of recent high-profile cyberattacks. 
  • The average time to fix the most severe software vulnerabilities in a large enterprise is 203 days. That number is more than twice that figure in some industries. 
  • The report also reveals that most applications in 10 of the 11 leading industries tracked by NTT Application Security have at least one software flaw open to attack every day of the year. 
  • Cybersecurity teams are failing to fix software vulnerabilities on a timely basis, which is one reason why cybercriminals have success attacking businesses
  • To learn about recent data breaches, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC’s) data breach tracking tool, notified
  • For more information, or if someone believes they are the victim of identity theft, consumers can contact the ITRC toll-free at 888.400.5530 or via live-chat on the company website www.idtheftcenter.org.  

A King of Shreds & Patches 

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for July 30, 2021Our podcast is possible thanks to support from Experian and Sentilink. Each week we look at the most recent events and trends related to data security and privacy. This week, we discuss one of the primary causes of cyberattacks that leads to data compromises – known but unpatched software vulnerabilities and flaws.  

In Shakespeare’s Hamlet, the troubled prince refers to his uncle, a usurper of the Danish throne, as a rag-tag monarch: “A king of shreds & patches.” That description also applies to how much modern software is riddled with known flaws that give cybercriminals an easy path into organizations. There’s a report out this week that gives us a clue into just how difficult it is to patch software, even when the bugs are well known. 

Cybersecurity Teams Struggle to Quickly Fix Software Vulnerabilities 

Global cybersecurity provider NTT Application Security claims that cybersecurity teams are struggling to fix issues quickly. So far this year, the percent of application software being patched has dropped below 50 percent, partly because more applications are being tested in the wake of recent high-profile cyberattacks. 

Still, the time to patch has not improved over time. The average time to fix the most severe software vulnerabilities and flaws in a large enterprise is 203 days. In some industries, the number is more than twice that figure. The time needed to fix software used in the agriculture and forestry sector is the highest at 513 days, on average. The education sector, a common target for ransomware attacks, is the second slowest industry and requires an average of 478 days to fix a known flaw. 

How long does it take for a cybercriminal to exploit software vulnerabilities? A 2020 report puts the time to breach a system at as few as two hours once a flaw is publicly announced, usually at the same time a fix is issued. 

The Consequences of Slow Response Times to Patch Flaws 

The universally slow patch cycle where companies prioritize which software vulnerabilities they fix in what order has an unintended consequence, too. The lower the risk, the longer the time to patch. That allows cybercriminals to develop new attacks that link several lower-risk flaws into a single attack that is hard to detect and defend.  

NTT Application Security’s research shows that the same kind of software vulnerabilities continue to appear in new and updated applications. Most of the flaws identified in the first six months of 2021 fall into the same five categories month after month. 

What does that tell us? According to the report’s authors, it means that the people who are developing software and the teams that are protecting systems are not talking to one another, at least not enough to learn what bugs are common and how to fix them. 

Most Applications Have At least One Software Flaw Open to Attack 

There’s one last statistic from the NTT Application Security report that should be discussed. A majority of applications in 10 of the 11 leading industries tracked by NTT have at least one software flaw open to attack every day of the year. That explains why cybercriminals are successful at attacking businesses

Next week, we’ll take a look at the ever-growing costs to businesses that suffer a data compromise as calculated in a new report from IBM

Contact the ITRC 

If you have questions about how to keep your personal information private and secure, visit www.idtheftcenter.org, where you will find helpful tips. 

If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an expert advisor on the phone (888.400.5530), chat live on the web or exchange emails during normal business hours (6 a.m.-5 p.m. PST). 

Thanks again to Sentilink and Experian for supporting the ITRC and this podcast. Be sure to check out our sister podcast, The Fraudian Slip. We will be back next week with another episode of the Weekly Breach Breakdown


  • The one-year anniversary of the California Consumer Privacy Act (CCPA) and CCPA enforcement has come. According to the California Attorney General (AG), 75 percent of complaints were resolved within 30 days. The other 25 percent are still within the 30-day grace period or are still under investigation.
  • The California AG’s report also includes 27 examples of complaints and what companies did to fix the potential violations.
  • California also released a tool that will make it easier for consumers to file complaints about businesses that do not have a clear and easy-to-find “Do Not Sell My Personal Information” link on their website’s homepage.
  • To learn about recent data breaches consumers and businesses should visit the ITRC’s data breach tracking tool, notified.
  • For more information, or if someone believes they are the victim of identity theft, consumers can contact the ITRC toll-free at 888.400.5530 or via live-chat on the company website www.idtheftcenter.org.

The Right Tool

Welcome to the Identity Theft Resource Center’s Weekly Breach Breakdown for July 23, 2021. Our podcast is possible thanks to support from Experian and Sentilink. Each week we look at the most recent events and trends related to data security and privacy. This week we look at the California Consumer Privacy Act (CCPA), the state law that gives consumers a way to push back against data breaches, and the one-year anniversary of CCPA enforcement.

I’m sure most of us have heard a parent or mentor say at one time or another, “You need the right tool for the right job.” When it comes to protecting privacy and personal information, the Mac-Daddy of protection tools is the CCPA.

News Statistics Released About CCPA Enforcement

California Attorney General (AG) Rob Bonta recently published statistics about the number of complaints his office has received alleging CCPA violations, including some examples. Seventy-five (75) percent of the complaints were resolved within the 30 days the law gives a business to comply once they are notified of a potential violation. The other 25 percent are still within the 30-day grace period or are still under investigation.

The most interesting part of the AG’s report is the 27 examples of complaints and what companies did to fix the potential violations. Notices to cure have been issued to data brokers, marketing companies, businesses handling children’s information, media outlets and online retailers. Some businesses prompted hundreds of CCPA enforcement complaints, while others generated millions.

Potential violations that have been cured include:

  • A business that manufactures and sells cars failed to notify consumers of how personal information was used as part of a vehicle test drive in addition to other omissions in its privacy policy. 
  • A grocery chain required consumers to provide personal information in exchange for participation in its company loyalty programs. The company did not provide a Notice of Financial Incentive to participating consumers.
  • A social media app was not timely responding to CCPA requests, and users publicly complained that they were not receiving notice that their CCPA requests had been received or acted on. 
  • An online dating platform that collected and sold personal information did not have a “Do Not Sell My Personal Information” link on its homepage or adequately explained its data-sharing practices.

Tool Released to Make It Easier for California Residents to File Complaints

AG Bonta also released a tool that makes it easy for California residents to directly complain to a business that does not have a clear and easy-to-find “Do Not Sell My Personal Information” link on their website’s homepage. That’s required by the CCPA, and the direct consumer complaints can trigger the process that can lead to CCPA enforcement action by the state AG.

More tools that allow consumers to help police the CCPA’s provisions, including damages paid directly to consumers for certain data breaches, may be offered in the future.

Contact the ITRC

If you have questions about CCPA enforcement, or how to keep your personal information private and secure, visit www.idtheftcenter.org, where you will find helpful tips.

If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an expert advisor on the phone (888.400.5530), chat live on the web or exchange emails during normal business hours (6 a.m.-5 p.m. PST).

Thanks again to Sentilink and Experian for supporting the ITRC and this podcast. Be sure to check out our sister podcast, The Fraudian Slip. We will be back next week with another episode of the Weekly Breach Breakdown.

  • Advanced child tax credit payments are being sent by the Internal Revenue Service (IRS) as part of the American Rescue Plan. However, scammers may try to take advantage of the funds with child tax credit scams.
  • The IRS will not call, text, email or message you about a child tax credit. If you receive an unsolicited message, it is a scam.
  • To avoid a child text credit scam, do not respond to any unsolicited messages or click on any unknown links or attachments. Also, report the fraudulent activity to the Federal Trade Commission (FTC) by emailing reportfraud@ftc.gov and the IRS by calling 800.829.4933.
  • For more information on the child tax credit, who is eligible, how to submit your information and more, click here.
  • If you believe you are the victim of a child tax credit scam or another form of identity theft, contact the Identity Theft Resource Center toll-free by phone (888.400.5530) or live-chat on the company website www.idtheftcenter.org.

The Internal Revenue Service (IRS) has sent approximately $15 billion to around 35 million families eligible for the advanced child tax credit. With the process underway, parents should look out for child tax credit scams. No eligible taxpayer has to do anything to receive the money, but criminals may try to say otherwise.

What You Need to Know About the Advanced Child Tax Credit

The advanced child tax credit was included in the American Rescue Plan, and it provides $250 to $300 per month per child to most families from July through December 2021. The IRS is paying half the total credit amount in advance monthly payments. The payments will come via direct deposit, paper check or debit card (more than 85 percent of the funds have been sent by direct deposit). Parents will claim the other half when they file their 2021 income tax return.

The IRS urges taxpayers who usually aren’t required to file federal income tax returns to file a return if they are eligible for Economic Impact Payments or advance payments of the Child Tax Credit. Learn more from the IRS about the advanced child tax credit, who is eligible, how to submit your information and much more.

Child Tax Credit Scams

Criminals are aware of the payments and will likely launch child tax credit scams. Criminals may impersonate IRS representatives just to steal your personally identifiable information (PII) like a Social Security number or bank account information. PII can be used to pose as you on the IRS website and reroute your money to the cybercriminals.  

The ITRC’s CEO Eva Velasquez recently told NerdWallet: “Do not rely on incoming communications. If you didn’t initiate the contact, don’t engage. Caller I.D. cannot be trusted; even if a government agency’s name is listed, thieves may have originated the call and spoofed the caller I.D. display.”

What Should You Do?

The IRS says parents do not have to take any action to receive the advanced child tax credit funds. If you want to opt-out of the IRS payments or change your information, you can do that at www.irs.gov. Here are other tips on how to avoid an advanced child tax credit scam:

  • Don’t respond to solicited communication. The IRS will not call, text, email or message you. If you receive a message claiming to be from the IRS, ignore it. The IRS will mail you anything that is legitimate, and there are ways you can make sure it is from the Service.
  • Don’t click on any unknown links. If you receive a message claiming to be from the IRS, it is important not to click on any links or attachments because they could be malicious and used to steal your personal information. They could also lead you to a fraudulent website that asks you to input sensitive PII.
  • Know who is supposed to receive the check. If you share custody of a child, make sure you know who is supposed to receive the check because sometimes a “missing” check has actually been delivered.
  • Report child tax credit scams and fraud. If someone tries to take advantage of you with a child tax credit scam, you can report it to the Federal Trade Commission (FTC) by emailing reportfraud@ftc.gov. If you believe someone stole the check from your mailbox, contact the IRS (800.829.4933) because they can trace the check and replace the money.
  • Track your check. If it is mailed to you, go to www.USPS.com and sign up for Informed Delivery, which emails you photos of your mail before it is delivered. When your check is expected, pick up your mail or have someone do it for you as quickly as possible to avoid a repeat of earlier problems with government check deliveries.

Contact the ITRC

For more information on child tax credit payments, or if you believe you were the victim of a child tax credit scam, contact us. You can speak with an expert advisor at no cost by phone (888.400.5530) or live-chat on the company website. Just visit www.idtheftcenter.org to get started.

SentiLink talks with the ITRC in the newest Fraudian Slip podcast about the unprecedented levels of identity fraud as people have applied for government benefits during COVID-19 

  • For the first time since the reports of unemployment identity fraud began to spike in March 2020, the number of cases has steadily declined. So have the number of fraudulent stimulus cases linked to identity fraud. 
  • However, June was the month the Identity Theft Resource Center (ITRC) saw 2021’s unemployment identity fraud numbers surpass all of 2020.  
  • The ITRC sat down with supporter SentiLink, a company that helps businesses reduce identity-related fraud, to discuss COVID-19 fraud, what we learned, emerging threats and much more. Listen to this week’s episode of The Fraudian Slip
  • You can learn more about unemployment identity fraud and other topics discussed in the podcast, and how to protect yourself from identity crimes by visiting the ITRC’s website
  • If you think you are the victim of an identity crime or your identity has been compromised, you can call us, chat live online, send an email or leave a voicemail for an expert advisor to get advice on how to respond. Just visit www.idtheftcenter.org to get started.   

Welcome to The Fraudian Slip, the Identity Theft Resource Center’s (ITRC) podcast, where we talk about all-things identity compromise, crime and fraud that impact people and businesses. Listen on Apple, Google, Spotify, SoundCloud, or Podsite now.

This month, July, we will look deeper into an issue that has dominated news headlines – unemployment identity fraud – and frustrated hundreds of thousands of identity crime victims. We are talking about the unprecedented levels of identity fraud that we have seen during the pandemic as people applied for various government benefits – ranging from unemployment benefits to small business loans.  

Let’s start with some good news. For the first time since reports of unemployment identity fraud emerged in early 2020, the number of fraud cases began a steady decline in May. The number of fraudulent stimulus cases linked to identity fraud and small business administration loans also drops a little each month. Ironically, June was the month when the number of unemployment identity fraud cases reported to the ITRC in 2021 surpassed all of 2020. 

The ITRC has talked a lot on earlier episodes of this podcast about how the unemployment identity fraud occurred and the impact on people denied benefits as a result. However, we have not focused much on what we have learned about what happened after the money was stolen. Where did it go? What other actions can we take now to prevent more fraud in the future based on what we have learned? 

Helping us explore the murky world of identity fraud is Eva Velasquez, president and CEO of the ITRC, and Naftali Harris, Co-Founder and CEO of SentiLink, a company that helps businesses reduce identity-related fraud.   

We talked with Naftali Harris about the following: 

  • What SentiLink does. 
  • What happened to the money lost, and what we have learned from the pandemic fraud. 
  • Friction in transactions – positive and negative.  
  • Any potential emerging threats. 

We talked with Eva Velasquez about the following: 

  • The impacts of identity fraud and the denial of benefits. 
  • Friction in transactions – positive and negative. 
  • What consumers can do to prevent/mitigate identity fraud now. 

You can learn more about unemployment identity fraud as well as get help if you have been the victim of an identity crime by visiting the ITRC’s website at www.idtheftcenter.org. While you are there, sign up for our emails that alert you to the latest scamsmonthly data breach updatesand tips to protect your identity.  

Be sure and join us next week for our Weekly Breach Breakdown podcast and next month for another episode of The Fraudian Slip.  

ITRC thanks SentiLink for supporting our podcast.

  • Did you recently receive a phone call claiming to be from the U.S. Department of Homeland Security (DHS)? Homeland Security phone scams are making the rounds, leaving some people in a panic.
  • In the Homeland Security scam phone calls, criminals are impersonating both Homeland Security Investigations Office agents and U.S. Customs and Border Protection (CBP) agents. One scam threatens people with warrants and investigations if they do not give up either money or personal information. Another scam claims cash and drugs were intercepted with your name on it and asks for banking information.
  • If you receive a threatening phone call from a Homeland Security Investigations agent or an unsolicited call from a CBP agent, you should hang up because it is probably a Homeland Security phone scam. DHS will never call anyone with demands or requests for sensitive information. Instead, report the call to DHS and the Federal Trade Commission.
  • If you want to learn more, believe you are the victim of a phone scam, or if you have been receiving Homeland Security scam phone calls, contact the Identity Theft Resource Center (ITRC) at no cost by phone (888.400.5530) or live-chat. Just go to www.idtheftcenter.org to get started.

The Department of Homeland Security (DHS) is usually the agency issuing a fraud alert informing the public about the latest scams, like DHS giving a new warning about immigration scams from the Department’s Ombudsman office. However, now criminals are trying to get your money and personal information by impersonating Homeland Security agents, particularly in the Philadelphia and Miami areas. DHS officials say the calls are part of a Homeland Security phone scam and are intended to frighten people. DHS agents will never call you unsolicited.

Who are the Targets?

Phone users; Non-U.S. citizens

What is the Scam?

Identity criminals impersonate agents from the DHS Investigations Office and the U.S. Customs and Border Protection (CBP). In one Homeland Security phone scam, criminals threaten you with arrest or an investigation if you do not provide payment in the form of “immigration bonds” or sensitive information. Other Homeland Security scam phone calls have a pre-recorded message that says, “a box of drugs and money being shipped has your (caller’s) name on it, and it has been intercepted.” They then instruct the caller to press #1 to speak with a CBP agent, attempting to get the caller’s banking information.  

What They Want

Scammers hope to steal either money or personal information. The personal information and bank account information can be used to commit an array of different identity crimes in your name.

How to Avoid Being Scammed

  • The DHS Investigations Office will never call you with demands like those included in the current scams. If you receive a threatening call, hang up because it is a Homeland Security phone scam. Do not give them any money or personal information.
  • Also, DHS Investigations and CBP do not solicit money over the phone. If you get a call like that, note the number, any other pertinent details about the call and then hang up.
  • If you receive Homeland Security scam phone calls, report them to the DHS Investigations Field Office or the CBP, even if you did not fall for the scam. Phone scams can also be reported to the Federal Trade Commission online at reportfraud.ftc.gov/.

To learn more about Homeland Security scam phone calls, or if you believe you were the victim of a phone scam, contact the ITRC toll-free by calling 888.400.5530. You can also visit the company website to live-chat with an expert advisor. Go to www.idtheftcenter.org to get started.  

  • According to the Identity Theft Resource Center’s (ITRC) First Half 2021 Data Breach Analysis, data compromises are up 38 percent over the first quarter of 2021. If this trend from the data breach statistics continues, 2021 will set an all-time high for data compromises.
  • While data compromises are up, the number of individuals impacted is down 20 percent quarter-over-quarter. If the current trajectory holds, 2021 will see the fewest number of impacted individuals since 2016.
  • Phishing and Ransomware remain the top two root causes of data compromises for the second quarter and the first half of the year. However, supply chain attacks continue to increase in volume, scale and complexity.
  • To learn about recent data breaches, or to see the ITRC’s data breach statistics in our latest report, consumers and businesses should visit the ITRC’s data breach tracking tool, notified.
  • For more information, or if someone believes they are the victim of identity theft, consumers can contact the ITRC toll-free at 888.400.5530 or via live-chat on the company website www.idtheftcenter.org.

First Half 2021

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for July 9, 2021. Our podcast is possible thanks to support from Experian. Each week we look at the most recent events and trends related to data security and privacy. This week we look at the ITRC’s data breach statistics and trends for the second quarter of this year and what they tell us about how we may end 2021.

How the ITRC Reports Data

First, here’s a brief reminder of how the ITRC reports data. We only include information from U.S. data events that are publicly-reported. We report 1) data compromises, which includes data breaches, data exposures (think cloud databases with no security), and 2) data leaks, generally public information that is aggregated and used for a purpose other than that for which it was intended (think scraping information from social media sites that are sold for marketing lists or used for phishing attacks).

Key Takeaways from the ITRC’s First Half 2021 Data Breach Analysis

Now, let’s look at the key takeaways from this week’s ITRC First Half 2021 Data Breach Analysis:

  • According to the ITRC’s data breach statistics, data compromises are up 38 percent over the first quarter of 2021, putting us on a trajectory to end 2021 with a record level of compromises. Every month this year (except May) has seen data compromises higher than the month before. If this trend continues, we will exceed the all-time high number of compromises set in 2017 of 1,632 publicly-reported data events.
  • However, the number of people impacted by data compromises is down 20 percent quarter-over-quarter. That means we could end 2021 with fewer than 250 million victims of identity compromises, which continues a trend away from the mass collection of individual information that started in 2018.
  • The data breach statistics show we are on pace to have the highest number of data compromises ever in the same year that we could see the fewest number of people impacted since the all-time high was set in 2016.
  • Data compromises are rising or flat pretty much across the board, with half of the sectors tracked by the ITRC showing increases.
  • Manufacturing & Utilities and Professional Services are seeing significant increases while Healthcare and Retail are seeing data compromises drop. This shift reflects the broader trend of cybercriminals focusing their attention on critical infrastructure entities, so important they cannot be allowed to remain offline, and targets considered to be not as well defended. It is all in hopes of securing larger ransomware payments.
  • Phishing and Ransomware remain the #1 and #2 root causes of data compromises for the second quarter (Q2) and the first half of the year. However, supply chain attacks continue to increase in volume, scale and complexity. Attacks against vendors that give criminals access to many companies through a single data or security breach increased 19 percent in Q2. The 58 supply chain attacks through June 30, 2021 compares to the 70 malware-related compromises for the year so far. These data breach statistics indicate that third-party risks are poised to surpass malware as the third most common root cause of data events by the end of this year.
  • Just two days after the end of the second quarter, a major supply chain attack was launched against the cybersecurity provider Kaseya. Cybercriminals demanded a record $70 million in ransom to restore the operations of more than 1,500 companies impacted by the attack. It’s not known if any personal information has been compromised. However, we know this early third quarter (Q3) attack is an indication that cybercriminals are launching ever more sophisticated attacks that command larger and larger ransom payments.

Contact the ITRC

If you have questions about how to keep your personal information private or secure, visit www.idtheftcenter.org, where you will find helpful tips, and where you can download our First Half 2021 Data Breach Analysis to see our data breach statistics.

If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an expert advisor on the phone (888.400.5530), chat live on the web or exchange emails during our normal business hours (6 a.m. to 5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Experian for supporting the ITRC and this podcast. Be sure to check out our sister podcast, The Fraudian Slip. We will be back next week with another episode of the Weekly Breach Breakdown. 

Accepting Cookies on New Websites You Visit? Here’s What to Consider

  • Most people in the U.S. have visited a website and accepted cookies. Cookie preferences can be traced directly to the European Union’s three-year-old privacy law, the General Data Protection Regulation (GDPR).
  • States are increasingly giving consumers the right to opt-out of data collection and use under new privacy laws. Also, some web browsers allow you to block most cookies, even if the website owner does not give you any cookie control.
  • There are also good cookies, known as “essential” and “performance” cookies. They help ensure you have a good website experience.
  • What makes a good cookie preference notice is one that starts with all cookies being turned off so you can choose to enable them.
  • To learn about recent data breaches, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC) data breach tracking tool, notified.
  • For more information, or if someone believes they are the victim of identity theft, consumers can contact the ITRC toll-free at 888.400.5530 or via live-chat on the company website www.idtheftcenter.org.

I Know It When I See It

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for July 2, 2021. Our podcast is possible thanks to support from Experian. Each week we look at the most recent events and trends related to data security and privacy. This week we talk about those annoying cookie preferences and notices that pop up when you visit a website.

In 1958, filmmaker Louis Malle released The Lovers, a movie so racy that it was banned in some states as “obscene.” That didn’t stop a theatre owner in Ohio from screening the film, leading to his arrest and ultimately what is believed to be the most quoted line from a U.S. Supreme Court ruling.

The question before the court was how to define “obscene”? That prompted Justice Potter Stewart to write in his opinion overturning the criminal conviction, and this is paraphrased, “I don’t know how to define pornography, but I know it when I see it.” That’s kind of how it is with cookie preferences and other privacy notices on websites these days. I don’t know how to describe what’s a good one, but I know one when I see one.

Cookie preferences can be traced directly to the European Union’s (EU) three-year-old privacy law, the General Data Protection Regulation (GDPR). The GDPR requires knowing and informed consent before data can be collected about an EU resident by a company anywhere in the world.

That provision has doomed some kinds of cookies and data collection practices in the EU, such as web tracking cookies. It’s impractical to get permission from a website visitor every time a tracking cookie is ready to attach before the snippet of code is launched to collect your information.

For the remaining forms of allowable cookies, that’s where the cookie preference notice comes into play. You have to give your permission if you are in the EU or U.S. Many companies that have to be GDPR compliant give you the chance to set your own cookie preferences, even though it is not necessary.

Other companies in the U.S. try the old “negative selection” approach for non-EU visitors. That is to say, you will see a notice that says something to the effect of “if you continue to use our website, you agree to our policies including the use of cookies.”

That is not allowed under the GDPR for EU residents, but it’s fair game in the U.S., at least for now. Increasingly, states are giving consumers the right to opt-out of data collection and use under new privacy laws. Some web browsers – including Safari, Firefox, DuckDuckGo and Brave – allow you to block most cookies, too, even if the website owner does not give you any cookie control.

Notice we said, “block most cookies.” Some cookies are beneficial and do not collect mass amounts of data about you and where you go on the web. They are known as “essential” and “performance” cookies. They help ensure you have a good website experience. When given the choice of allowing those kinds, you are fine accepting cookies.

The key here is consent and giving you the ability to decide for yourself if you want to load up on them; accepting cookies so you can see more ads about Nike Air Force One sneakers as you search the web. What makes a good cookie preference notice? One that starts with all cookies being turned off so you can choose to enable them. That makes it easy to know “it” when you see it.

Contact the ITRC

If you have questions about how to keep your personal information private and secure, visit www.idtheftcenter.org, where you’ll find helpful tips. You can also sign-up to receive our regular email updates on identity scams and compromises. Look out for our analysis of data breaches in the first half of 2021 that will be released on July 8.  

If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an expert advisor on the phone, chat live on the web or exchange emails during our normal business hours (6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.  

Thanks again to Experian for supporting the ITRC and this podcast. Be sure to check out our sister podcast, The Fraudian Slip. We will be back next week with another episode of the Weekly Breach Breakdown.