Significant and negatively impactful data breaches in the healthcare industry have happened for a long time. Back in 2015, Anthem suffered a massive data breach that led to as many as 80 million people having their information stolen. In 2019, third-party billings and collection agency, American Medical Collection Agency (AMCA), suffered a data breach that affected over 24 million people and 20 healthcare entities. That included Quest Diagnostics, who had 11.9 million patients impacted. More recent healthcare data breaches include Florida Orthopaedic Institute, University of Utah Health and PaperlessPay.

What Does it Mean to You?

Data breaches in the healthcare industry continue to happen because of the availability of both personally identifiable information (PII) and personal health information (PHI) available to bad actors. Hackers can do a lot of damage with access to sensitive PHI and PII, like Social Security numbers, health insurance numbers, drivers licenses or identification numbers, medication lists, conditions, diagnoses and financial information. Fraudsters can submit use this data to file fraudulent health insurance claims, apply for medical care and prescription medications, use the information on billing and much more.

According to the Protenus 2020 Breach Barometer, in 2019,  data breaches in the healthcare industry continued to be a problem, involving sensitive patient information, with public reports of hacking jumping 48.6 percent from 2018. The 2020 IBM Report on the average cost of a data breach reported that the most expensive attacks in 2019 occurred in the healthcare sector. According to the Identity Theft Resource Center’s (ITRC) 2019 Data Breach Report, there were 525 medical and healthcare data breaches in 2019, exposing over 39 million sensitive records. The medical and healthcare sector had the second-highest number of breaches and sensitive records exposed of all the sectors the ITRC tracks.

What Can You Do?

Data breaches in the healthcare industry will continue to happen because of the troves of information. However, there are things consumers can do to reduce their risk.

  • Victims should change their username and password for their affected healthcare account
  • Consumers should also change their username and password on any other accounts that have the same username or password as their healthcare account
  • Depending on what piece of PHI is exposed, victims should contact the affected healthcare provider to see what steps need to be taken

Victims of a data breach in the health care industry can call the ITRC toll-free at 888.400.5530 for more information on the next steps they need to take. They can also live-chat with an ITRC expert advisor.

Victims are also encouraged to download the free ID Theft Help app. The app has tools for data breach victims, including a case log to track all of their steps taken, access to helpful resources during the resolution process, instant access to an advisor and much more.


Read more…

Being Able to Identify a Phishing Attack is More Important Now Than Ever

Netflix Email Phishing Scam Could Steal Credit Card Information

Hacked Dating Apps are a Popular Target for Social Engineering Scams

Another week has gone by, and in this week’s Weekly Breach Breakdown, the Identity Theft Resource Center (ITRC) highlights a handful of data compromises that could leave a big impact on businesses and consumers. The ITRC has been tracking publicly-notified U.S. data breaches since 2005 to look for patterns, new trends and any information that could better help educate on the need for understanding the value of protecting personally identifiable information (PII). Some of the data compromises highlighted this week include CVS, Walgreens and Walmart pharmacy data breaches with a unique twist; an athlete recruiting tool; and one state’s taxpayer system. All of these breaches have one thing in common: they are relatively small data events that can still leave a lasting impact.

CVS, Walgreens and Walmart Pharmacy Data Breaches

Three well-known companies suffered from individual pharmacy data breaches. It wasn’t a cyberattack or failure to secure their electronic records; instead, some of their stored health information was physically stolen, leaving the potential for a serious impact on the individuals whose information was exposed. During recent protests in several cities, pharmacies owned by Walmart, Walgreens and CVS were looted. Paper files and computer equipment containing customer information was taken from individual stores, not the companies at-large. The missing information included prescriptions, consent forms, birth dates, addresses, medications and physician information. All three companies affected by the pharmacy data breaches notified impacted patients, but only CVS released the number of customers involved – 21,289.

Front Rush Data Compromise

The next data compromise includes student-athlete recruiting tool, Front Rush. Front Rush recently notified 61,000 athletes and coaches that their information was open to the internet due to a misconfigured cloud database for four years. In a notice to individuals impacted, Front Rush acknowledged that they could not tell if anyone accessed or removed any PII while it was exposed to the web from 2016-2020. Some of the personal information in the database included: Social Security numbers, Driver’s Licenses, student IDs, passports, financial accounts, credit card information, birth certificates and health insurance information.

The Vermont Department of Taxes Data Compromise

The state of Vermont recently notified more than 70,000 taxpayers that the online credentials they used to file certain types of tax forms had been exposed on the internet since 2017. State officials say they lacked the tools to tell if the information was downloaded from their systems by threat actors, but they believe the risk of an identity crime is low. However, the State Department of Taxes is recommending taxpayers take precautions like monitoring bank and credit accounts, reviewing credit reports and reporting any suspicious activity to local law enforcement.

What it Means

Stolen credentials like logins and passwords, like the information breached in Vermont, are currently the number one cause of data breaches, according to IBM. However, that is tied with misconfigured cloud security that leads to data being exposed to the web, as in Front Rush. Misconfigured cloud security generally means that someone forgot to set up a password or other security tool when they configured the database. Stolen physical records and devices ranks five out of ten on the attack scale for the most common attack vectors.

For more information about the latest data breaches, subscribe to the ITRC’s data breach newsletter.

NotifiedTM

Keep an eye out for the ITRC’s new data breach tracker NotifiedTM. It is updated daily and free to consumers. Businesses that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the ITRC’s three paid subscriptions. Subscriptions help ensure the ITRC’s free identity crime services stay free. Notified launches later this month.

If someone believes they are the victim of identity theft or their information has been compromised in a data breach, they can call the ITRC toll-free at 888.400.5530 to speak with an expert advisor. They can also use live-chat. Finally, victims of a data breach can download the free ID Theft Help app to access advisors, resources, a case log and much more. Join us on our weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.


 You might also like…

Being Able to Identify a Phishing Attack is More Important Now Than Ever

Netflix Email Phishing Scam Could Steal Credit Card Information

Hacked Dating Apps are a Popular Target for Social Engineering Scams

Another week has gone by, a week full of interesting publicly-reported U.S. data compromises. This week on the Identity Theft Resource Center’s Weekly Breach Breakdown podcast, we are focusing on cyberattacks and data breaches that help us put a price tag on people’s personal information – including EDP Renewables’ ransomware attack, a Twitter data breach that exposed Slack user information and much more.

In the 1980s, hacking started to become a thing. For the most part, hackers were young, smart and motivated by the challenge of breaking into the phone company or the Pentagon. As the ITRC’s COO and podcast host James Lee says, “the payout was street credibility.” Today, hackers are known as threat actors, and they are looking to steal people’s personal information simply because they are motivated by greed. Stealing someone’s personal information is not so much about breaking into someone’s bank account as it is stealing users’ login and passwords from a company to dupe them into paying a fake invoice (from said company) or infecting a company’s systems with ransomware.

Earlier this year, security research firm SentinelOne estimated that ransomware cost U.S. companies $7.5 billion in 2019. That number is expected to increase because the average ransom paid is going up. According to Security Boulevard, in six months between October 2019 and March 2020, the average ransom payment went from $44,000 to more than $110,000 an attack.

Originally, data thieves were content with just locking up a company’s files and walking away if they did not get paid or releasing the files back to the company if they did. Now, however, cybercriminals specializing in ransomware are using more sophisticated attack software and bolder tactics. Attackers are downloading sensitive personal information before they notify their victims instead of just sending a ransom note after locking files, turning a basic cyber hold-up into a classic data breach.

This past week, EDP Renewables, a European energy company that serves 11 million customers in the U.S., confirmed they were the target of a ransomware attack with a $14 million price-tag. Customer information was breached as part of the attack. In ransomware attacks, like EDP Renewables, the stolen information is used as leverage to force companies to pay the attackers. EDP Renewables did not pay. The demands like the one in the EDP Renewables ransomware attack make it easy to calculate the value cybercriminals put on identity information.

Another way to tell the value of personal information is to look at the price data commands in one of the Dark Web’s illicit marketplaces – where stolen information and identities are commerce. Earlier in July, data thieves posted a database of customer information from Live Auctioneers, an auction website that allows people worldwide to bid on auctioned items in real-time. The complete set of 3.4 million records are for sale starting at $2,500.

However, not all data is as valuable as other pieces of information. For example, a credit or debit card could be worth as much as $11 or as little as $1. Workspace tool Slack is learning their user information is not as valuable to data thieves, at least right now. A recent Twitter data breach exposed Slack user information. According to security researchers at KELA Group, 17,000 Slack credentials from 12,000 company workspaces are for sale on the dark web for a little as $0.50 and as much as $300. Despite the cheap low rate, no one is taking advantage of the Slack data from the Twitter data breach – posts offering the Slack credentials are nearly a year old. The reasons why cybercriminals are interested in some data and not interested in other data can vary. However, right now, data thieves are not interested in the Slack user information; because as popular as Slack is with users and Wall Street, Slack channels are rarely filled with the kinds of information cybercriminals want.

For more information about the latest data breaches, people can subscribe to the ITRC’s data breach newsletter. Keep an eye out for the ITRC’s new data breach tool, NotifiedTM. It’s updated daily and free for consumers. Businesses that need access to comprehensive breach information for business planning or due diligence can subscribe to unlock as many as 90 data points through one of three paid tiers. Subscriptions help ensure the ITRC’s free identity crime services stay free. Notified launches in August.

If someone believes they are a victim of identity theft or have been impacted by a data breach, they can call the ITRC toll-free at 888.400.5530 to speak with an expert advisor. They can also use live-chat. Finally, victims of a data breach can download the free ID Theft Help app to access advisors, resources, a case log and much more.

Join us on our weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.

You might also like…

Twitter Hack Serves as a Reminder of How Manipulative Bitcoin Scams Can Be

Cyber-Hygiene Tips to Keep Consumers Safe

USS Bonhomme Richard Charitable Giving Scam

A Florida-based healthcare provider has issued a warning to its patients that their highly-sensitive personally identifiable information (PII) and personal health information (PHI) may have been stolen in a data breach. In what appears to have been a ransomware attack, Florida Orthopaedic Institute’s servers were infiltrated by malicious actors who then encrypted patients’ files, blocking access to them by the facility’s staff members. The facility is a conglomerate of orthopaedic physicians’ offices, meaning it could be possible that patients affected by the Florida Orthopaedic Institute data breach are not familiar with the company’s name.

The Florida Orthopaedic Institute’s investigation also uncovered reasons to suspect that some of the patients’ complete identities had been stolen before the encryption. That would include such data points as names, birthdates, Social Security numbers and more. Right now, the Florida Orthopaedic Institute has not found evidence that those identities have been used. Other compromised information from the Florida Orthopaedic Institute data breach includes medical data or PHI like appointment times, insurance plan numbers and payments for services, just to name a few.

While the facility was able to regain access to the encrypted files, affected patients should take immediate action. Some important steps include:

  • Changing the passwords on any accounts that share a username and password with their Florida Orthopaedic Institute account
  • Requesting a free copy of their credit report from AnnualCreditReport.com to look for signs of unusual activity
  • Signing up for the free credit monitoring and fraud protection tools that Florida Orthopaedic Institute is providing to the victims of this breach. It’s also important for victims of the Florida Orthopaedic Institute data breach to place a freeze on their credit report if their financial or payment card information was affected.
  • Contacting their insurance provider and asking if they can change their insurance account and card number. Victims should see what additional protections they can put in place such as an additional password when calling for service
  • Checking medical insurance billing statements closely to ensure the company is not covering services received by a thief that the victim has not received

As with any data breach event, including the Florida Orthopaedic Institute data breach, consumers can also reach out to the Identity Theft Resource Center (ITRC) for help and information by live-chat or calling toll-free at 888.400.5530. The ITRC’s free ID Theft Help app for iOS and Android is a place for victims to manage their case-specific action plans and find other helpful resources.


You might also like…

The Unconventional 2020 Data Breach Trends Continue

School District Data Breaches Continue to be a Playground for Hackers

Is This an Amazon Brushing Scam?

In 2019, the Identity theft Resource Center (ITRC) saw a 17 percent increase in data breaches compared to 2018. Credential stuffing attacks exploded in 2019, as well as third-party contractors being breached. 2020 has been a different story.

While scams are up due to COVID-19, publicly-reported data breaches are down in the U.S. Despite millions of Americans shifting to working from home – where cybersecurity and data protections may not be as strong as their regular workspace, the number of data breaches has dropped by one-third (nearly 33 percent) in the first six months of 2020 compared to 2019. The data compromise decrease statistics do not stop there. More significantly, the number of individuals impacted by breaches dropped by 66 percent over the same time period one year ago.

ITRC-Year-over-Year-Jan-Jun-Breaches-2020-v2
Year -over-year January – June 2020 data breach trends provided by ITRC

The 2020 data breach statistics are good news for consumers and businesses overall. However, the emotional and financial impacts on individuals and organizations are still significant. In fact, the impact on individuals might be even more catastrophic as criminals use stolen personally identifiable information (PII) to misappropriate government benefits intended to ease the impact of the COVID-19 pandemic.

External threat actors continue to account for most successful data compromises (404), compared to internal threats from employees (83) and third-party contractors (53). Internal threat data compromises are the lowest they have been since 2018.

In comparison, January 1, 2019 to June 30, 2019 saw 588 breaches caused by an external threat actor, 126 breaches caused by an internal threat actor and 89 involved a third-party. The data compromise decrease can be attributed, in part, to more people working from home.

Due to the increase in remote work, employees have less access to the data and systems necessary to easily steal PII. However, businesses and employees are also hyper-focused on preventing identity theft.

Unless there is a significant uptick in data compromises reported, 2020 is on pace to see the lowest number of data breaches and data exposures since 2015.

ITRC-Year-over-Year-Breaches-2020-v2
Year-over-year data breach trends 2020 provided by ITRC

With that said, there is reason to believe the lower number of breaches is only temporary. Cybercriminals have been using the billions of data points stolen in data breaches during the last five years to execute different types of scams and attacks, which include phishing, credential stuffing and other exploits that require PII. With so much data being consumed and so much focus on improved cyber-hygiene, both at work and at home, the available pool of useful data is being reduced.

At some point, cybercriminals will have to update their data, which should lead to a return of the normal threat pattern. While there are signs of increased cyberattacks that – if successful – could lead to PII being compromised, it is too early to tell when the uptick may occur. Even then, it is more likely to be a “dimmer switch” approach rather than just flipping on a light switch, meaning it will not happen all at once.

The ITRC will continue to monitor all of the publicly-reported data breaches daily and analyze them to keep businesses and consumers educated on what the cybercriminals are doing.

If someone believes they have had their information exposed as part of a data compromise, or is a victim of identity theft due to a data breach, they can live-chat with an ITRC expert advisor. They can also call toll-free at 888.400.5530. Advisors can help victims create action plans that are tailored to them.

Victims can also download the free ID Theft Help App. The app lets them track their case in a case log, access resources and tips to help them protect their identity and more.

For more information on the ITRC’s data breach tracking and trend analysis, or if your organization would like to subscribe to our monthly data breach product, please email notifiedbyITRC@idtheftcenter.org.

Every week the Identity Theft Resource Center (ITRC) takes a look at the most interesting data compromises from the previous week. The ITRC has the most comprehensive databases of information about publicly-reported U.S. data breaches. The ITRC has been compiling data breach information for the last 15 years, recording close to 12,000 publicly-notified data breaches. This week we are highlighting a couple of longer-term unconventional 2020 data breach trends and what is behind them (specifically, publicly-reported breaches in the U.S.) and what cybercriminals are doing with all of the personal information they have stolen the past few years.

Tune in to the Identity Theft Resource Center’s newest podcast – the Weekly Breach Breakdown with host, James Lee, Chief Operating Officer.

Since 2015, data breaches and the number of people impacted has been on the increase, with the exception of one year. However, 2020 is shaping up to be very different. While many believed employees working remotely due to COVID-19 would lead to a spike in data breaches and identity theft, the data tells a different story. The number of publicly-reported data breaches are down 33 percent in the first six months of 2020 over the same period in 2019. More importantly, the number of individuals impacted by data compromises is down 66 percent compared to last year. In the first six months of 2020, the ITRC tracked 540 data breaches and approximately 164 million people affected, including those who received more than one breach notice.

While the 2020 data breach trends are good news for businesses and consumers, the emotional and financial impacts on organizations and individuals due to data breaches are still significant. In fact, the impact on individuals could be even more damaging as criminals use stolen identity information to misappropriate government benefits intended to ease the impact of the coronavirus. While the ITRC sees a drop in data breaches reported, it also sees an increase in reports of identity-related fraud.

There is never just one reason why data breaches go up or down. It is a complicated issue with many moving parts. However, related trends give a clue about one of the primary drivers of the reduction in mass data theft: all the identity information stolen in data breaches over the past few years. In fact, a new research report shows there are 15 billion credentials for sale in the marketplace where identity criminals buy and sell personal information. That is a lot of information – and right now, cybercriminals are cashing in on all of that data by running COVID-19 and other scams that require identity data. Cybercriminals are striking with phishing attacks and other automated attacks using apps designed to crack open accounts using stolen credentials that cost as little as $4.

In other words, right now identity thieves do not need any more data. They are consuming more data than they are gathering. Unless there is a significant increase in the number of reported data compromises, 2020 is on pace to see the lowest number of data breaches and data exposures since 2015, an unconventional 2020 data breach trend that might not have been expected at the beginning of the year – and is counter to other reports. With that said, there is reason to believe the 2020 data breach trends of a lower number of breaches is only temporary.

At some point, cybercriminals will have to update their data warehouses. When they do, the ITRC expects a return to the normal threat pattern. It could happen in the second half of 2020, or early 2021. Whenever it happens, it is not expected to happen overnight. Rather, it is expected to gradually happen over time.

For more information, as well as analysis of the 2020 data breach trends, subscribe to our data breach newsletter.

If someone believes they are a victim of an identity crime or believes their identity has been compromised, they can live-chat with an expert advisor or call toll-free at 888.400.5530 to get started on the resolution process. Victims can also download the free ID Theft Help App. The app lets them track their case in a case log, access resources and tips to help them protect their identity and more.

Join us on our weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.


You might also like…

School District Data Breaches Continue to be a Playground for Hackers

Magecart Data Breaches Grow in Popularity

Gaming Data Breaches are a Loot Chest of Data

School districts are a playground for hackers. While the education sector does not see as many data breaches as some others (it ranked third in the Identity Theft Resource Center’s 2019 Data Breach Report with 113 breaches), recent school district data breaches – and breaches of their software systems – have highlighted the value to data thieves.

There have been multiple large school district-related data breaches in the last two years, including Georgia Tech, which affected 1.3 million people; education software developer Pearson, which affected 13,000 educational institutions; and education software developer Aeries, which could have affected over 600 school districts. According to Insurance Business America, a study done by Comparitech said that since 2005, K-12 school districts, as well as colleges and universities across the country, have experienced more than 1,300 data breaches affecting more than 24.5 million records. The AZ Mirror reports that Arizona schools have leaked 2.8 million records since 2005. Arizona is second only to California, who has leaked close to 2.9 million records in that same span.

Fortunately, many of the recent school district data breaches do not involve Social Security numbers (SSN). However, a child’s SSN is a common target for hackers because children are not looking at their information for years. By stealing a child’s SSN, medical insurance card or birthdate, hackers could have up to an 18-year head start before a child discovers there is a problem with their credit or personally identifiable information. Threat actors will likely continue to try to find ways to access children’s SSNs to commit child identity theft and synthetic identity theft.  

Hackers also see school district data breaches as a prime opportunity to target financial accounts, social media accounts and retail accounts that might be linked to email addresses that they obtain. With email account information, hackers can target victims with spam emails, phishing attempts and harmful software viruses, not to mention credential stuffing to gain access to more sensitive data.

There are steps that parents and children can take to reduce the risk of child identity theft from a school district-related data breach. They include:

  • Freezing a child’s credit until they are an adult or plan on using it (for financial aid as an example)
  • Not feeling obligated to give a child’s Social Security number on every form; limit the number of places it is given
  • Changing email passwords and the passwords of any other accounts that use the same password if impacted by a data breach where an email is compromised
  • Considering the use passphrases instead of passwords, which are easier to remember and harder to guess
  • Filing an ID Theft Report with the Federal Trade Commission (FTC) and contacting all three credit reporting agencies (CRA’s) to request free credit reports if personal information is being misused

If someone believes they are a victim of a school district data breach, they can live-chat with an Identity Theft Resource Center expert advisor or call toll-free at 888.400.5530. They can also download the free ID Theft Help App for access to resources, a case log and much more.


You might also like…

Distance Learning Stresses the Importance of Child Privacy and Internet Safety Tips for Kids

Non-Traditional Data Compromises Make Up the Latest Week of Breaches

Mystery Shopper Scams Surface During COVID-19

Data breaches can come in all different forms. Some occur from ransomware attacks and formjacking, while others are related to security lapses at third-party vendors or cyberattacks using stolen credentials. Hackers are always thinking of new ways to target and attack businesses and consumers. Magecart data breaches have grown as the years have gone by. One of the most notable Magecart attacks was on Macy’s in October 2019 when web skimmer malware was discovered on Macy’s website collecting customers’ payment card information.

Magecart is a particular type of malware used by hacking groups that targets the payment information entered into forms on various websites while allowing the transaction to complete without the consumer being any wiser. Magecart hacks third-party components that are common on e-commerce sites. According to Forbes, by October 2019, over 18,000 websites had been infected with Magecart card skimming malware. In the article, RiskIQ said they had spotted Magecart skimmers in action more than two million times. Other notable Magecart data breaches include attacks on the Baseball Hall of Fame, international hotel chains, Ticketmaster and British Airways.

While Magecart attacks will continue, businesses should do their part to protect their customers’ data, and consumers must also exercise caution. According to SC Media, cybersecurity teams at businesses should consider a variety of defenses that limit the risk of threat actors taking advantage of software flaws to infiltrate websites.

Consumers also have a role to play in helping thwart payment information theft, starting with being cautious about where to use payment cards online. Consumers should also consider using newer payment technologies that have more built-in security features than traditional credit and debit cards. Digital wallets like Apple Pay and Google Pay, along with “virtual” payment cards that rely on random, single-use card numbers make card information useless to identity thieves.  

While cyberattacks constantly evolve, it is important for businesses and consumers to also change to ensure their information is safe. If anyone has questions or believes they might be the victim of a Magecart data breach, they can live-chat with an Identity Theft Resource Center expert advisor. They can also call toll-free at 888.400.5530. Data breach victims will get guidance on the next steps they need to take. Finally, victims can also download the free ID Theft Help App, which includes a case log to track the steps taken, additional resources to refer to, instant access to an advisor and much more.


You might also like…

Stalker Data Breach Leads to Sale of Users’ Credentials

Non-Traditional Data Compromises Make Up the Latest Week of Breaches

Mystery Shopper Scams Surface During COVID-19

Gaming companies can be a common target for hackers. The recent Stalker (S.T.A.L.K.E.R. (Scavengers, Trespassers, Adventurers, Loners, Killers, Explorers and Robbers)) data breach is a prime example. Online video games are big business for companies that develop action-packed, web-based games. These companies make money through initial game subscriptions, advertising within the game, data harvesting of the users’ information and microtransactions for tools and extras used in the games, although many of them allow users to play for free. Since a single popular game title can have millions of users, they can become a target for hackers who make money from having access to data.

Stalker Online, an MMO (massively multi-player online) game that lets users all over the world play the role-playing game, recently suffered an attack on its server owned by BigWorld Technology. The usernames and passwords, email addresses, phone numbers and IP addresses for more than 1.3 million players were compromised in the Stalker data breach since the data was stored in a relatively low-level security MD5 algorithm. Once the attack occurred, some sources believe the for-hire hacker Instakilla then managed to extract all of the data and post it for sale on the Dark Web.

While financial information and sensitive data like Social Security numbers were not accessed in the data breach, there is still a lot of harm that hackers and purchasers can cause with the Stalker data. Apart from phishing attacks and ransomware that can occur via email, if any of the Stalker players reused these login credentials on other accounts, then anyone who has access to the stolen data can also access the accounts. Credential stuffing can lead to account takeover or fraud.

Anyone who believes they might be a victim of the Stalker data breach should immediately change the password on their account, as well as the password of any other accounts that have the same password. Users are also encouraged to switch to using a nine to ten character passphrase instead of a more basic password since it is easier to remember and harder for hackers to guess. It is also a good idea to enable two-factor authentication where applicable for an extra layer of protection.

Victims of the Stalker data breach can live-chat with an Identity Theft Resource Center expert advisor or call toll-free at 888.400.5530. They can also download the free ID Theft Help app. The ID Theft Help App offers case management for tracking a case, the ability to directly chat in real-time with an advisor, the option to click-to-call for a customized remediation plan and much more.


You might also like…

Identity Theft Resource Center Announces Change to Board of Directors

Google Alert Scam Sends Fake Data Breach Notifications Embedded With Malware

Hackers Take Advantage of COVID-19 Closures to Launch Claire’s Data Breach