Popular game developer Zynga is the company behind such widely popular apps as Words with Friends, Farmville and Draw Something, but these games are not only popular with smartphone users. A well-known hacker named Gnosticplayers has claimed responsibility for stealing the login credentials for around 200 million Android and iOS users who had downloaded those and other games.

These games allow users to find friends online and play long-distance games, as well as to engage in fun challenges with strangers within the safety of the app. Unfortunately, a hacker was able to inject themselves into the system that controls things like usernames, passwords, email addresses and any Facebook accounts that were connected to the app in order to speed up login as part of the Zynga data breach.

While the hacker did not necessarily grab any highly-sensitive information, the information that was stolen in the Zynga data breach can easily be used for malicious purposes. These include spam emailing, scams and phishing attempts. Of course, any users who reused a password on their apps, meaning one that they use on other unrelated accounts, may have put those other accounts at risk as well.

Zynga is urging all of its users who downloaded these apps prior to September 2019 to change their passwords immediately. If you connected the app to your Facebook profile, it is a good idea to go into your settings and remove that connection, then change your Facebook password just to be safe.

In the future, there are two really important things you can do to minimize the risk from this kind of attack like the Zynga data breach.

First, never reuse a password or use one that is easily guessed.

Anyone who nabs your password in any data breach has automatic access to every account where you have reused it.

Second, avoid connecting your apps, especially frivolous ones like games, to your social media accounts.

It might make it easier to login and you can post updates on how many levels you have beaten at some random three-in-a-row game, but you are also opening yourself up to possible harm.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

New Venmo Scam Targets Payment App Users 

Breach Clarity Helps Consumers Make Sense of Data Breaches

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

 

On September 26, 2019, a DoorDash data breach was announced by the popular food delivery app, leading to hackers accessing the company’s data system. Approximately 4.9 million customers, restaurants and delivery workers had their personal information exposed, including their driver’s license numbers, names and addresses and bank and credit card information. Users who joined after April 5, 2018 were not affected by this breach.

In a security notice regarding the data breach, DoorDash said earlier this month they became aware of unusual activity involving a third-party service provider. They then immediately launched an investigation that led to the determination they were hacked on May 4, 2019. DoorDash continued on to say that customers who signed up before April 5, 2018 potentially had their names, email addresses, phone numbers, order histories and the last four digits of their credit and debit cards exposed. However, full credit and debit card information was not accessed.

Delivery workers and restaurants could have had the last four digits of their bank account numbers taken. However, once again, the full bank information was not accessed. Approximately 100,000 delivery workers also had their driver’s license numbers hacked.

The food delivery app says they are reaching out directly to those affected by the DoorDash data breach with specific information about what was accessed. If consumers have any questions, comments or concerns, DoorDash has set up a call center that is available for 24/7 support at 855.646.4683. In the meantime, here are some things you can do if you think you may have been affected by the DoorDash data breach.

Change Your Passwords Now

Anytime there is a data breach and you think you might have been affected, the Identity Theft Resource Center urges people to change their passwords immediately. Despite the fact that DoorDash says it will be reaching out to everyone affected, however, it is still a good idea to update your password and make sure it is a strong, unique password.

Track Your Steps

According to Identity Theft Resource Center’s 2018 End-of-Year Data Breach Report last year there were 1,244 data breaches reported. What that is less than 2017, the number of exposed sensitive information significantly increased.

In the event you are a victim of a data breach and have a incurred financial costs or expended time and other resources, the ITRC encourages people to be prepared so you can prove your case in the future. You can do that by downloading our ID Theft Help App, which has a case log manager tool to help track any actions you take in response to a breach.

Consider A Credit Freeze

If you were a DoorDash driver before April 5, 2018, you could have had your driver’s license stolen, as well as potentially the names and contact information. Delivery drivers might want to consider putting a credit freeze on their reports to prevent a criminal from opening an unauthorized account in their name.

It is important to note that a credit freeze will stop someone from taking out a credit card or loan in your name, but it does not prevent identity theft not related to opening up a credit account.

Watch for Suspicious Activity

Be sure to track all your accounts daily for suspicious activity whether you were impacted by the DoorDash data breach or not. This also includes being very careful if you get any emails or phone calls from DoorDash. It is common for scams to happen following a data breach. If you see any suspicious activity do not respond and report it.

For more information on the data breach, you can go to Breach Clarity to see what information was exposed and see the risk score of the DoorDash data breach. You can also call the Identity Theft Resource Center toll-free at 888.400.5530 for assistance or LiveChat online.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

New Venmo Scam Targets Payment App Users 

Breach Clarity Helps Consumers Make Sense of Data Breaches

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

 

In our 2018 End-of-the-Year Data Breach Report, the Identity Theft Resource Center reported 907 data breaches that impacted the business sector; these breaches equaled more than the amount reported for the banking, education, government and medical sectors combined. Of the five industry categories ITRC tracks for data breaches (banking/credit/financial; business; education; government/military; and medical/healthcare), business-related data breaches are the most common.

You can learn more by signing up for the ITRC Monthly Breach Newsletter.

That is just one reason why the ITRC has been working to empower identity theft victims with the resources and tools to resolve their cases since 1999. Our mission is to help people proactively reduce their risk of becoming a victim of identity theft and to empower them if they become a victim. Since 2005, the ITRC has recorded over 10,000 publicly notified data breaches. We’re continuing our 10,000 breaches blog series with a look at the top five business data breaches that impacted U.S. consumers and personal information compromised.

Starwood Hotels & Resorts Worldwide, LLC. (Marriott International)

In November 2018, Marriott announced that its Starwood guest reservation database had been accessed by an unauthorized user. Nearly 383 million records were accessed in this business data breach, which included names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest account information, birth dates and encrypted payment card numbers. Hotels are typically hot targets for data thieves due to the sheer volume of people’s data available.

Heartland Payment Systems

Payment processor Heartland Payment Systems announced in January 2009 that its processing systems had been breached one year prior, affecting thousands of businesses and banking institutions. Around 130 million consumers’ credit and debit card information had been stolen including cardholder names, card numbers and card expiration dates, putting all consumers at risk for fraud. An investigation into the business data breach began once Heartland received notifications from Visa and MasterCard about suspicious activity surrounding the payment systems processed card transactions.

Equifax

Once again, Equifax makes the list. As many people know, in 2017 Equifax experienced a hack that exposed 148 million U.S. consumer’s personal information including names, dates of birth, Social Security numbers, addresses, phone numbers, Driver’s License numbers, email addresses, payment card information and Tax ID numbers. In July 2019, Equifax reached a $700 million settlement due to their business data breach and agreed to spend up to $425 million to help the victims of the breach. If you were affected, you can file a claim for cash or free credit monitoring services. You can also file a claim for a minor that has been impacted as well. If you have questions about the settlement and what it means, read more here.

Experian/T-Mobile

In September 2015, Experian North America disclosed a breach of their computer systems that affected 15 million applicants for device financing from wireless provider T-Mobile. Names, birthdays, addresses, Social Security numbers, alternate forms of identification (such as Driver’s License numbers, passport numbers or military ID numbers) were some of the information exposed. While the business data breach impacted Experian’s services, it did not affect their consumer credit database. According to T-Mobile, Experian took full responsibility for the theft of data from its server and offered free credit monitoring services to all the consumers who were potentially at risk.

MyFitnessPal (Under Armour)

It was discovered that an unauthorized party acquired data associated with Under Armour’s MyFitnessPal user accounts in March of 2018. Approximately 150 million user accounts were compromised in the business data breach exposing usernames, email addresses and hashed passwords. MyFitnessPal released a notice of data breach stating they quickly took steps to determine the nature and scope of the issue and were working with data security firms and law enforcement authorities in an investigation. In the same statement, MyFitnessPal recommended users change their passwords for all their MyFitnessPal accounts, review their accounts for suspicious activity, be cautious of any unsolicited communications that ask for your personal data and to avoid clicking on links or downloading attachments from suspicious emails. (These are practices the ITRC encourages consumers to take with all of their accounts to reduce their risk of identity theft.)

Coming Up In 10,000 Breaches…

As we recap the last 10,000 breaches, the ITRC hopes that we can help those impacted – both as consumers and business – understand how to minimize their risk and mitigate their identity compromises. If you received a data breach notification letter, don’t just toss it aside. Call us at 888.400.5530 or LiveChat to talk with a live-advisor on what you should do. If you are a business impacted by a data breach incident, please reach out to the ITRC to discuss how we can provide assistance to your impacted customers.

 As part of this series, in our next 10,000 Breaches Later blog we will take a look at some of the top medical and healthcare breaches since 2005. For a look at all of the 10,000 breaches blogs, visit https://www.idtheftcenter.org/10000-data-breaches-blog-series.

 

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

10,000 Breaches Later: The Benchmark Breaches That Created Systemic Change

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

 

Get the latest trends in data breaches by signing up for the ITRC Monthly Breach Newsletter delivered straight to your inbox.

On July 19, 2019, Pearson PLC reported a data breach affecting approximately 13,000 schools and university AIMS Web 1.0 accounts. The data breach was attributed to unauthorized access by an unknown individual. Students had their names and in some cases dates of birth and email addresses exposed. Additionally, some staff member names, email addresses and work information – such as job title and work addresses – were exposed.

Editor’s note: School districts affected by the Pearson breach have continued to come forward since the initial July 2019 report. ITRC is tracking each school district separately, as well as part of the larger breach by Pearson. Due to the scope of this breach, an unprecedented number of individual student accounts could have been exposed (hundreds of thousands) leaving an unknown number of victims. ITRC will continue to monitor this breach as it unfolds.

In August 2019 there were a total of 130 data breaches exposing 1,748,078 sensitive records.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

10,000 Breaches Later: The Benchmark Breaches That Created Systemic Change

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

 

By 2021, over 2.14 billion people worldwide are expected to buy goods and services online, up from 1.66 billion global digital buyers in 2016. That means retail data breaches will also be on the rise as point-of-sale (POS) systems, e-commerce sites and other store servers are major targets for hackers looking for large volumes of personally identifiable information (PII) and behavioral data.

Sign up for the ITRC Monthly Breach Newsletter

That is one reason why the Identity Theft Resource Center has been working to empower identity theft victims with the resources and tools to resolve their cases since 1999., including helping people proactively reduce their risk of becoming a victim of identity theft. Since 2005, the ITRC has recorded over 10,000 publicly notified data breaches with monthly and cumulative end-of-year report published.

Read next: 2018 End-of-Year Data Breach Report

ITRC currently tracks five industry categories: banking/credit/financial; business; education; government/military and medical/healthcare. ITRC is a leader in reporting new data breach trends. We’re continuing our 10,000 breaches blog series with a look at the five most impactful retail data breaches for consumers.

Target

Retail giant Target makes the list for their 2013 data breach that exposed the payment card information of 40 million people and the personal information of 70 million. Hackers were able to infect Target’s POS systems with malware, disrupting holiday shopping for millions of consumers. Between Black Friday and Christmas shopping, anyone who shopped at Target from November 27 to December 15, 2013 was at risk for fraud. In a public statement to customers, Target said they moved swiftly to address the issue and that they regret any inconvenience it might have caused.

TJX Companies

In January 2007, TJX Companies Inc., operator of stores like T.J. Maxx, Marshalls and HomeGoods, experienced a retail data breach that affected 94 million customers. Payment card information and customer return records, which included driver’s license numbers, military I.D. numbers or Social Security numbers, were stolen by hackers who were able to gain access to TJX’s computer systems that process and store transaction information. TJX reached settlements with a majority of entities in 2007 and 2008.

Home Depot

Target is not the only retailer that experienced a breach of their POS systems. In 2014, Home Depot announced that they had experienced a retail data breach affecting their payment card processing systems. The hackers were able to steal the payment card information of 40 million customers and emails of 54 million. Since the incident, there have been 57 lawsuits filed against the large retailer. While the company did not admit any wrongdoing, they say they settled so they could move forward and put the incident behind them without incurring further costs.

Hudson Bay

Hudson Bay, parent company of Saks Fifth Avenue and Lord & Taylor, experienced a retail data breach that affected the payment card information of five million customers in 2018. Most of the stores affected were located in New York and New Jersey. It is reported that the retail data breach only affected in-store purchases and did not affect its e-commerce sites. In a statement, Hudson Bay said they deeply regretted any inconvenience or concern the breach may have caused. They also said there was no indication that Social Security or driver’s license numbers were stolen.

Hannaford Brothers

In 2008, supermarket company Hannaford Brothers was breached. It affected just over four million customers. Malware was placed on 300 Hannaford servers as part of the retail data breach which allowed hackers to steal customers’ payment card details as they were used at the check-out. Of the just over four million customers who were affected, more than 1,800 reported their credit cards had been used.

As we recap the last 10,000 breaches, the ITRC hopes that we can help those impacted – both consumers and business fall victim to the nefarious acts of fraudsters – understand how to minimize their risk and mitigate their data compromises. If you received a data breach notification letter, don’t just toss it aside. Call us at 888.400.5530 or LiveChat to talk with a live-advisor on what you should do. If you are a business impacted by a data breach incident, please reach out to us to discuss how we can provide assistance to your impacted customers.

As part of this series, in our next 10,000 Breaches Later blog  we will take a look at some of the biggest business breaches since 2005 and what they meant for consumers. For a look at all of the ITRC’s 10,000 breaches blogs, visit idtheftcenter.org.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

10,000 Breaches Later: The Benchmark Breaches That Created Systemic Change

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

 

Online clothing reseller, StockX, has admitted that hackers have compromised their customer accounts. StockX, an online platform for reselling high-end shoes and apparel, appears to have suffered a data breach that affected 6.8 million of its customers’ accounts.

Forced Password Reset

However, that is not the newsworthy part of the story. After discovering suspicious activity on its servers that could have indicated unauthorized access, StockX sent out a forced password reset to its customers following the StockX data breach but did not state why. The information in the message requiring users to change their passwords was so vague that some questioned whether or not the email was a phishing attempt.

When a tech industry news outlet reached out to StockX for a comment on the forced reset, they were told that it was part of necessary system updates. However, that seems not to have been true. The same news outlet was later contacted by a hacker who claims to have stolen the customers’ information and posted it for sale on the Dark Web. The hacker went on to provide 1,000 records from the database to prove the StockX data breach was real.

The outlet, TechCrunch, contacted those individuals and verified that the stolen information, which contained their emails, usernames and shoe sizes from previous purchases at StockX, was accurate. At the time of the discovery, the hacker claimed the database of records had already been purchased at least once.

TechCrunch has not received any updates from StockX and their questions have gone unanswered. It is important for the public to be aware of some of the ramifications in the StockX data breach since it could happen with other companies and future data breaches.

Never Reuse Passwords

Companies actually do force password resets just to be on the safe side. If a security team discovers password combinations from previous data breaches of other companies, for example, they can compare those stolen passwords to ones on their site. If their customers have used the same email and password on this company’s website that they had on a site that has already been breached, that might trigger a forced password reset.

Never reuse a password. The hacker who made off with 6.8 million usernames and passwords in the StockX data breach is hoping that a lot of those people reused their email and password combination on their Amazon account, PayPal account, online banking account or email.

Watch for Phishing Emails

Scammers know that password reset emails are easy to fake. All a scammer has to do is steal the logo from a company’s website, make a fake email address and send it out to millions of people, telling them to click here to change their passwords. Instead, the scammers are gathering up the “old passwords” that the victims typed by following the link.

Customers who were suspicious are very smart. As a result of phishing tactics, it was incredibly savvy of the customers who reached out to the company and tech experts for advice. Never click a link you were not expecting or verify your account information for someone who contacts you.

Have Good Identity Hygiene

Change your passwords frequently, especially if you receive a notification like this one in the StockX data breach. It is simple and smart to change your passwords, just do not rely on an email with a link to do it. Go directly to the company’s website yourself and change your password in your profile settings. Ignore and delete the email, whether it was legitimate or not, and handle the password reset yourself.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Poshmark Data Breach Leads to Emails and Passwords Being Exposed 

10,000 Breaches Later: The Benchmark Breaches That Created Systemic Change 

Robocalls and What to do About Them 

 

The recent Choice Hotels data breach contains so many cybersecurity variables that it is difficult to process the entire breach. Three separate problems all came together to expose an estimated 5.6 million records, although the situation is not as dire as it might seem.

Problem #1 – An accidental data breach

The first issue in the Choice Hotels data breach was an exposed server. Accidental overexposure data breaches are becoming more common, and they are the result of a mishap on the part of the entity in charge of securing company information. These online storage options are basically remote servers housed somewhere else. A company logs into their account, stores all their sensitive information and pays a fee for this service. It is supposed to be more secure and allow businesses to access their data from anywhere. Too often, though, the server is left unprotected and without a password to secure it. That means literally anyone who stumbles upon it online can access all of the information.

Problem #2 – Someone found it

In many accidental overexposures, the company is alerted to the problem by an outside security researcher or helpful tech expert who discovered it. These events are still treated as serious matters since someone could have found and stolen the information quietly. In the case of the Choice Hotels data breach, someone did find it and stole the records, then left a note demanding Bitcoin payment as ransom in order to delete their copy and not tell anyone about the breach.

While this was not actually ransomware, software that infects your system until you pay the hacker’s fee, the tactic was the same. Pay up, or we sell your information and announce that you were breached.

Fortunately, Choice Hotels did not try to cover it up. They carried out a cybersecurity investigation and learned that the stolen information was far smaller than they had originally thought. It was around 700,000 records and may have only included names, email addresses and phone numbers, which is still serious, as scammers can use this information to target these customers with phishing attacks.

Problem #3 – It wasn’t Choice Hotels’ server

The third variable in the Choice Hotels data breach was an outside vendor who left their own server unprotected. While the information belonged to Choice Hotels and was, therefore, their responsibility, a third-party vendor was using the database to demonstrate a new tool that would help Choice Hotels with some aspect of service. Instead, the vendor left their server exposed and allowed the information to be accessed by a hacker.

This kind of third-party relationship has long been the weak link in cybersecurity. The now infamous Target data breach in 2013, for example, involved an HVAC company that serviced some Target stores. Hackers worked their way into the company’s computers due to lax security practices and used that connection to steal millions of payment card account credentials on Black Friday that year.

It is odd to see so many things go wrong in the same data breach, but it happens. The Choice Hotels data breach, while limited in size and potential damage, should serve as a wakeup call to businesses who are working diligently to protect their customers’ data. It is critical that businesses understand who can access information, what they can do with it, how vulnerable it might be and what harm can come about as a result.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Background Check Websites Offer Scammers Your Data 

10,000 Breaches Later: The Benchmark Breaches That Created Systemic Change 

Robocalls and What to do About Them 

 

The latest Poshmark data breach has led to personal identifying information (PII) being exposed for some users of the marketplace concept that lets people buy and sell clothing and beauty items.

Thanks to the abundance of websites and apps that let us buy, sell, and trade, it has never been easier to find what we love. That is the theory behind Poshmark. On the buyer side, you can look for just the right outfit from users’ virtual closets. On the seller side, you can make some money for items you have already got hanging at home.

Unfortunately, a platform like that will draw quite a few users, which can put it in a hacker’s crosshairs. The company announced it had discovered a data breach of its servers, and it has now helped to specify what types of information were compromised.

The information exposed in the Poshmark data breach appears to be limited to variables like email and username, as well as some shopping preferences like common sizes and encrypted passwords that are not supposed to be visible even if a hacker accesses them. However, to be on the safe side, Poshmark recommends changing your password if you discover that your information was affected by the Poshmark data breach.

Check Where Your Info May Have Been Compromised

There are a couple of handy tools that can help keep internet users safe. The first is a fairly comprehensive website known as HaveIBeenPwned.com. You simply type in your email address and it will show you exactly which known data breaches have contained information related to your email. It is a good idea to try it with any email account you have, even ones that are outdated or you no longer use.

The other tool appeared as part of Mozilla Firefox’s latest browser update. By even visiting Poshmark.com or its blog, Mozilla popped up a quick tab that explained user data had recently been stolen from that website. The option to enter your email address to check on your data was included in the popup. Other platforms offer similar tools, and they can help you keep tabs on where your information may have been compromised.

Change Your Password

Poshmark’s advice is sound. In the Poshmark data breach or any other data breach, changing your password should always be one of your first steps.

Never Reuse Passwords

Also, this serves as the most recent reminder of a crucial data security rule: Never reuse your email and password on multiple accounts. If any hackers gained this information from Poshmark, they can easily use it to cross-reference against other, more sensitive websites and apps. If any Poshmark account holders reused their passwords for their email, web retailers, social media, workplace computers, financial accounts or more, the hackers now control them. Change your passwords immediately if you are one of the many consumers who reuse your passwords, and do not forget to update them regularly just to be safe in case there is a data breach like the Poshmark data breach.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Background Check Websites Offer Scammers Your Data 

10,000 Breaches Later: The Benchmark Breaches That Created Systemic Change 

Robocalls and What to do About Them 

 

The unsecured Facebook server contained nearly 500 million users’ contact info including a treasure trove of usernames and phone numbers. More than 220 million of them, were found for sale online, leading to a Facebook server leak.

How much does it cost to buy access to hundreds of millions of people? Just $1,000.

According to CNET, Elliott Murray, CEO of UK-based cybersecurity company WebProtect, found the information for sale on the web forum in May. He believes it is the same list that TechCrunch reported Wednesday was found on an unsecured web server by cybersecurity researcher Sanyam Jain.

Where did this sensitive information come from in the Facebook server leak? Facebook thinks it might be related to an old feature the company has since shut down. For a while, users could locate each other by phone number rather than Facebook username. Executives realized that feature could be used to steal phone numbers and sell them for spam marketing purposes.

That is apparently what happened in the Facebook server leak. Databases of stolen information are for sale all over the Dark Web. When the database contains complete identities, thieves buy them for identity theft, fraud and even those robocalls you get on a daily basis. However, when it is just lists of email addresses or phone numbers, they still want these in order to send out spam, attempt to scam people or turn around and sell the list to someone else.

Facebook has used an important turn of phrase regarding the Facebook server leak: publicly available. That can mean that this is not “sensitive” information under data breach laws. It does mean, though, that someone did the hard work of compiling the info into an easy-to-use, easy-to-sell database.

There is no cause for concern regarding the security of your actual Facebook account from the Facebook server leak, but it is a good idea to pop into your profile settings and delete your phone number. It will not help if your number has already been posted online for sale, but it can prevent future data scrapes from nabbing your contact info.

There is another lesson to be learned from the Facebook server leak: do not overshare. If you are signing up for a new account and you see that some registration items are optional (like email address or phone number), skip them. If the company does not need it in order to establish your account and let you utilize their site, then it is just one more piece of data that can be compromised. Protect your data and only give it to those who really need it.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Robocalls and What to do About Them 

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

Airport Technology Risks Can Threaten Your Identity 

 

 

The Identity Theft Resource Center has been working to empower breach victims with the resources and tools to resolve their cases since 1999. That includes helping people proactively reduce their risk of becoming a victim of identity theft, especially after they were impacted by a data breach. Since 2005, the ITRC has recorded over 10,000 publicly notified breaches. Here is a look at five watershed moments that created systemic change for consumers.

Equifax

In 2017, 148.8 million people were affected by this impactful data breach that through the Freedom from Equifax Exploitation Act led to credit freezes being free and regulation changes as noted in ITRC’s “Equifax One Year Later Aftermath Report.” On July 22, 2019, Equifax reached a $700 million settlement with the Federal Trade Commission (FTC) where Equifax agreed to spend up to $425 million to help victims of the breach. And it’s changing the standard of proof for settlements – shifting the onus from the entity that was breached to the consumer having to prove that they were impacted. Because of Equifax, we’re still seeing people push for data breach law reform.

Target

During the busy holiday season in 2013, Target was hit by a data breach that exposed the credit card data of 40 million people and the personal information of 70 million, upsetting lawmakers. This breach made customers uneasy about using payment cards and was a catalyst for pushing forward the adoption of chip card technology. It also created a greater understanding of the need for authentication options. Consumers are now more acutely aware of their transactional engagements with retailers and how their financial information could be a gateway to other types of compromise.

Anthem

In 2015, Anthem suffered a large consumer data breach that impacted nearly 80 million people. The information compromised included names, birthdates, Social Security numbers, addresses, phone numbers, email addresses and employment data that could have included income information. Minors who were on their parent’s health plans were affected, which is particularly troubling due to the long shelf-life of the static data (SSNs) that was compromised. In 2018, Anthem agreed to take corrective actions and pay the U.S. Department of Health and Human Services, Office for Civil Rights $16 million to settle violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. In order to place a claim for the settlement, victims needed to provide proper documentation for out-of-pocket costs. The Anthem breach is considered to be the largest health data breach and the largest HIPAA settlement in the United States.

OPM

Over 21 million people were affected by the second Office of Personal Management (OPM) impactful data breach, which occurred in 2016. Investigators determined that 19.7 million applicants for security clearances had their Social Security numbers and other personal information stolen – including biometric and protected health information. Not only did it impact those that were under OPM’s jurisdiction, but it also impacted those that were dependents as well. It was a sophisticated, large-scale hacking event that resulted in the creation of the National Background Investigations Bureau (NBIB).

ChoicePoint

ChoicePoint was part of a large impactful data breach in 2005 that led to the personal information of at least 163,000 Americans being sold to a crime ring. Fraudsters, posing as customers of the company, gained access to the company’s background check database – giving them the ability to mine sensitive personal information for nefarious purposes. In 2008, ChoicePoint agreed to pay $10 million to settle a class-action lawsuit. Since the breach, Senators have proposed a law to regulate the data broker industry called the “Data Broker Accountability and Transparency Act.”

Bonus Breach: U.S. Department of Veteran Affairs

This 2006 data breach affected 26.5 million veterans, spouses, active-duty military personnel and reserve military personnel. It led to the acknowledgment of many vulnerabilities in the VA. It also heightened awareness of the importance of protecting computer equipment containing personally identifiable information and responding to effectively to a breach that poses privacy risks. Lessons learned included rapid notification of key government officials being critical, a core group of senior officials being designated to make all decisions regarding an agency’s response and determining when to offer credit monitoring to affected individuals requires risk-based management solutions.

As we recap the last 10,000 breaches, the ITRC hopes that we can help those impacted – both as consumers and business – understand how to minimize their risk and mitigate their identity compromises. If you received a data breach notification letter, don’t just toss it aside. Call us at 888.400.5530 or LiveChat to talk with a live-advisor on what you should do. As part of this series, in our next 10,000 Breaches Later blog we will take a look at some of the top retail breaches since 2005. To stay up to date on the latest news in identity theft and data breaches, sign-up for our newsletters.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

Should You Consider Credit Monitoring Services as Part of a Breach? 

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches