and two that changed how we should perceive our data…

Since 1999, the Identity Theft Resource Center has been hard at work empowering identity theft victims with the resources and tools to resolve their cases, as well as helping people proactively reduce their risk of becoming a victim of identity theft. One of the most common ways consumers have their information misappropriated is through data breaches. Since 2005, we have recorded over 10,000 publicly notified breaches. Let’s look at the top three major data breaches with the biggest impact to consumers based on our new risk assessment tool, Breach Clarity, developed in partnership with Futurion and its creator Jim Van Dyke.

Based on ITRC’s database of data breach notifications and Breach Clarity’s proprietary processing, Van Dyke says consumers can be better educated on the significance of which breaches rank as the all-time riskiest to the individual consumer in terms of both size and scope.   The new tool includes the potential impact on the affected individual identity-holder, what types of identity theft could occur based on the records exposed and what steps that person needs to take to minimize his/her risk. Here is a look at the top five major data breaches that impacted individuals in the United States:

The U.S. Office of Personal Management

In June 2015, The U.S. Office of Personal Management (OPM) was the target of two separate hacking events exposing background investigation records of 21.5 million Federal government employees and contractors. Some of the information impacted was Social Security numbers (SSN), fingerprint data and security clearance information. Additionally, it also exposed PII of dependents including SSNs, date of birth and other information.

OPM was one of most significant major data breaches in memory, with it ranking a ten in severity on Breach Clarity. Van Dyke says it created a risk through the exposure of security clearance and biometric data for those working in service of our country.


Credit reporting agency, Equifax, experienced a hack in 2017 that exposed 146.6 million U.S. consumer’s personal information. “Equifax has been regarded by many to be the worst of all data breaches because this hack generally exposed Social Security numbers for a massive amount of individuals,” Van Dyke said. The information exposed included names, birthdays, SSNs, addresses, phone numbers, Driver’s License numbers, email addresses, payment card information and Tax ID numbers.

While this major data breach ranked ten in severity and exposed so much information, it is not among the worst in terms of per-victim impact. As we learn more about the settlement process <link> for this breach, each individual consumer will need to assess the impact based on their circumstances.

Anthem, Inc.

In 2015 Anthem, Inc. had a major data breach, exposing nearly 79 million sensitive records. Van Dyke says it created a dangerous risk, receiving an overall risk level of eight. Breach Clarity shows that it created a unique pattern of risk that included new financial account creation and tax refund fraud.

There were two other breaches that really changed how consumers viewed their data and how companies should secure it. No two breaches have the same impact, but Facebook and Yahoo brought the spotlight on how companies could manage their users’ data security better. It also reminded users that they are ultimately responsible for the information that is being housed in any particular platform. When all else fails, don’t share it if you don’t want it to be potentially exposed publicly.


In 2018, hackers were able to tap into the ever-popular social media landscape stealing account access tokens from Facebook and then using them to access user names, contact details and profile information like usernames, birthdays and device types used to access to access additional information.

“The Facebook breach represents a particularly unique type of breach,” Van Dyke said. “It represents behavioral data that victims may not be prepared to respond to. It is unlikely that even a social media behemoth like Facebook will earn a top risk score in Breach Clarity, yet again we need to continue understanding how personal relationships and behavioral data increase risk of a variety of crimes.”

The security hack affected 50 million accounts and led to tokens being stolen from 30 million of them, resulting in the major data breach getting a risk score of five on Breach Clarity.


After experiencing a major data breach affecting 500 million users in September 2016, Yahoo announced a second breach just months later in December that affected more than one billion user accounts. “Yahoo was one of the biggest data breaches ever,” Van Dyke said. “Both in sheer number of victims and the duration of exposure during which criminals had access to private data.”

An unauthorized third party stole information like names, email addresses, phone numbers, birthdays, passwords and security questions and answers from users. Van Dyke says users who emailed private documents like tax returns may be at particular risk because criminals may have also had access to personal email records. He says Breach Clarity cannot predict all of the possible identity theft and fraud risks because of the varying nature of private data exposed while the criminals had access. This particular major data breach received a risk score of four.

Also, you can use Breach Clarity to see the actionable steps you can take after a data breach. If you think you might have identity theft, speak to one of our advisors for free assistance at 888.400.5530.

As we recap the last 10,000 breaches, the ITRC hopes that we can help those impacted – both as consumers and business – understand how to minimize their risk and mitigate their identity compromises. If you received a data breach notification letter, don’t just toss it aside. Call us at 888.400.5530 or LiveChat to talk with a live-advisor on what you should do. As part of this series, in our next 10,000 Breaches Later blog we will take a look at some of the top retail breaches since 2005. To stay up to date on the latest news in identity theft and data breaches, sign-up for our newsletters.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

10,000 Breaches Later: The Benchmark Breaches That Created Systemic Change

Should You Consider Credit Monitoring Services as Part of a Breach? 

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches


Consumers have a new law in New York to thank for providing additional protection from identity theft and data breaches. The law, which was passed by the state legislature in June in response to the rash of record-breaking data breaches and updated regulations, spells out how companies must respond when a breach event occurs.

The new law in New York even applies to businesses outside of the state. If the victims of the breach are New Yorkers, the company must comply with the steps outlined in the law no matter where they are located. This can have a domino effect of sorts since disclosing the breach to those residents can help make consumers in other states aware that a breach has occurred, even if they are not going to be receiving notification letters due to their locations.

Moreover, the SHIELD Act in New York will cover biometric data, not just personal identifiable information like Social Security numbers or usernames and passwords. If a company gathers and stores things like fingerprints or blood type, that information is now considered worthy of triggering a data breach notification. In the past, different states have had different rules on what requires a notification letter, and until now, biometric data was not included in New York.

Further, the SHIELD Act will require companies to inform victims as quickly as possible that their information was compromised. If there are more than 500 victims from New York the company is also required to inform the state’s Attorney General’s office. It also outlines which types of information require a notification letter, such as email addresses and passwords, birthdates and SSNs.

The SHIELD Act signed last week by Governor Cuomo, goes into effect in March 2020. It is based on a lot of consumer protection concepts that were put into place in Europe under the GDPR regulations that were enacted last year. The new law in New York was also inspired in part by the Equifax data breach from a year ago, an event in which 147 million consumers had their complete identities stolen by hackers.

For its part, Equifax has now launched its claims website for consumers to find out instantly if their information has been compromised. If it has, the steps for filing a claim and seeking compensation are included on the site. The claims site can be found at

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

How to File an Equifax Claim for Data Breach Settlement

How To: Place a Free Credit Freeze

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches


Thousands of schools and students were recently affected by the Pearson data breach. Educational software developer Pearson announced that it suffered a data breach of its AIMSweb platform. The FBI first alerted Pearson to the issue, and after investigating, the company discovered approximately 13,000 educational institutions’ AIMSweb accounts were breached by an unknown individual. There could be thousands of individual student accounts at each different institution, leaving the total number of victims unclear.

It is tempting to think that the Pearson data breach is not very serious because affected students had their names disclosed in the breach, but only some of the students had their email addresses and dates of birth compromised. However, despite the limited dataset, hackers can actually cause serious damage:

  • If the hackers of the Pearson data breach manage to infiltrate any of the email accounts, they can potentially target the students’ other accounts, like retailers, social media, and even work-related accounts
  • With access to the email accounts, the hackers could also be able to target the students’ devices themselves, if the accounts are also linked to their device manufacturers
  • Even without taking over any accounts, the hackers can target the victims with spam emails, phishing attempts and harmful software viruses

Also, if the hackers of the Pearson data breach are able to infiltrate individual schools, having access to the students’ email addresses and birth dates can have other serious implications. Despite not compromising more sensitive information like Social Security numbers and not having any proof that the information has been used maliciously by the hackers, Pearson has stated it will offer free Credit Monitoring Services for affected victims of the Pearson data breach.

It is important to understand the seriousness of a data breach notification letter. In the event of any data breach in which any of your information may have been accessed, you need to take advantage of whatever protection the company is providing. Even if the stolen records do not contain highly sensitive material, this kind of service helps safeguard your information in the event a hacker is able to connect the dots between different data breaches and form a more complete picture of your identity. Ultimately, the Identity Theft Resource Center recommends each potential victim of the Pearson data breach to do what is best for them given their situation.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

How to File an Equifax Claim for Data Breach Settlement

How To: Place a Free Credit Freeze

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches


With the recent Equifax data breach settlement, as well as the large Capital One breach, many people are asking questions about credit monitoring services. Should I use them? What are its benefits?

The conversation really gained steam when Equifax began offering free credit monitoring services to people impacted by their breach. Credit monitoring services are simply a mechanism for the Credit Reporting Agencies (CRAs) to track a consumer’s credit file in order to detect any suspicious activity or changes. In regards to whether or not you should take advantage –that really depends on your specific situation.

Should I enroll in credit monitoring services?

If you are already receiving credit monitoring services, maybe as a benefit through your employer, financial institution or insurance carrier for example, then passing on the monitoring aspect might make more sense. However, if you do not have access to robust credit monitoring services and have the ability to enroll in free credit monitoring services offered as part of a breach – such as Equifax, it may be a good option.

Should I place a credit freeze as well?

Ultimately, the Identity Theft Resource Center recommends consumers take advance of both credit monitoring services and credit freezes if they fall victim to a data breach. Along with your credit history being tracked, a credit freeze can stop any new accounts from being activated. Credit freezes do not impact existing credit accounts which report your payment history and account health to the CRAs. It only limits access to your credit reports to create new lines of credit.

It is important to remember that should you need to lift a credit freeze for any reason, like in order to apply for a new account like a home mortgage for example, the credit monitoring will catch any other accounts that someone with malicious intent might try to open. However, it is ultimately up to the consumer to decide what is best based in their set of circumstances.

What are the benefits of both?

Credit monitoring services and credit freezes provide their own benefits to keep consumers as safe as possible. The ultimate goal of credit monitoring services is to keep your accounts protected in a possible time of vulnerability. Monitoring can also catch suspicious activity on your existing accounts that may have been compromised due to a breach.

What if I need more help?

At the end of the day, do what is best for you. You can contact the ITRC for free assistance at 888.400.5530 with any questions you might have about your particular situation.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

How to File an Equifax Claim for Data Breach Settlement

How To: Place a Free Credit Freeze

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches


A newly reported LAPD data breach has affected thousands of police officers and officer candidates in the Los Angeles Police Department. According to the announcement, the information included names, email addresses, birth dates and parts of their Social Security numbers, which led officials to believe it may have been information that was used to set up their accounts while seeking employment with the LAPD.

An alleged hacker reached out to the city to inform them of the breach, then produced samples of the stolen information in the LAPD data breach as proof. The hacker claimed to have received it from external sources rather than by attacking the city’s servers. There is still no proof that the hacker actually has the complete file set instead of just the samples they provided. There is also no word yet as to what the LAPD data breach hacker intends to do with it or what action they expect the city to take next.

Targeting specific organizations or industries is common. Whenever a hacker has the opportunity to access stored data, it can often involve a hospital’s patient records storage or a school’s student files. It is not unheard of for hackers to target a specific police department or even to target the officers themselves, like the LAPD data breach.

For example, an unknown number of teachers were affected by the breach of the Texas Association of School Boards, which had stored profiles on school systems’ employees within that state. The compromised information included names and Social Security numbers. In 2016, all of the employees and former employees of the social media platform Snapchat had their complete identities stolen when a hacker sent a phishing message to someone at the company, pretending to be the CEO. Even the government is not immune from this kind of threat, as the Office of Personnel Management breach in 2015, in which millions of employees’ complete identities and biometric data like fingerprints were stolen, demonstrated.

For their parts, the City of Los Angeles and the LAPD’s police union are taking the LAPD data breach very seriously. Things like credit monitoring and notification letters are important, but victims of the LAPD data breach also have to be on the lookout for any unusual activity involving their identities. They can also place a free credit freeze on their credit reports in order to attempt to block unlawful activity.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

How to File an Equifax Claim for Data Breach Settlement

How To: Place a Free Credit Freeze

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches


Capital One, Who’s in Your Wallet?

Announced Monday, July 29, 2019, a Capital One Data Breach puts 106 million consumers at risk. The credit card company released a statement citing “unauthorized access by an outside individual” that occurred in March of 2019, as the cause of data breach. The breach puts consumers at risk who applied for a credit card with Capital One and their existing customers. The company approximates that 100 million Americans and 6 million Canadians’ information was exposed.

Small businesses and individuals were victims in the Capital One data breach with information disclosed including name, address, date of birth, email address, credit scores, credit limits, payment history, and balances. Roughly 80 thousand linked bank account numbers of credit card customers were also exposed. Capital One reports that no credit card information was compromised. They also say 99 percent of Social Security numbers (Social Insurance numbers for Canadians) were not exposed, although 1 percent of 106 million is still 1.06 million affected consumers between the U.S. and Canada.

Take Action Now

If you are a victim of the Capital One data breach, the company has announced it will “notify you through multiple channels.” Lacking specifics, Identity Theft Resource Center suggests taking a proactive approach if you think you could be a victim of the breach.

Freeze Your Credit

This includes steps like freezing your credit report and checking financial statements. Try logging onto your account to see if there are notifications regarding the breach waiting for you.

Be Aware of Scams

Also, be wary of anyone calling in regards to the breach and asking to collect personal information. Capital One is not notifying victims via phone and asking for Social Security numbers or financial information, if someone contacts you in this regard it is a scam.

Document Your Steps

Also, start documenting your activities utilizing the ITRC’s ID Theft Help App – that way if you need to provide the documentation on what you’ve done in the future, you have recorded the time and effort you’ve spent.

While there is no proof that the compromised information has been used to commit identity theft or fraud, there is no time limit on identity crime. Millions of user information has been exposed, and there is no taking it back from the hacker or the places she chose to distribute it. The victims of the Capital One data breach will be offered credit monitoring and “identity protection” at no-cost, but the company does not offer details on the length or terms of these services.

The credit card company says the data breach was allowed by a configuration vulnerability and they have since fixed the issue. Capital One also worked with the Federal Bureau of Investigation (FBI) and the alleged hacker has been arrested, an unusual event compared to most data breach cases.

Sign Up For Identity Theft and Data Breach News

Sign up for the TMI Weekly to stay in the know about potential threats to your identity/privacy and tips to keep you safe. Our monthly breach alert keeps you posted on the latest trends and activity in the world of breaches.

Free Identity Theft Assistance

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

This news is currently evolving and we will update as announcements are made available.  

You might also like…

How to File an Equifax Claim for Data Breach Settlement

How To: Place a Free Credit Freeze

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches


By Eva Velasquez, CEO & President of Identity Theft Resource Center

The Equifax data breach of 2017, exposed the personal identifying information of over 148 million Americans. One Hundred Forty-Eight Million. To not be affected by, or know someone affected by the breach was nearly impossible. The data exposed was some of the most personal, like Social Security numbers, full credit histories, financial account information and names and addresses. The breach had a strong negative impact and broke consumers’ trust. Equifax – one of the three main credit reporting agencies (CRAs) – was widely regarded as a dependable company and a necessity to work with to be able to secure lines of credit. Americans gave them personal information in exchange for a necessary service, and Equifax failed to protect them.

Now, an Equifax data breach settlement has been reached in the case of the 2017 incident. The credit reporting agency will pay up to $700 million, the largest breach settlement to date. The funds will be split between paying civil penalties and compensating victims. While a large amount of dollars dedicated to Equifax’s efforts to correct their wrongs can be seen as a good thing, the way these dollars will be dispersed among the effected population is relatively unclear.

At least $300 million and up to $425 million of the settlement will go toward victim redress. This includes providing free credit monitoring, reimbursing victims who paid out of pocket to protect or recover their identity and offering identity recovery services. However, the weight will still be placed on the consumers. Victims will have to file a claim, a process that still has not been disclosed, to receive any of the compensation pool. For now, the Federal Trade Commission is recommending that victims save all physical evidence of efforts to secure their identity because of the Equifax data breach and sign up for email updates. Putting the burden of proof on the consumer, not the company responsible for the breach.

Many questions remain: What victims will qualify for reimbursement? How will victims provide accurate evidence of their efforts and misfortunes? Is this fund only for victims who purchased identity theft services? What is the option for victims who did not have the resources then or now to purchase paid services or avail themselves of free services like those Identity Theft Resource Center provides?

Read next: How to File an Equifax Claim for Data Breach Settlement

If all victims filed claims and funds were distributed equally to all 148 million people, each would receive fewer than $3.00 in funds or cost of assistance. This does not accurately reflect the true value of the data that was compromised. Additionally, while the free credit monitoring services offered can span up to 10 years – a large increase from the historical settlement of 1-2 years – identity theft has no expiration date. The threat of identity theft does not decrease as more time passes from the date of the breach. The victims are perhaps more vulnerable as time goes on and they become less diligent in reviewing potentially affected accounts. Personal identifying information can be used to commit identity theft or fraud no matter the date it was exposed. There is no timeline for identity theft, but there is a cap on how many years Equifax will provide free services to victims per the settlement.

The other $275 million of the settlement will be used to pay civil penalties – $175 million to 48 states, Washington D.C. and Puerto Rico and $100 million to the Consumer Financial Protection Bureau. We believe the best use of these dollars would be funding consumer assistance programs within these organizations to continue to help victims of this and other data breaches.

In addition to the monetary payout, the settlement also requires Equifax to comply with more rigorous security standards. While this is not as flashy as a large dollar amount, it is perhaps even more important. It is the industry saying we need to hold our companies more accountable for the privacy of consumers. These standards include regular audits, dedicated staff for security and third-party safeguards. While a step in the right direction, companies must remember the speed of which the industry changes. The best security standards by today’s measures might be the worst a year from now. We must continue to petition businesses to protect consumer privacy and urge consumers to take the necessary precautions to minimize their risk of identity theft and fraud.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us.

If you are a member of the media and would like to contact ITRC regarding the Equifax breach, please email

For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

How to File an Equifax Claim for Data Breach Settlement

New Tool Helps Consumers Make Sense of Data Breaches

How To: Place a Free Credit Freeze

In 2017, criminals accessed Equifax’s database of consumers exposing the personal identifying information of over 148 million Americans. Equifax, one of the three main credit reporting agencies (CRAs), noted that Social Security numbers, addresses, birth dates and credit card information were all apart of the information exposed. This data breach created an increased risk of identity theft for millions of Americans. Now over two years after the breach was reported, a settlement has been reached. Details are still emerging but it’s important to understand the basics of what we know today.

The Equifax settlement agreed to pay up to $700 million dollars for harms caused by the data breach – the largest monetary settlement in data breach history. In the settlement, filed on July 22, 2019, Equifax agreed to spend up to $425 million to help the victims of its 2017 data breach. An additional $275 million will be spent to pay civil penalties. Also included in the Equifax settlement is the requirement to update security protocol and increase measures to protect consumer information.

If your information was exposed in the data breach, Equifax should have notified you directly via mail. A part of the settlement, a new breach claim site will also have a tool for consumers to check if their information was exposed. If you were affected by the breach, the Equifax settlement is offering certain benefits to minimize your risk of identity theft.

Settlement Benefits for Victims

First, Equifax will provide a total of up to 10 years in free credit monitoring services. The first 4 years will be provided for all three major CRAs – Equifax, TransUnion and Experian. Then Equifax will provide the services for monitoring their report for an additional 6 years. If you were a victim of the breach and a minor, even more services are available at no cost. If victims choose to opt-out of the free credit monitoring option, they may be eligible for a $125 cash payment.

Second, victims who have already dedicated resources to protecting their identity because of the Equifax breach could be reimbursed up to $20,000. This includes time spent protecting your identity or efforts to recover it. It also includes any money spent like the cost of lawyers or fraudulent financial charges. It’s unclear what the specifics behind how to obtain this reimbursement, but consumers will most likely bear the burden to prove the impact in order to receive compensation.

Finally, if you did fall victim to identity theft because of the breach Equifax is providing free restoration services. These services are offered for up to seven years and can be used if someone steals your identity or if you are a victim of fraud. Again, it’s unclear how consumers will have to prove that they were directly victimized as a result of the breach, but as details emerge we will share information.

As of July 24, 2019, the settlement administrator is now accepting claims. The deadline to file a claim is January 22, 2020. Find the full details here:

Read our guide on How to File an Equifax Claim for Data Breach Settlement

Beyond the financial impacts of the breach, nearly 90 percent of respondents said they experienced adverse feelings or emotions within one year of the initial event as reported in The Aftermath: Equifax One Year Later study by Identity Theft Resource Center.

Stay Updated with Alerts

The Federal Trade Commission (FTC) says the settlement is still in process and claims can be made after court approval. The FTC is regularly updating information as it becomes available at

Steps to Reduce Your Risk

Being a victim of the data breach does not automatically make you a victim of identity theft; however, it does greatly increase your risk. There are some steps ITRC recommends that can reduce your risk of identity theft. You can also call to speak with one of our expert advisors at no-cost at 888.400.5530 or livechat to learn more about your risk and preventative measures.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

How to File an Equifax Claim for Data Breach Settlement

How To: Place a Free Credit Freeze

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches


A newly disclosed smart home breach has consumers and tech manufacturers concerned. Luckily, it appears to be the work of the good guys or “hacktivists.” These cybersecurity experts infiltrate networks and find security flaws to inform the companies so they can fix these problems. In this case, they found a database containing private, sensitive information that all led back to more than one million consumers’ smart home devices.

2 Billion Records Left Exposed

Noam Rotem and Ran Locar from vpnMentor discovered a large database of information that had been left unsecured online. The database belonged to a Chinese smart home management company, Orvibo. This company’s platform allowed users of smart devices like light switches, outlets, and video cameras to manage all of their home electronics. Orvibo had left a database with more than 2 billion separate lines of information open to the internet without any kind of password protection, resulting in a smart home breach.

Anyone who knew to look for it, or who happened to stumble across it online, could find usernames, passwords, reset codes and even video recordings from home cameras. Precise GPS locations to the homes that had these devices were also included in the list, as well as the IP addresses to the homes’ computers.

How It Happened

To understand how this smart home breach happened, just look at other accidental exposure breaches that have made recent headlines. Cloud-based storage solutions like Amazon S3 web servers are automatically set to a “no password,” open default. It is up to the server account’s owner to change that setting and enable a password. In this case, companies have stored massive amounts of sensitive information online but failed to password protect it.

Potential Harms

While any data breach has the potential for some kind of harm, this kind of breach allows attackers to literally infiltrate your home through your technology. Smart locks on doors, security cameras, video baby monitors and thermostats are just a few of the devices that a malicious hacker could take over by resetting the device and changing the email address on the account.

Protecting Your Smart Home Privacy

So what can you do when it comes to keeping your smart home safe?

  • Password protecting everything at the home level, not just a once-and-done password on your account or internet connection, is a good place to start.
  • It is also important to make sure your Wi-Fi router and internet connection are password protected.
  • Be sure to, change your passwords frequently and never reuse a username and password combination.

Orvibo recommends that its customers change their device passwords immediately. This is a good idea for all smart home device users from time to time. That way, if someone stumbles on sensitive information online, it will be outdated and less likely to cause you harm.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Government Cracks Down on Robocalls

Millions of Venmo Payment Apps Accessed Publicly

Rental Car Risks: What it means for Your Identity

Dominion National, a US-based health and dental insurance provider, has recently made a startling discovery concerning a breach of its stored information. As better cybersecurity tools are developed, the time it takes to discover a breach incident, like the Dominion National data breach, and inform the victims is getting shorter. Some breaches have been discovered just hours after the fact, while others have actually minimized the damage by recognizing an attack while it was in progress.

Anything that can shorten the amount of time between a cyberattack and the discovery of one is a good thing. However, it is not always typical. In fact, Dominion Nationals’ data breach began nearly ten years ago.

An internal investigation with the help of cybersecurity experts is ongoing, but the investigation first began due to an internal alert. The findings revealed that a lot of client information was potentially accessible by unauthorized outsiders. The information included names, addresses, birth dates and Social Security numbers. In some cases, the information also included linked bank account numbers and routing numbers. Dominion National is sending out data breach notification letters but has not disclosed how many of its customers were affected by the Dominion National data breach. It is also unclear whether or not any of the compromised information was accessed by outsiders and used maliciously.

The Dominion National data breach is not necessarily isolated to just them. Any company, even ones who have suffered other data breaches or cyberattacks in the past, could uncover evidence that their data was not secure and had not been for quite some time. Even as better security tools and protocols come along, old and long-term events like this one are not disappearing.

For affected consumers, it is important to follow the instructions in the Dominion National data breach notification letter precisely. The company is offering two years of credit monitoring to those whose information is known to have been compromised. It is vital that you follow the letter’s recommendations in order to protect yourself from any further possible harm.

The Identity Theft Resource Center has been tracking data breaches since 2005, looking for patterns, new trends and any information that may better help us to educate consumers and businesses on the need for understanding the value of protecting personal identifying information.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Government Cracks Down on Robocalls

Millions of Venmo Payment Apps Accessed Publicly

Rental Car Risks: What it means for Your Identity