Gaming companies can be a common target for hackers. The recent Stalker (S.T.A.L.K.E.R. (Scavengers, Trespassers, Adventurers, Loners, Killers, Explorers and Robbers)) data breach is a prime example. Online video games are big business for companies that develop action-packed, web-based games. These companies make money through initial game subscriptions, advertising within the game, data harvesting of the users’ information and microtransactions for tools and extras used in the games, although many of them allow users to play for free. Since a single popular game title can have millions of users, they can become a target for hackers who make money from having access to data.

Stalker Online, an MMO (massively multi-player online) game that lets users all over the world play the role-playing game, recently suffered an attack on its server owned by BigWorld Technology. The usernames and passwords, email addresses, phone numbers and IP addresses for more than 1.3 million players were compromised in the Stalker data breach since the data was stored in a relatively low-level security MD5 algorithm. Once the attack occurred, some sources believe the for-hire hacker Instakilla then managed to extract all of the data and post it for sale on the Dark Web.

While financial information and sensitive data like Social Security numbers were not accessed in the data breach, there is still a lot of harm that hackers and purchasers can cause with the Stalker data. Apart from phishing attacks and ransomware that can occur via email, if any of the Stalker players reused these login credentials on other accounts, then anyone who has access to the stolen data can also access the accounts. Credential stuffing can lead to account takeover or fraud.

Anyone who believes they might be a victim of the Stalker data breach should immediately change the password on their account, as well as the password of any other accounts that have the same password. Users are also encouraged to switch to using a nine to ten character passphrase instead of a more basic password since it is easier to remember and harder for hackers to guess. It is also a good idea to enable two-factor authentication where applicable for an extra layer of protection.

Victims of the Stalker data breach can live-chat with an Identity Theft Resource Center expert advisor or call toll-free at 888.400.5530. They can also download the free ID Theft Help app. The ID Theft Help App offers case management for tracking a case, the ability to directly chat in real-time with an advisor, the option to click-to-call for a customized remediation plan and much more.


You might also like…

Identity Theft Resource Center Announces Change to Board of Directors

Google Alert Scam Sends Fake Data Breach Notifications Embedded With Malware

Hackers Take Advantage of COVID-19 Closures to Launch Claire’s Data Breach

Another week has gone by and there are new data compromises for the Identity Theft Resource Center (ITRC) to educate businesses and consumers on in our “Weekly Breach Breakdown” podcast. Since 2005, the ITRC has tracked publicly-notified data breaches and has tracked over 10,000 breaches since then; using 25 different information fields and 63 different identity attributes that are updated daily. This week the ITRC is focusing on three different events that defy the traditional definition of a data breach.

The first non-traditional data compromise comes from what is known as a supply chain attack – where threat actors don’t attack an organization directly to steal data, but to instead find a vendor with weak security. In this particular case, hacktivist group “Anonymous” breached a web development firm and stole more than one million records from various law enforcement agencies that were stored in the company’s system. Anonymous turned the information over to leak-focused activist group, “Distributed Denial of Secrets,” who then published the 269-gigabytes of stolen data as part of the national protests focusing on police actions. Investigative files from over 200 local, state and federal law enforcement agencies were exposed, including emails, audio, video and intelligence documents.

It is important that businesses understand that while they may have cybersecurity practices that are nearly perfect, they do not matter if their vendors do not. Businesses should hold their suppliers to the same high security standards. That is good cybersecurity policy and, increasingly, it is the law.

The second non-traditional data compromise might not meet the definition of a data breach, as it included information being removed from the computer system where it was stored. There is a lot of unknown information regarding this data compromise. However, we do know that billions of records about individual consumers were exposed for nine months on the internet for anyone to see, all because someone forgot to add a password to a massive marketing database operated by BlueKai and a sister company, both owned by Oracle.

BlueKai is a marketing data firm that uses website cookies and other trafficking technology to follow people around the internet; reportedly more than one percent of all internet traffic flows through BlueKai’s system. Knowing which websites people visit allows marketers who use BlueKai to learn as much as possible about those people — including their income, education, political views and buying habits – to target them with ads that match their interests.

Online publication TechCrunch reviewed the data uncovered by a security researcher and found names, addresses, email addresses and other personal information in the open database. The data also revealed users’ sensitive web browsing activities, ranging from purchases to newsletter unsubscribes in, so far, the largest data compromise in 2020. In a statement, Oracle said it determined BlueKai and the sister company did not properly configure their services and additional measures were taken to avoid a repeat occurrence. However, Oracle has not indicated that billions of records were taken by anyone, a requirement to trigger a mandatory data breach notification to impacted consumers.

If someone’s business collects, uses and maintains information about consumers, they need to make sure they have the right cybersecurity and privacy protection tools in place; and that their security team configures the password feature on the database. They should also brush up on the latest data privacy and security laws and regulations that apply to them since they change rapidly.

The third and final non-traditional data compromise highlights the people who steal data to commit identity crimes and how crafty they can be. They are always looking for new and creative ways to separate people and businesses from their information and money. In this particular case, cybercriminals have been publishing fake data breach notifications online to spread malware or operate scams to steal personal information. For more information, click here.

Fortunately, there is a way to verify whether or not a data breach notification is real. Businesses and consumers can contact the ITRC via live-chat to speak with an expert advisor or they can call toll-free at 888.400.5530. Victims are also encouraged to reach out to an advisor. Advisors will help answer any questions people may have and help them create an action plan customized to their needs. Victims can also download the free ID Theft Help App. The app lets them track their case in a case log, access resources and tips to help them protect their identity and more.

Join us on our weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.


You might also like…

Identity Theft Resource Center Announces Change to Board of Directors

Google Alert Scam Sends Fake Data Breach Notifications Embedded With Malware

Hackers Take Advantage of COVID-19 Closures to Launch Claire’s Data Breach

A Claire’s data breach has some affected consumers looking for next steps. The popular jewelry and accessories retailer Claire’s, and its sister-company Icing, suffered a data breach of customers’ payment card details in an event that is believed to be the work of a Magecart attack. Magecart attacks are typically initiated by hackers using malware to insert harmful code into the company’s website. Once the hackers’ own code is in place within the website’s existing code, it can then be used to glean information that is entered during the checkout process without any change to the transaction process.

In the Claire’s data breach, the Magecart attack began skimming payment card information from the retailer’s website around April 20 but may have been inserted as early as March 20, the day after Claire’s physical locations were closed due to COVID-19. With the increase in online traffic from store closings and the reduced workforce available to oversee any possible threats, hackers were able to steal transaction details. The company is still investigating but has already said that no in-store transactions leading up to these dates were compromised.

Claire’s was informed of the breach by security researchers at Sansec; the company immediately shut down its site and removed the malicious code, as well as implemented additional measures to reinforce the security of their platform. Anyone who may have made an online transaction between April 25 and June 13 should consider proactive steps, such as contacting their financial institutions to cancel their payment cards and request new ones. They should also change their usernames and passwords on their Claire’s or Icing online account, as well as any other accounts that may use those same login credentials. Finally, consumers who may have been affected by the Claire’s data breach should know that copies of credit reports from each of the three major credit reporting agencies are free every week until April 2021; a credit report can help consumers monitor their information for suspicious activity in order to report it.

Victims of the Claire’s data breach or any other data compromise event can also live-chat with an Identity Theft Resource Center expert advisor or contact one by calling toll-free at 888.400.5530. Advisors will help victims create an action plan that is tailored to their needs. They can also download the free ID Theft Help App for iOS and Android for access to a case log, resources, advisors and much more.


You might also like…

U.S. MARSHALS SERVICE DATA BREACH EXPOSES IDENTITIES OF 387,000 PRISONERS

BOMBAS, COLUMBIA COLLEGE OF CHICAGO AND ST. JOSEPH’S HEALTH SYSTEM DATA BREACHES AMONG LATEST WEEK OF COMPROMISES

YEARS OF FORMJACKING LEADS TO BOMBAS DATA BREACH

As many as 387,000 current and former prisoners of the U.S. Marshals Service had their complete identities stolen in a data breach, including names, addresses, birth dates and Social Security numbers. The U.S. Marshals Service data breach appears to have been discovered by a new cybersecurity monitoring tool that was developed for the Justice Security Operations Center. From there, the Department of Justice alerted the U.S. Marshals Service in December 2019; the U.S. Marshals Service data breach was investigated and then announced.

The attempted attack involved a public-facing server (also called customer-facing); public in that the public or a business’ customers can access it. The server housed a system called DSNet, which is supposed to enable the tracking of U.S. Marshals Service prisoners with the federal courts, Bureau of Prisons and the agency itself.

The U.S. Marshals Service is tasked with serving as the law enforcement division for the federal courts system. The agency arrests fugitives and serves federal warrants; in 2019, the U.S. Marshals Service served more than 105,000 warrants and arrested more than 90,000 individuals. As a result of the need for accurate identification, the U.S. Marshals Service collects and stores a large amount of information on each prisoner. Both prisoners who are currently serving sentences and individuals who were only detained for a short time may have both been impacted by the U.S. Marshals Service data breach in the number of compromised records.

The U.S. Marshals Service has issued data breach notification letters and recommends that affected individuals file an ID theft report with the Federal Trade Commission, place a credit freeze or fraud alert with one of the credit reporting agencies and obtain a copy of their reports at no cost.

Anyone who has been affected by the U.S. Marshals Service data breach can live-chat with an Identity Theft Resource Center expert advisor via the website or call toll-free for help at 888.400.5530. Victims are also encouraged to download the free ID Theft Help App for iOS and Android to access the resources, advisors, a case log where victims can track all their steps and much more.

You might also like…

YEARS OF FORMJACKING LEADS TO BOMBAS DATA BREACH

WATCH OUT FOR 2020 SUMMER SCAMS

CREDIT REPORTING AGENCIES ANNOUNCE FREE CREDIT REPORTS EVERY WEEK THROUGH 2021

Since 2005, the Identity Theft Resource Center (ITRC) has tracked publicly-notified data breaches. Over the last 15 years, the ITRC has tracked over 10,000 breaches; and now records a weekly podcast on the most interesting data compromises from the previous week. This week’s “Weekly Breach Breakdown” features an old school data breach, one that includes universities being threatened to pay a ransom and one that led to years of formjacking.

For many years, dumpster diving was the preferred method of stealing personal information. Breaking into a computer did not get fraudsters the amount of confidential information needed to commit identity theft at the scale most of the threat actors wanted. Now, in the era of massive databases filled with petabytes of information (which is roughly 745 million floppy disks), breaking into computer systems is the most common method for hackers.

However, the St. Joseph’s Health System data breach proved hackers are still willing to steal data the old-fashioned way. Patients and employees of Indiana’s St. Joseph’s Health System and seven other health care providers were recently notified that their personal information was discovered dumped at a location in South Bend. Some of the information exposed in the St. Joseph’s Health System data breach, which included legally protected health data, dated back to 1999 and was believed to be destroyed or stored by a now closed document management company. Now, the records have been properly destroyed or moved to a secure storage location. However, the St. Joseph’s Health System data breach is an example that not all data breaches involve sophisticated cybercrimes.

With that said, most of the time data breaches do involve some form of cyberattack. Right now, a popular method of attack is ransomware. Ransomware is when a cybercriminal locks a company’s computer system until a ransom is paid. Ransomware attacks came to the surface in the mid-2000s. However, in the past five years, they have grown to be one of the most common forms of attack. In fact, by 2018, the number of ransomware attacks had grown to more than 180 million per year globally.

The number of attacks and the average ransom paid – doubling in 2019 to $84,000 per attack – continue to grow. However, not everyone pays the ransom. That is why data thieves are using a new method to force companies to pay. Cybercriminals are now using a tactic where they threaten to sell personal information to the highest bidder on the dark web if their demands are not met. Columbia College of Chicago and the University of California at San Francisco recently fell victims to attacks like this, following a similar attack the week prior at Michigan State University.

The attackers posted what appear to be screenshots of student and faculty records on their blog, a popular way for cybercriminals to communicate. The records look to include personally identifiable information, which the hackers described as a sample of what they plan to make public on the dark web if they are not paid.

The hackers sent the following direct note to Columbia College: “If we don’t hear from you soon, all data like Social Security numbers and others will be sold on open markets of the dark web. Either way, we are getting paid. Now you choose how you want to handle this incident.”

The easiest way for people to prevent the impacts of a ransomware attack is to make sure to back-up their systems and data on a regular basis, as well as keep their software patched.

Finally, this past week Bombas, an apparel company known for its clothing and donations to homeless shelters, discovered malicious code in their system that could have been used to steal credit card information. One of the problems with the reducing rate of data breaches is that it can be very difficult, and lengthy, to find the root cause for many cyberattacks that result in identity information being compromised. The Bombas data breach is a case in point since the malware was present as early as 2016. For more information on this data breach, click here.

If anyone wants to learn more about how to protect themselves or their company from an identity compromise, as well as how to respond in the event of a data breach, they can find it on this website. If someone believes they are the victim of an identity crime or their identity has been compromised, they can live-chat with an ITRC expert advisor or call toll-free at 888.400.5530. Victims can also download the free ID Theft Help App. The app lets them track their case in a case log, access resources and tips to help them protect their identity and more.

Join us on our weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.


You might also like…

YEARS OF FORMJACKING LEADS TO BOMBAS DATA BREACH

WATCH OUT FOR 2020 SUMMER SCAMS

CREDIT REPORTING AGENCIES ANNOUNCE FREE CREDIT REPORTS EVERY WEEK THROUGH 2021

Malicious actors have a number of different approaches when trying to breach a company’s website or security defenses. In a recently announced data breach, the socially-conscious sock donation company Bombas alerted its customers to a formjacking attack which appears to have compromised customers’ names, addresses and payment card information. This is the second Bombas data breach reported, following a separate incident of the same nature that the company discovered in November 2014.

Bombas operates under the model of “buy one, give one.” For every pair of the company’s socks that are purchased, Bombas donates another pair to homeless shelters. This model has made the company popular with consumers who enjoy not only the company’s quality, but also their give-back business model.

formjacking attack occurs when hackers intentionally insert malicious JavaScript into a website. Once the new section of code is in place and operating, the hackers are given the information that a customer types into the website’s form. When customers entered their buyer information to complete a transaction on Bombas’ website, the hackers also received that information unbeknownst to the customer, while the transactions were completed normally.

Fortunately, scheduled updates to the Bombas website on February 16, 2017, rendered the formjacking code useless. However, the company’s investigation shows it may have been inserted as early as November 11, 2016. As such, Bombas is offering free credit monitoring to its customers. Anyone who may have made purchases between those identified dates is also encouraged to take further steps to reduce their risk of falling victim to identity theft due to the Bombas data breach.

Customers who made purchases between November 11, 2016, and February 16, 2017, should consider freezing their credit reports with the three credit reporting agencies, TransUnion, Experian and Equifax. They may also opt to view a free credit report from each of those agencies through AnnualCreditReport.com to look for any unusual activity. All consumers, especially those who may have been impacted by any type of data breach or data leak, should routinely monitor their financial statements and report any suspicious findings to the Federal Trade Commission.

Victims of the Bombas data breach can live-chat with an Identity Theft Resource Center expert advisor via the agency’s website or by calling toll-free at 888.400.5530. Advisors can help victims create an action plan that is tailored to their specific situation. Victims can also download the free ID Theft Help App for iOS and Android to access a case log tool for tracking their steps, free resources, advisors and much more.


Read more…

Watch out for 2020 Summer Scams

Credit Reporting Agencies Announce Free Credit Reports Every Week Through 2021

Dark Web Data Breach Leads to Thieves Stealing from Thieves

Since 2005, the Identity Theft Resource Center (ITRC) has built one of the most comprehensive repositories of publicly reported data breach information in the U.S. that is updated daily. In the last 15 years, the ITRC has tracked over 10,000 breaches

Data breaches target different companies and sectors using a variety of attack vectors (the way threat actors commit an attack). Most recently, it was a group of hackers that stole a database of information from another group of cyber criminals as part of a dark web data breach. Hacker KingNull recently leaked the database of Daniel’s Hosting (DH), the largest free web hosting provider on the dark web. 

The information leaked in the dark web data breach was obtained in March 2020 when a hacker breached the DH portal, stole the database and wiped the servers of close to 7,600 websites, a third of all dark web portals.

The dark web data breach was confirmed by ZDNet and included over 3,500 email addresses, 7,000 account passwords and 8,500 private keys for .onion domains used on the dark web. Some security researchers say the breached data from the dark web data breach could be used to link owners of the leaked email addresses to some dark web portals to help law enforcement track those who might be running or taking part in illegal activities on the dark web.

Another recent data breach the ITRC has tracked involves LiveJournal, a blogging and diary website. Cybersecurity researchers believe the platform was breached in 2014, ordinarily requiring a data breach notification to users. However, LiveJournal owner, the Rambler Group, says the breach never happened. In fact, they believe the usernames and passwords were collected from various other malware and brute-force attacks.

However, the database, which contains credentials for over 26 million LiveJournal accounts, has been leaked online and is being sold on the dark web and in hacker forums. Exposed information includes email addresses, passwords and usernames for members of the blogging service. The LiveJournal data breach illustrates how patient data thieves can be; holding onto data for years before using or selling it. This is a common trait seen among hackers that helps increase the value of stolen data and reduce the chances of getting caught.

Finally, IllinoisArkansasColoradoOhioFlorida, and most recently, Kentucky all suffered unemployment department data exposures due to their quick response in setting up convenient, DIY websites for those seeking unemployment benefits due to closures from the coronavirus. Some of the states’ identified a common vendor as the source of the glitch, and all states believe they were able to fix the problem within hours of being notified. Fortunately, none of the six states have found any evidence of a cyberattack or any personal information being stolen. However, the affected states notified applicants and offered free credit monitoring to help spot any unusual activity, which could be a sign of identity theft.

The recent unemployment data exposures are a good example of how not all data compromises are the same. While some news headlines referred to these incidents as data breaches, they are not actually breaches because the information was never downloaded from the computer system where the information was stored.

This is considered to be a case of data exposure because the personal information of applicants could be viewed by other applicants if they knew where to look because of a software error that was corrected before cybercriminals could find the flaw. Only if someone viewed the information and then attempted to misuse someone’s identity, would the event turn into a data breach – a very rare event in the privacy and security world.

A data breach is far more serious than a data exposure. A data breach is when information is intentionally removed, usually to commit an identity crime. Mass data breaches are typically committed by well-organized groups that can exploit software flaws, stolen login credentials or trick an employee into doing something that allows attackers to access a company’s information.

If someone believes they had their information exposed as part of a data breach or is a victim of identity theft due to a data breach, they can live-chat with an ITRC expert advisor. They can also call toll-free at 888.400.5530. Advisors can help victims create action plans tailored to them. Victims can also download the ID Theft Help App. The app lets them track their case in a case log, access resources and tips to help them protect their identity and more.

Join us on our weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.


You might also like…

AERIES DATA BREACH AFFECTS SCHOOL DISTRICTS ACROSS CALIFORNIA

PURPORTED LIVEJOURNAL DATA BREACH LEADS TO 26 MILLION USER RECORDS BEING STOLEN

FORMJACKING TACTICS USED IN FABFITFUN DATA BREACH

As an unusual school year winds down, many parents and students have a new lesson to learn: what to do after the Aeries data breach impacted school districts throughout California. Aeries Software, a student data management system software used by over 600 K-12 public school districts, suffered a data breach after an unidentified and unauthorized person accessed an unknown amount of parent and student data.

According to the Notice of Data Breach that was sent to those affected by the data breach, Aeries became aware of unauthorized attempts to access information through the Aeries SIS. Security patches were deployed in December 2019. However, in January 2020, the software developer was notified that the database was previously accessed. In March 2020, it was determined that student and parent information had been accessed, including login information, physical addresses, emails and password hashes.

While it is unknown how many of the 600+ school districts have been affected, some of the districts that have submitted notification letters to the California Attorney General’s Office include Inglewood Unified School District, Lassen Union High School District, Kingsburg Elementary Charter School District, Laguna Beach Unified School District, Central School District, Rocklin Unified School District, Yucaipa-Calimesa Joint Unified School District, San Bernardino City Unified School District, Los Alamitos Unified School District, Monrovia Unified School District and Santa Barbara Unified School District.

Despite access to a limited dataset, if hackers manage to infiltrate any of the email accounts, they could potentially target other types of accounts like financial accounts, social media accounts and retail accounts that are linked to the email address. With email account information, hackers could also target victims with spam emails, phishing attempts and harmful software viruses.

While child identity theft most commonly occurs due to stolen Social Security numbers, which are believed to have not been exposed in the Aeries data breach, it is still important for parents and students to reset their passwords as soon as possible – as well as any other places that they may have used that same password. Parents and students are encouraged to make a change from passwords to passphrases that are nine to ten characters long. Passphrases are easier to remember and harder for hackers to break.

 

As of July 16, 2020, school districts impacted include: Inglewood Unified School District, Lassen Union High School District, Kingsburg Elementary Charter School District, Laguna Beach Unified School District, Central School District, Rocklin Unified School District, Yucaipa-Calimesa Joint Unified School District, San Bernardino City Unified School District, Los Alamitos Unified School District, La Habra City School District, Saddleback Valley Unified School District, El Dorado County Office of Education, Chino Valley Unified School District, Evergreen Union School District, Apple Valley Unified School District, San Leandro Unified School District, Yuba City Unified School District, Travis Unified School District, Washington Unified School District, Corning Union High School District, Lowell Joint School District, Tulare Joint Union High School District, Monrovia Unified School District, Santa Barbara Unified School District, Mt. Diablo Unified School District, Brea-Olinda Unified School District, Fairfield-Suisun Unified School District, ABC Unified School District, Beverly Hills Unified School District, Red Bluff Joint Union High School District, Adelanto Elementary School District, Riverdale Joint Unified School District and Santa Clara Unified School District.

If someone affected by the Aeries data breach believes their personal information is being misused, they are encouraged to file an ID Theft Report with the Federal Trade Commission and to contact all three credit reporting agencies to request free credit reports and to place a credit freeze. Affected minors will need a parent or guardian to request a credit report and freeze their credit.

Victims of the Aeries data breach can live-chat with and Identity Theft Resource Center expert advisor or call toll-free at 888.400.5530. They can also download the free ID Theft Help App to create a customized case log to track the activities around resolving their data breach case, have access to advisors, resources and more.


You might also like…

Purported LiveJournal Data Breach Leads to 26 Million User Records Being Stolen

Formjacking Tactics Used in FabFitFun Data Breach

Arbonne Data Exposure Compromises Thousands of Accounts

In a story that seems to start in 2014, blogging platform LiveJournal appears to have suffered a data breach. The LiveJournal data breach—whose database of users’ names, email addresses and plain-text passwords was supposedly sold and traded on the Dark Web many times over the past six years—has been speculated about by several different entities.

While the LiveJournal data breach may have occurred as early as 2014, some sources can only link the database of 26 million user records with any reasonable certainty to about three years ago. In 2018, rumors of a LiveJournal data breach surfaced once again when users reported being victims of a sextortion campaign. The victims knew where the stolen information had come from because it was involved unique email addresses and password combinations that they had only used on LiveJournal.

Later, the database was discovered making the rounds on the Dark Web as various hackers used or leaked it online. The well-known data breach search site Have I Been Pwned received the LiveJournal database on May 27, 2020, and lists the formal date of the original breach as January 1, 2017. However, that could be the only verifiable time frame for this particular set of user information and not the actual data breach event date.

The LiveJournal database appears to have been posted for sale online and traded privately between hackers using it for credential stuffing attacks. In that form of attack, fraudsters gain access to usernames and passwords and try those combinations on numerous other sites. If any LiveJournal users reused their username and password on another site, the hackers – or anyone who purchased the database – would have access to those accounts as well.

With that said, not everyone who buys a database of this kind intends to steal account access. Other malicious actors use these records for spam email campaigns, phishing attacks, ransomware attacks and other harmful tactics.

Credential stuffing is a major problem in information security. With so many data breaches and compromised consumer records, reusing a password is essentially the same as failing to secure an account. For some time, security experts have recommended changing to an easy to remember, but difficult to attack, passphrase instead of the old eight-character passwords.

For its part, LiveJournal’s owner, Rambler Group, has not confirmed that a LiveJournal data breach ever occurred, despite the users’ information available online. The company claims that this database and the connection to hacking involving its other platform DreamWidth are merely coincidental and that the database of LiveJournal or DreamWidth users’ login credentials was simply gleaned through unrelated breaches or malware attacks on users’ computers and then compiled into one file. This is despite the fact that ads offering the LiveJournal database for sale are still posted online.

If someone believes they might have been impacted by a potential LiveJournal data breach, they can live-chat with an Identity Theft Resource Center expert advisor. They can also call the ITRC toll-free at 888.400.5530. Finally, they can download the free ID Theft Help App for iOS or Android to communicate with advisors via live chat, use the case management tool to track their action for resolving their data breach case, find resources for protecting themselves from further harm and much more.


You might also like…

Formjacking Tactics Used in FabFitFun Data Breach

Arbonne Data Exposure Compromises Thousands of Accounts

Consumers Should Watch Out for COVID-19 Job Reopening Scams