From doctor’s offices and financial institutions to college university admittance applications and summer camp registrations, the request for your Social Security number (SSN) has become commonplace. In fact, it’s become such a standard request that many individuals willingly provide this number without hesitation and without really thinking about the consequences behind this, one of which being an increased risk of identity theft.

Social Security numbers hold one of the keys to your identity. With it, you can open a new line of credit, gain employment, receive health insurance and file taxes. Thieves also know the power behind this nine-digit number, which is why it’s one of the most highly sought after pieces of personal information. There are a variety of ways that thieves attempt to obtain SSNs, and they include more low-tech methods like sifting through your trash, stealing a wallet, purse or laptop; or using more sophisticated ways like phishing emails and texts, scam calls and via data breaches. For example, there were nearly 158 million social security numbers exposed in 2017 due to data breaches.

While the exposure of your SSN is not entirely preventable – data breaches are a perfect example of this – consumers should refrain from giving it out unnecessarily to minimize their risks of identity theft. Basically, the frequency at which the number is exposed – whether intentional or unintentional, the higher the probability that it will be compromised. Here are some tips to help you protect your SSN and become a better steward of your identity:

Be in the Know – Educate yourself on the types of scenarios that require you to provide your Social Security number so that you can decide ahead of time whether or not you should provide it. Here is a list of situations that require your SSN:

  • Internal Revenue Service for tax returns and federal loans
  • Employers for wage and tax reporting purposes
  • Financial institutions for monetary and credit transactions
  • Veterans Administration as a hospital admission number
  • Department of Labor for workers’ compensation
  • Department of Education for student loans
  • Entities that administer any tax, general public assistance, motor vehicle or driver’s license law
  • Child support enforcement
  • Food Stamps
  • Medicaid
  • Unemployment Compensation

Don’t be afraid to ask – When your Social Security number is requested it’s best to ask the requestor some additional information to better understand whether you absolutely need to provide your SSN and if so, how they plan to protect it. In some instances, you may be able to provide an alternative like a driver’s license. Keep in mind that if you don’t provide your SSN, some entities may refuse to provide the services requested. Some questions to consider asking are:

  • Why does the company need this information (what law or reason make this a requirement)?
  • How do you protect this information?
  • What will happen if I don’t provide it?
  • Is there is an alternative to providing my SSN (driver’s license, etc.)?

Protect your physical card, too – It’s crucial to not only correctly safeguard your social security number but to also protect the physical card to the best of your ability. This includes storing it in a secure place (like a locked safe) and by not carrying it around in your wallet or purse.

Be leery of scammers – Scammers may pose as the IRS, the Social Security Administration and others to attempt to gain access to your SSN and they may do so over the phone, through email, text or even through social media platforms. To stay safe, never provide your SSN or other sensitive information on a call that you didn’t initiate. Also, don’t automatically give out your Social Security number via email, text or social media messages, even if it looks like a legitimate business requesting it. Instead, call the entity directly by locating their number on their official website, on the back of your card or even on a recent bill.

If you know your social security number has been compromised, contact our advisors using our toll-free number (888-400-5530) and they can inform you about the necessary steps to take to resolve the issue. You can also reach us using our live chat feature.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: What Can a Thief Do With Your Driver’s License?

With more than 60 million reported cases of identity theft in the US to date, there is no single demographic that is immune from the threat. In fact, the opposite is true; some age groups or even residents in certain states are more likely than the rest of the population to face identity theft. Unfortunately, the more natural prey you appear to a criminal, the more of a target you become.

January is Braille Literacy Month in honor of Louis Braille’s birthday, so it’s a good time to understand how the threat of identity theft manifests among people with low-vision or vision loss, as well as share some ways to help reduce the risk of becoming a victim. Fortunately, many of the same steps are worthwhile for all consumers, not just a single risk group.

First, the Identity Theft Resource Center partnered with the Braille Institute on a highly informative session explicitly aimed at low-vision and vision-impaired people on how to reduce your risk and overcoming the aftermath of identity theft should it occur.

Also, Empish J Thomas of Vision Aware has shared a very insightful look at her own experiences with identity theft. The account includes key information about issues and obstacles that could make low-vision consumers more of a target for identity theft, as well as ways to overcome those problems. For example, junk mail and carrying extra credit cards could lead to theft without the owner’s knowledge, so Thomas recommends having a core group of trustworthy people who can intervene.

Unfortunately, common identity theft attempts can prove to be even more of a challenge for visually impaired people. Telemarketers and door-to-door salesmen, for example, can turn out not to be who you thought they were; there’s also the crime of opportunity in which the individual might not have set out to steal your data but seizes the chance after discovering your vision issues.

Here are some steps to protect any consumer, but especially those with visual impairments or low vision:

1. Do not take anything at surface value, whether it’s a phone call, letter, or email.

Those can easily be spoofed or falsified, so make it a good habit to never give out your personal data to someone who requests it.

2. Shred all junk mail, health insurance statements, medical and credit card bills, and more.

If you need to rely on a volunteer or trusted friend to help you decide what needs to be shredded, make sure your items are in a safe place until you can seek that help.

3. Install a robust security suite on your computer and mobile devices.

Remember, antivirus isn’t enough anymore, but there are some very affordable products that protect you from a broader range of threats.

4. Request a free copy of your credit report each year. 

And be sure to study it carefully for suspicious activity. Take action immediately if something is uncertain or out of place.

5. If you do suspect you’ve been the victim of identity theft, get help immediately.

The ITRC and the Federal Trade Commission both have avenues for assistance, and specialty organizations like AARP and the Better Business Bureau can also start you in the right direction.

Again, these things and other security steps are good habits for any consumer, so make it a practice to protect yourself at all times.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: The Government Shutdown is Hurting Crime Victims

By ITRC CEO, Eva Velasquez

For victims of identity crimes there are emotional, physical and lost opportunity costs experienced even when resources are provided quickly and competently. The government shutdown will make the aftermath for these victims worse.  The Identity Theft Resource Center’s AftermathTM series sheds light on the less obvious but equally devastating effects of various identity crimes.  It also highlights the downstream impacts regularly faced by victims.  Right now, we are dealing with an obvious challenge on a national scale with the federal government shutdown. In keeping with our mission of advocating for victims, and increasing awareness of the complexity of the identity crime issue, I want to highlight some of the less obvious downstream effects our team is seeing impact not only victims but all citizens during this shutdown.

There is considerable attention being paid to the obvious consequences, and rightly so. Many folks, from federal employees to those that rely on government assistance to meet their basic needs, are certainly enduring hardship. However, there are other impacts, which are less obvious, and I feel compelled to share this perspective. This is not to make the point that these impacts are greater, or causing more harm than the ones previously mentioned, rather it is to shine some light on these less obvious consequences so that decision-makers and the public realize this is happening, and understand both the short term and long-term effects.

Currently, many departments of the federal government are shutdown. This includes the Federal Trade Commission.  The FTC and the ITRC share similar mission, and a strong collaborative relationship.  We have worked together on many initiatives to better the outcomes for identity crime victims. The individuals that we have worked with at the agency are amazing people, dedicated to helping victims and stopping the identity thieves. The resources that the FTC provides are an invaluable part of the remediation process.

What is notable about the shutdown for this department is that while ftc.gov remains fully functional, the identity theft assistance arm, identitytheft.gov and the associated call center are non-operational. That’s right; the website that victims go to for these invaluable resources is dark. Victims currently cannot obtain the FTC identity theft affidavit that is a critical first step for many, if not most, identity theft remediation plans.

Government shutdown advisory from identitytheft.gov

Until identitytheft.gov comes back online victims will need to go to their local police department and get a police report to move forward with proving their innocence. This is creating an increased workload for these local departments, a burden that was only recently lifted due to changes in the Fair Credit Reporting Act that allowed the FTC affidavit to serve as the report from a law enforcement agency in lieu of a police report.

If you believe that is not a big deal and at least there is some type of workaround, please realize that law enforcement agencies are not equipped to provide robust victim services for financial crimes victims (generally), which means they are not providing victims with remediation plans or helping them to put their lives back together.  Their job is to investigate, get the bad guy, and hopefully stop the thief from harming others. Those plans come from the FTC and the Identity Theft Resource Center. As second tier responder, the ITRC receives referrals from the FTC, but with them unavailable, we’re now in the position to have to assist those victims as a first responder.

If for some reason there’s a belief that identity crimes are not a big deal, listen to what the victims are saying to understand that is not the case. You can read our Aftermath study and hear it directly from them.

The ITRC and all its resources are here for victims. We can be reached through our website www.idtheftcenter.org and our call center at 888-400-5330. Bear in mind that the shutdown has created an increase in our call volume, so please be patient.

In addition to the short term consequences, there are several long-term impacts that one will only be able to measure fully when this crisis has passed and we can unpack it using hindsight and data. One of the questions is has there been an increase in the actual number of incidents during this time period. The temporary closure of the investigative bodies that act as a deterrent will have some impact and decades of personal experience working with law enforcement and observing criminal behavior leads me to the conclusion: “Of course there will.” Identity thieves are opportunistic. Who actually believes they are not talking with each other and managing their efforts to capitalize on LESS oversight?

Another question: how much worse will the impact be for those that fall victim to identity crime during this window of closure? The ITRC knows from experience that early detection of this crime leads to quicker remediation and lessens the trauma, not to mention the total impact. We also know that consumers experience intense fear upon discovery of being a victim of identity theft. The availability of a plan of action allows them to feel empowered; giving them the ability to fight back against the powerlessness they might be feeling. Some will minimize this reaction and continue to see victims of economic crimes as overreacting, but I assure you that it’s not an overreaction. Those feelings are real. Moreover, when they cannot access the assistance they need, when they need it, it increases that feeling of powerlessness. Imagine that you come home to find that your home burglarized. It is obvious that the burglars are long gone, but all of your belongings have been touched and gone through, and many are missing. You feel violated. You need help and you need to get this reported and resolved. You call the police to get that help and are told they are closed, until further notice, so you just have to wait and try to wade through it. You think, can I clean things up? Do I have to take pictures? What if I mess something up and it creates more problems down the road. That’s exactly what identity crime victims are feeling when they get to the inoperable FTC website. Powerless.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: The 2018 Impact of Data Breaches and Cybercrime

The Federal Trade Commission announced that it will be closed due to a lapse in its funding until the government shutdown ends. That means a number of critical services for consumers, businesses, law enforcement agencies, and other organizations will be temporarily unavailable. Some services—as outlined on the FTC’s website and the announcement on the shutdown—will still be in operation but with reduced staff numbers; this can have a big impact on those services and the timeliness of the support.

Consumers will not be able to file reports or notify the FTC of scams, fraud, or other similar issues during this time. Identity theft reports will also be on hold, as will the National Do Not Call Registry, the Consumer Sentinel Network for law enforcement, and other critical functions.

In the meantime, the non-profit partner Identity Theft Resource Center is ready and willing to help consumers in need and provide valuable insights to any law enforcement agencies or policymakers. The toll-free helpline (888) 400 – 5530 and live chat feature provide immediate answers to questions and concerns about your data, your privacy, and your first steps in the event of suspected identity theft.

ITRC resources can also help keep you informed about the latest scams, fraud, and cybersecurity trends, as well as provide you with actionable steps to avoid becoming a victim. Should you find yourself snared by this kind of criminal activity, our knowledgeable staff can help you take action. The website is also filled with helpful documents that are categorized by the type of consumer issue to assist you in finding the right resources. The Identity Theft Resource Center also has a free ID Theft Help app, which gives you access to resources and tips to protect your identity, a case log feature to help remediate your case as well as the ability to contact our call center advisors.

Fortunately, the FTC’s website and social media channels will still be available with past information, although these outlets will not continue to be updated during the shutdown. The ITRC will continue to post updates and new information at IDTheftCenter.org as well as on its Facebook and Twitter accounts.

During this time, it’s vital that consumers and businesses be extra vigilant about protecting themselves. There’s never a good time to let your guard down when it comes to your identity or your privacy, but at a time when the safeguards are suspended, it’s even more important that individuals use an air of caution when it comes to consumer interactions.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: The 2018 Impact of Data Breaches and Cybercrime

Your Passport and Your Identity

A recently-discovered data breach of the Starwood brands of Marriott International’s hotels has left consumers and security advocates alike scratching their heads. At the heart of this confusion surrounding the theft of data for around 25 million guests is passport security, or more accurately, the need to safeguard both your physical document and its number. So assuming that your passport was affected, what do you do?

As noted in the newest release published on January 4th, 2019, “Marriott now believes that approximately 5.25 million unencrypted passport numbers were included in the information accessed by an unauthorized third party. The information accessed also includes approximately 20.3 million encrypted passport numbers.” According to numerous sources including the US State Department, your passport number on its own is not a highly valuable piece of information for a hacker. However, when combined with some of the other data points that were compromised in this breach, your number could possibly be used to craft a more complete profile for identity theft – or allow for an identity thief to generate a synthetic identity with more validity.

First, if the physical document is lost or stolen, that is absolutely an urgent matter. You should report it to the proper authorities—namely the State Department who issues them—so that there is a record of the missing document. If it is used for identity theft or fraud, you will have already filed it as missing.

Read: What To Do If Your Passport is Lost or Stolen

But in the case of this data breach where only the number was compromised, your recourse is a little different:

1. If only the number and not the actual document is stolen, don’t be too quick to replace it. Since the number by itself does not directly result in identity theft, you may not be given a new passport free of charge. That means you’ll pay for the new document out-of-pocket.

In the case of the Marriott breach, if you can show proof that your passport was the cause of fraud or identity theft, they are offering to replace it. Read the specifics very carefully to understand what your recourse is in this particular case.

2. If the document was set to expire in the near future AND you were planning to replace it, there’s no need to wait if you can demonstrate that it was compromised. However, you may need to provide the notification letter or email from Marriott International to show why you’re requesting a new passport early.

3. When you decide to replace your passport, it will contain a new number (unlike driver’s licenses that retain their issue number, for example), but that doesn’t mean someone couldn’t still use your old number to piece together your identifying information. You will still need to monitor your accounts—especially travel-related accounts—carefully.

Read: What Can a Thief Do With Your Driver’s License?

This breach also serves as a cautionary tale about oversharing: unless you are required to turn over a piece of identifying information, think twice about submitting it. Many consumers take domestic flights and stay in hotels without even owning a passport; just because you have one doesn’t mean you have to provide the number every time it’s an option.

Finally, as if this wasn’t worrisome enough, there’s another potential threat that could be looming: scams associated with passports. With any high-profile event, scammers crawl out from under their rocks to take advantage of the public. Be wary of any email, text, social media post or other communication that plays off of fears surrounding compromised passport numbers.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read: The Real People Behind Identity Theft Statistics

Remember way back when—about a month ago!—when you were challenged with the ultimate New Year’s resolution?

It didn’t seem all that difficult at the time, and it was certainly easier than your co-worker’s goal of losing twenty pounds. But that challenge to protect your identity and secure your personal data might have been a little more than you bargained for, so it’s time to take stock.

1. How are your passwords coming along?

If you took the warning to heart and vowed to be more safety-minded about your online accounts, good for you! That’s one of the best behaviors you can adopt to hopefully prevent internet takeover. Using a strong, unique password is critical, and changing your password regularly on sensitive accounts can help thwart a lot of problems down the road.

If you didn’t get around to this step yet, it’s not too late. Stop right now and change three passwords: your primary email password, your preferred social media password, and your online banking password. Go ahead, we’ll wait right here. Just do yourself a favor and make sure you don’t use the same password on all three sites!

After those three accounts are secured, do this: every time you log into any account for the first time after today, click “forgot my password” instead of logging in. You’ll receive an email in a few seconds that contains a link to change it, and you’ll know you’ve created a new password for that account without having to hunt all over the internet for every website you use.

2. Are you monitoring your credit reports?

If you ordered copies of your credit report last month to kick off your privacy New Year’s, way to go! If you meant to do it but didn’t get around to it, STOP RIGHT THERE! According to the Federal Trade Commission, there is only one authorized source for free credit reports, and that’s AnnualCreditReport.com. You can reach them via their website or by calling 1-877-322-8228.

There’s something to remember about your credit reports, though. You’re entitled to one free copy every twelve months from Experian, Equifax, and TransUnion, also known as the Big Three of credit reporting. So you could order just one this month, say, from Experian. In a few months, order one from Equifax. Finally, request one from TransUnion later on. This will give you an ongoing look at your credit report so you can stay on top of any shady activity.

By the way, a number of credit card companies have started providing your FICO score when you log into your account. It’s free, instant, and does not count as an inquiry into your credit report. However, it’s not comprehensive, it’s only your actual score. If your score isn’t where it should be—or where you think it is—then you certainly want to look at your credit report. If your score is fantastic, it still doesn’t mean you’re completely safe, but it is something you can look at every single time you pay your bill online. A dramatic change in your score could indicate something fishy.

3. Did you give that receptionist your Social Security number? 

Hopefully, you didn’t ring in the New Year with a cold or other illness, but if you did, a trip to the doctor’s office may have been in order. Did you dutifully fill in your Social Security number on the form, or did you remember your privacy resolutions and leave it blank? It’s pretty daunting to refuse to hand it over, and can even get you a few weird looks from people who think you might be a little paranoid. But the truth is, intentional and accidental data breaches are a huge and costly problem, especially for medical facilities.

Any time you’re asked for your SSN, stop and ask yourself why this facility could possibly need it. Then, ask them the hard questions: who in your company will be able to access it? how will you keep it safe? how will I find out if you’ve had a data breach and someone has stolen my information?

Feeling a little bit silly for refusing to provide it is going to be a whole lot more pleasant than feeling silly when you receive a data breach notification letter in the mail. Your SSN and other sensitive information don’t belong in every single person’s hands, and honestly, some businesses don’t even know why they’re still requesting it in this current cybercrime climate.

If you fell a little short in your resolutions—whether the ones you made about your identity or your weight loss goals—there’s good news: 2019 has eleven more months to get it right! With a little bit of extra effort and adopting some good habits, you’ll be on track before you know it.


How much information are you putting out there? It’s probably too much. To help you stop sharing Too Much Information, sign up for the TMI Weekly.

Thanksgiving, Hanukkah and Christmas are just around the corner. Black Friday, Cyber Monday and holiday shopping is too. It also means the possibility for an increase in identity theft and fraud. So before you get caught up in all the holiday shopping chaos, you should be aware that criminals might use this as an opportunity to compromise your sensitive data. This holiday season, however, one group in particular might be purposely putting themselves at an increased risk of identity theft. A recent survey by Experian found that 19 percent of millennials would put their identity at risk in exchange for a good Cyber Monday deal. While some millennials are making it exceptionally easy to compromise their personal information during the holiday season, let’s take a closer as to why this demographic might be more vulnerable to identity theft year round.

Millennials are notorious for being the most tech-savvy generation, growing up in a world where sharing personal data online and across social media platforms is commonplace. However, their willingness to share personal data easily puts them at an increased risk of identity theft. For one, criminals might have an easier time guessing their security challenge questions because they can be quickly discovered on their public Twitter profile or Instagram page.  Second, since they are so used to sharing a wealth of personal information, they might be less likely to hesitate when asked for it by anyone – including those with malicious intent.

Along with being tech-savvy,  feelings of apathy toward data breaches could be another reason why millennials might be at an increased risk of identity theft.  According to a Gallup poll, 67 percent of millennials are trusting that the companies with which they do business, such as credit card companies and health insurance companies, guard their information. The poll also finds that 70 percent do believe that their privacy will be compromised at some point in time. Because millennials have lived through several major data breaches, they’re aware of the risks but have become accustomed to these types of events and might not fully comprehend the severity of having their personally identifiable information stolen.

In some cases, becoming a victim of identity theft is “fixable,” but what millennials might not understand is that the process is not an easy one. Identity theft cases can take years to remediate. Even if you “fix” the issue, many victims experience reoccurring threats, consistently trying to regain their identity. This also doesn’t take into account the emotional impact victims go through. The Aftermath® study revealed that victims felt angry, frustrated and violated regarding their identity theft situation. In the same survey, 50 percent of victims lost interest in activities they once enjoyed.

And lastly, another reason that millennials might be increasing their risks of identity theft is by thinking it won’t happen to them. According to the AARP, younger generations tend to believe that scammers target the elderly, which allows millennials to believe they are safe. However, what millennials might not realize is that they are just as vulnerable to the threats of identity theft as senior citizens. For example, a recent survey found that 17 percent of millennials were likely to give out sensitive information to a caller that confirmed their last four digits of their Social Security number. So it is, in fact, that everyone is equally just as at risk for identity theft, regardless of their age.

Now more than ever, millennials need to take preventative measures to minimize their risk for identity theft. Here are a couple of tips to help protect your identity:

  • Don’t give out your Social Security number unnecessarily
  • Use strong passwords
  • Set up a passcode/password and anti-virus software on all of your mobile devices (smartphone, tablet) and computers (desktop, laptop)
  • Don’t give out personal information on the phone unless you initiated the contact
  • Avoid logging into sensitive accounts, email or providing credit card/debit card numbers while on public Wi-Fi

If you do find out that your information has been compromised, contact our advisors using our toll-free number (888-400-5530) and they can inform you about the necessary steps to take to resolve the issue. You can also reach us using our live chat feature.

Experian proudly provides financial support to the Identity Theft Resource Center.


Read next: “Your Holiday Shopping Guide to Putting Privacy Under the Tree”

For years, security experts and advocates have warned consumers about suspicious websites, specifically ones that take your sensitive information or payments. The best course of action? To look for the HTTPS designation in the web address at the top of the screen and the little padlock icon, both of which indicate a site can be trusted.

Unfortunately, scammers continue to evolve their ways to continue victimizing the public through technology. A new report has found that about 49% of known phishing websites—websites that steal your information after tricking you into submitting it—contain a secure designation and a little green padlock. The “look for the lock” advice that was once a sound way to protect yourself is a little less reliable than before.

Just as scammers have evolved, now it’s up to consumers to make some changes in order to protect themselves from the latest threats:

1. Install a security suite that offers anti-phishing and website security

A basic antivirus isn’t enough to keep you safe anymore, and a number of well-known security software developers have incorporated a lot of extra features. Some can alert you to a fake website or known scammer before you compromise your information. Even better, many security programs offer a wide range of subscription prices—even free plans—so there’s something to meet every budget.

2. Establish a throwaway email address

Some sites want nothing more than your email address so they can sell it to spammers. Generate a free email address that is separate from your everyday, commonly used one. Then, whenever you’re visiting websites that want your email address, you have the option to trust the site with your contact information or use your backup email address.

3. Designate a payment card for internet purchases

The last thing you need is for a phishing website to steal your money, but it happens. By intentionally having an “internet only” credit card that is not connected to your bank account and that has a very low credit limit, you may have an easier time protecting yourself from someone who steals your information.

The most important thing you can do is to remember that what was once considered top-notch security advice can change as new technology and new developments occur. It’s not enough to develop a good habit and never deviate from it. Instead, you need to stay informed by following ongoing coverage of the latest scams and frauds.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

If you follow tech news, you may still get shivers up your spine from the buzz surrounding one of the most dangerous ransomware attacks in recent history. The May 2017 WannaCry attack made headlines for months due to the high volume of victims and the high-profile companies who were targeted. Within a short time, this self-replicating cryptoworm had infected more than 300,000 computers, locking up their systems and demanding payment from the victims in the form of Bitcoin.

As with all headlines, though, the story can fade fast when other news takes its place. And just like most other news stories, that doesn’t mean this one is gone just because people aren’t talking about it.

In fact, antivirus and security suite developer Kaspersky Lab issued recent findings that more than 75,000 new cases of WannaCry infections were discovered between July and September of 2018. Yes, only a couple of months ago, new victims were suffering from a well-known form of ransomware and having to decide whether or not to pay the criminals in order to regain access to their computers.

One of the major issues surrounding WannaCry is that a patch was available for it even before the initial attack. Consumers and businesses who were using older computers or older operating systems may have been more vulnerable, along with individuals who haven’t been installing recommended updates regularly.

Another issue some victims faced was not having a strong, up-to-date security suite with antivirus and anti-malware protection. A number of large-scale data breaches have been traced back to inadequate protection for a computer or network, and in some cases, the original victim was not the major corporation who was ultimately the target.

One of the best courses of action against WannaCry or any other form of ransomware is to create scheduled, automatic backups of all your files. These backups can be stored in a cloud-based subscription or an external storage device, and they’ll mean you can still access all of your files if someone targets your system. Paying the ransom might be cheaper than a new computer—the typical WannaCry ransom was $300, but other ransomware attacks have demanded more—but there’s no guarantee the hackers will release your files upon payment. That money can be put towards newer equipment instead of lining a cyberthief’s pockets.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

The term “data breach” serves as a catch-all word for any kind of event in which someone entrusted with information—usually for large groups of people, like one’s customers or patients—allows that information to be exposed. While some data breaches are the work of highly-skilled hackers who can access a billion email accounts at once, others could be something as simple as an electrician leaving his work phone behind on a job site, possibly exposing customers’ info.

However, no matter how it happened, who was at fault, or what information was exposed, all data breaches are serious. They carry the potential for someone to misuse information or harm others.

A recently reported data breach of the United States Postal System’s website appears to be accidental, but since about 60 million users’ information were exposed for at least a year, there’s no telling what damage could have occurred…or has already occurred.

This breach involves the website’s API, or “application program interface.” API is computer lingo for the set of parameters that help legitimate users interact with a website. The API was connected to the USPS “Informed Visibility Mail Tracking & Reporting” service, a mail tracking preview program, where the weakness was found. Unfortunately, by exploiting any security holes found in the tracking service, hackers can interact with the API, too.

Here’s what security researchers found: the USPS website was accidentally left “unlocked,” meaning anyone with an account could change the search parameters and find other users’ accounts and information. They could even make changes to those accounts in some cases.

Think of it like this example: pretend you went to a major retailer’s website to look up a pair of socks you ordered two years ago. You go to your order history, type in your name and zip code, and then your order history appears. Now pretend that you could simply change the zip code or the last name, or your city or street address. What would you do if all of the information for every person in your zip code, last name, city, or street address appeared? What if it showed you every single item those people had ever ordered?

That’s similar to what happened here, and there are a few unfortunate issues with this breach. First, the information was never secured in the first place. It was only a matter of time before someone decided to test out different data points. Also, the USPS was supposedly informed of this website problem a year ago. Recently, the person who informed them then contacted Krebs on Security to report that the matter had still not been resolved, and Brian Krebs reached out to the postal service. After he contacted them, the USPS patched the problem and made it stop.

This certainly isn’t the first time a government agency has suffered a data breach. The Office of Personnel Management, reported in June 2015, and the US State Department, reported in September 2018, for example, have both endured exposures of users’ sensitive information. However, that doesn’t make the issue any easier for the consumers who now need to monitor their USPS accounts and make sure that nothing out of the ordinary has taken place.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert