Save the date for this year’s Data Privacy Day! In the current always-connected digital age, it can be easy to take privacy for granted. Apps, websites, social media and even games want everything from permission to access our contacts list to invasive amounts of personal information. Even signing up for a new account can mean turning over your name, email address or birth date.
StaySafeOnline, which is powered by the National Cyber Security Alliance, will be hosting its annual Data Privacy Day on Tuesday, January 28. This live-streamed event will begin at 1:00 p.m. EST/10:00 a.m. PST and will feature industry experts speaking on a variety of privacy-related topics.
One session of the event will be important to a lot of different stakeholders, that being the discussion of the new California Consumer Privacy Act, which is set to take effect this month. There will also be panels on the effects of the GDPR regulations that have already gone into effect in Europe, as well as discussions on how privacy affects both businesses and individuals in a worldwide-connectivity landscape.
More importantly, one of the goals of Data Privacy Day is to look ahead to what the future of the privacy and cybersecurity landscape might look like. A few years ago we might have never envisioned mobile games that could leak your personal information online or social media apps that buy and sell users’ data as a commodity. Now, with the first days of 2020 already behind us, it is both exciting and a little unnerving to imagine what privacy will really mean in the coming decade. To participate in the online live stream of Data Privacy Day 2020, visit StaySafeOnline.org and click on the Data Privacy Day tab.
You might also like…
Once the decorations are put away and the confetti is swept up, the start of a brand-new year opens up before us. However, among all the goodwill about new beginnings and fresh starts, there is an age-old task waiting for you that is not very pleasant: tax filing.
Somehow, the old year is not over just yet. You have to file the previous year’s returns by April 15, and you might notice that the paperwork starts to trickle in all during the month of January. Do not be tempted to toss it in a drawer or push it aside. Experts have warned that tax filing as soon as you possibly can is a good way to protect your identity and your refund.
Tax return fraud has been a major issue for many years, and it can happen to any taxpayer. The high rate of personally identifiable information that is available for thieves to use, thanks to data breaches or purchasing entire identity records on the Dark Web, contributes to the problem. Essentially, a thief files a fake tax return using your name, Social Security number and other details about you. They have the bogus refund issued to a prepaid debit card, and their work is done. When you attempt to file your own legitimate return, it gets rejected for being a duplicate.
It gets worse. Not only are you out your refund, your information is now associated with this tax return fraud. Even worse, you still have to file your correct return in a timely fashion or face penalties.
Fortunately, you are not powerless to stop a faceless criminal here. The best way to prevent tax return fraud is to simply beat the criminal to it. If you can get your return filed before they do it, yours will be the legitimate return and theirs will be the rejected duplicate.
Of course, you cannot get to tax filing until all of your documentation arrives, and legally that can take until January 31. That is why now is the time to start gathering any paperwork you will need, deciding on how you will prepare (at home with forms or software, or with a professional preparer) and getting ready to check off this important box.
Tax filing early has the added benefit of getting any refunds you are owed that much sooner. Do not put off tax filing as just another hassle or chore. Protect yourself this year by getting it out of the way.
You might also like…
The holidays have past and a new year is upon us. With that, New Year’s resolutions are beginning to surface. Some resolutions might include going to the gym every day, spending less time on social media or creating a budget you can actually stick to next year. While some of those resolutions might be more realistic than others, there are some practical resolutions you can make that will be even more beneficial. And it’s all based on protecting your identity… In 2019, the Identity Theft Resource Center saw the number of data breaches reported continue to rise. In fact, the ITRC has now recorded over 10,000 data breaches since 2005, hitting the mark this past calendar year. 2019 also saw the announcement of large-scale data breaches like Capital One and healthcare providers and insurance companies continue to be one of the hardest-hit targets, thanks to the overwhelming amount of personally identifiable information (PII) they gather. So what is your New Year’s resolution heading into 2020? If you do not have one, or even if you do, consider making some 2020 identity theft New Year’s resolutions to make your personal data as safe as you can. You can protect your privacy through your simple, everyday habits.
Resolution One: Be Aware of What You Post on Social Media and What You Share
If you are connected online through any of the several social media platforms, you need to know how they work and how to keep your information private.
- Enact practices that include not oversharing information and change your settings to private.
- Use different passwords for each social media account.
- Create strong and unique passwords that include two-factor authentication.
Resolution Two: Guard Your Data
One of your 2020 identity theft New Year’s resolutions should include keeping better tabs on your PII. Do not just turn over your Social Security number without asking why they need it and verifying their plans to protect it. A lot of organizations still ask for it simply out of habit. However, your SSN was designed as a tax identification number, and by law is not to be used for everyday identification purposes.
Resolution Three: Know the Latest Scams and Help Others Stay Alert Too
Fraudsters are always trying to find new ways to attack. That is why it is so important for consumers to stay up-to-date on all of the latest scams, fraud attempts and identity theft information. You can check in with the ITRC for the latest information by signing up for the TMI (Too Much Information) Weekly and following the ITRC on Facebook and Twitter. Once you know about the latest threats, you can help spread the word with friends and family.
Resolution Four: Adopt Good Cyber Hygiene Habits
While 2019 was the year of data, 2020 will be the year of privacy. That is one reason why your 2020 identity theft New Year’s resolutions should include good privacy habits. While data breach fatigue is a recognized phenomenon, the flip side is paranoia that makes you want to unplug and go off the grid. Neither is a solution. Rather, the solution is good privacy habits:
- Never clicking or downloading unknown attachments
- Ignoring messages that offer too good to be true deals
- Monitoring your accounts and looking for anything out of the ordinary
- Order your free yearly credit report
Resolution Five: Watch Out Account Hacks from Credential Stuffing
In 2019 we saw numerous data breaches and account hacks from credential stuffing. Disney+ users saw their accounts sold online after hackers were able to infiltrate their accounts and change the passwords to lock users out. Earlier in the year, TurboTax announced a data breach that was caused by credential stuffing. Consumers need to be sure they are consistently changing their usernames and passwords to reduce the risk of credential stuffing and having any accounts hacked. The unfortunate truth is that some identity theft crimes are unpreventable. However, these 2020 identity theft New Year’s resolutions are steps you can take that will reduce your risk of falling victim to identity theft and increase the likelihood of you spotting a problem quickly. The ITRC is always here to help. Call us toll-free at 888.400.5530 or live-chat with one of our advisors.
You might also like…
2019 has come and gone and it is time to jump into the future and look at the 2020 trends for identity theft.
Looking Back at Our 2019 Predictions
First, when we look back at our 2019 predictions, there is one particular prediction that came true. In 2019 we predicted that other states would follow California’s lead and pass their own privacy legislation. New York proposed the New York Privacy Act and, in some ways, it was more potent than California’s law. The exemptions for non-profits and small businesses were gone and the private right of action, the ability for individuals to some companies directly, were included. While it is unknown what the final form or outcome of New York’s legislation will be, it is one of the reasons we think the privacy conversation has finally reached its tipping point.
The Long Road to Privacy
The theme of 2019 was data and 2020’s will end up being privacy. People care about privacy. If you ask anyone on the street if they care about privacy, most will tell you they do. However, when they are presented with real-world scenarios, they usually do not adopt behaviors that would be considered privacy-centric. According to Pew Research, 80 percent of social media users are concerned about their privacy. The study goes on to shed light on why our feelings are so complicated when it comes to privacy. With that being said, these are social media users. They continue to use these platforms for a variety of different reasons, despite all of their concerns. Not very many people would drive their car if something was wrong with it until they fixed it. It would not be 80 percent, that is for sure. Why is it any different with social media users and their accounts? While it might seem nonsensical to compare vehicle safety to privacy, it isn’t. Consumers simply do not think of privacy as a safety issue – even though it is. As a society, we do not value privacy the way it needs to be valued. The good news is that the ITRC believes the 2020 trends around identity theft, data privacy and cybersecurity will include more conversations around the safety issue that is created when we do not fully understand when our privacy is violated, or what that even means. Perhaps 2020 will be the year where we don’t just say we care about our privacy but actually behave in a manner that supports it.
Data Breaches at the Forefront
As in years past, data breaches were also at the forefront in 2019. We saw too many of them as a result of open databases. Best Western recently experienced a data breach from an open database that exposed over 21 million government records. Choice Hotels and Adobe also experienced similar breaches in 2019. It is something that could continue to happen in 2020 because more businesses are moving to cloud-based databases. Many times the security of the database relies on the inherent security settings, which may or may not be robust, rather than custom security settings. We also saw numerous data breaches from credential stuffing in 2019. Some Disney+ users saw their accounts sold online after hackers were able to infiltrate their accounts and change the passwords to lock out account owners before posting the credentials online for others to use or buy. Earlier in the year, it was TurboTax announcing a data breach that was caused by credential stuffing. Consumers need to watch out for data breaches and account hacks from credential stuffing in 2020. They will need to take the steps to protect their privacy (change usernames and passwords, use strong passwords, etc.) for us to see fewer of these types of breaches and lessen their impact. It’s ITRC’s hope that the conversations around privacy issues will help decrease the incidents of data breaches and account hacks based around credential stuffing and grow to be fewer in the years to come.
ITRC is Here For You
Predictions are only an educated guess that are based on previous events and information. Industries, policymakers and the public will have to wait and see how the 2020 trends for identity theft, cybercrime and data privacy play out. Regardless of what happens in 2020, the ITRC will be here, working to fight back against the techniques scammers will be using to commit identity theft and supporting victims through the process of regaining their identities.
You might also like…
Like many great celebrities, Ellen DeGeneres is known for her generosity and gifts to her many fans. At the holidays, she tends to ramp up the effort and give high-dollar gifts to countless people. Unfortunately, the publicity surrounding these endearing episodes of her show has led to an Ellen Facebook scam.
Under the guise of The Ellen Show, fake accounts are offering sought-after prizes to social media users who jump through their hoops and fulfill their requirements. It might be commenting, sharing the post, liking it or clicking a link and filling out a form with a lot of personal information. In some cases, hoaxes of this kind have also led to financial loss when scammers move forward with their crimes. People in other scams like the Ellen Facebook scam have been asked for their personally identifiable information, complete identities and money. This holiday season—and all year long—do not be taken in by the Ellen Facebook scam, Lowe’s “tiny house” scams and other similar traps.
Remember, even commenting on a post like one to warn others that it is a scam can link your account to the scammer’s post. Instead, make your own post with a screenshot of the original if you want to get the word out and warn others. You can also report the post to Facebook or to the Group in which it was posted. Social media scams and hoaxes like the Ellen Facebook scam are a serious issue, and there is no sign that they are letting up soon. The best thing you can do to protect yourself is to know how to spot the indicators. Major companies have official accounts (sometimes with a checkmark) and they do not make silly grammatical errors.
Also, stop and think about what they are really offering. When is the last time you heard of Walmart giving away $100 coupons to everyone who likes a post, or Lowe’s building houses for people but only if they respond in the nick of time? Quite simply, they do not do that. However, that does not stop unsuspecting people from interacting with the scammer and spreading the post far and wide. Be a good digital citizen and remind the people you care about that scams and hoaxes are no joke, especially this time of year.
You might also like…
Popular convenience store chain Wawa has announced a breach that potentially stole the payment card information for customers throughout much of this year. In the case of the Wawa data breach, malware was discovered on the company’s payment processing servers on December 10, and that malware was designed to steal cardholders’ names and card numbers at the time of payment. However, there is no reason to believe that PIN numbers, security codes or driver’s license numbers—used to purchase things like alcohol or tobacco—were compromised in the Wawa data breach.
Unfortunately, their investigation has led them to believe that the malware was installed sometime after March 4 of this year. Customers are urged to look back through their transactions and see if there are any fraudulent charges, which the company has said they will not be responsible for. The company is also offering one year of free credit monitoring to affected customers of the Wawa data breach.
The response to the Wawa data breach—discover the malware, contain it, investigate it and report it with corrective action—is all in line with how businesses are urged to handle these kinds of crimes. It is a massive improvement over data breaches from only a few years ago in which the incident might not have been discovered and the victims not notified for a year or longer.
Incidents like the Wawa data breach should serve as an important reminder to take as much preventive action as you can. First, enabling “card not present” alerts with your financial institution or card issuer will inform you immediately if someone uses your card number without the physical card in their possession. You can also ask your bank what other security measures they specifically offer to prevent these kinds of crimes. Finally, it is important that you check your account transactions routinely in order to spot anything unusual. Do not wait for a notification letter or email to tell you that someone has stolen from you.
You might also like…
More than 3,000 Ring customers’ credentials were compromised in a recently announced Ring doorbell data leak. However, according to sources from the company, there has been no data breach or attack on the company’s systems. What’s at stake, and how did it happen?
First, the compromised information from the Ring doorbell data leak includes some payment card information, email logins and passwords, locations and very specific names that the customers assigned to their Wi-Fi-enabled doorbell/camera combos. Ring, which is famous for its doorbell that lets users see, record and interact with someone who comes to their door, also makes interior cameras that are smartphone-controlled over Wi-Fi. These cameras were accessible to the criminals, even in real-time, once the credentials were stolen.
However, a company spokesperson said that Ring’s network and servers were not compromised, which leads to the possibility of credential stuffing being at the core of the Ring doorbell data leak. This happens when a username and password are stolen in an unrelated data breach, and then those credentials are cross-matched to other accounts. If the customer reused the old stolen email and password on their Ring account, that would give the thief access to it. It would also explain why an oddly specific number of accounts, 3,672 according to Buzzfeed, was accessed.
General password hygiene has been a hot topic for a long time, but the message is still not reaching all tech users. The need for strong, unique passwords has been shared, but unless tech users follow through by creating lengthy, seemingly random passwords that they only use on one account, they are simply not protected. Moreover, changing your passwords frequently is a great idea since a treasure trove of old login credentials could end up online or be discovered long after the fact. If you frequently change your password, it does not matter what kind of information a cybercriminal finds since it will no longer provide access to your account.
There is another concerning facet to the news of the Ring doorbell data leak, and that is the relaxed approach so many tech users have taken to internet-enabled invasions of privacy. While things like cameras and voice-activated home assistants are highly beneficial to a lot of people, there is simply no excuse for installing something like a camera that records your child’s bedroom and then not keeping it as secure as possible. A hacker with the right skillset can break into some of the world’s best defenses, but you do not have to make their job easier by failing to protect yourself. Password security is important at all times, but never more so than when your personal safety is on the line.
You might also like…
As this year winds down, it is important to spend a little time reflecting on the 2019 identity crimes, some of the things that went right in 2019 and the things that did not go as well. This is true for so many subjects, especially identity crime – which includes scams, fraud, data breaches, cybercrime and all of the other types of crimes that go with it.
Fallout from 2018
As in previous years, this past year has been a big one for these kinds of crimes. Tech users are still feeling the aftermath of things like the Facebook/Cambridge Analytica privacy debacle that was uncovered last year; Congress is still at work on what to do about consumer privacy in the social media age. Also, the news that phishing attacks more than doubled last year over the year before had researchers, businesses, lawmakers and consumers alike paying closer attention to the messages they receive.
What Went Right in 2019
Fortunately, new legislation has come along to make our privacy lives a little safer. The General Data Protection Regulation (GDPR) regulations went into effect in Europe last year, for example, and they inflict strict penalties on businesses that gather and store data but let it fall into the wrong hands. New laws in California and Colorado will be taking effect soon, intent on strengthening privacy and consumer choice. Best of all, the awareness of what constitutes these kinds of crimes and how to recognize them is increasing.
Top Security Incidents of 2019
However, this welcome news does not mean that consumers are safe or that hackers are finally giving up. With every new platform, tool or technology, there is even greater potential for new avenues of attack. Healthcare providers and insurance companies continued to be one of the hardest-hit targets this year, thanks to the overwhelming amount of personally identifiable information (PII) they gather. “Accidental exposure” breaches were a common 2019 identity crime for major-name companies, which happens when businesses store huge databases of private information – in an online server then fail to password protect it as an example. Even our entertainment was not safe, as many apps and online gaming portals suffered data breaches that were traced back to reusing passwords on multiple sites.
2019 did not just see a lot of large data breaches, but settlements as well.
In July, Equifax reached a $700 million settlement for harms caused by their data breach. Equifax agreed to spend $425 million to help victims of the breach, leading to lots of discussion on how to file a claim.
While the Equifax settlement was the largest in data breach history to date, Facebook blew it out of the water just two days later, as they were ordered to pay $5 billion. After the settlement, Facebook said it required a “fundamental shift” in Facebook’s approach at every level of the company in terms of their privacy.
A month and a half later a Yahoo data breach settlement was proposed for $117.5 million after over three billion Yahoo accounts were exposed. Identity Theft Resource Center CEO, Eva Velasquez, stated in a media alert that the settlement trend is moving the needle in the right direction for both consumers and victims. However, that was not without its challenges, including putting the onus on the consumer to tell the settlement administrators how they were harmed and provide proof of it.
10,000 Breaches Reported
This past year the Identity Theft Resouce Center also recorded 10,000 publicly-notified data breaches since 2005. As part of the milestone, the ITRC took a look back at some of the top breaches the last 15 years as part of our 10,000 Breaches Later blog series.
Minimizing Future Risks
While data breach fatigue is a recognized phenomenon, one that can occur when consumers are bombarded with constant news about their data being compromised, the flip side is the kind of paranoia that makes you want to unplug and go live off the grid. However, neither of those is the solution. What does work is an awareness of the threat and some good privacy habits to prevent crimes like the 2019 identity crimes:
- Never click a link or download an attachment in an email or message you were not expecting
- Ignore messages that offer amazing deals or threaten you with jail time for not complying
- Remember that gift cards are not legal tender for paying your taxes or paying a fee or fine
- Monitor your accounts and credit report routinely to look for anything out of the ordinary
- Place a freeze on your credit report if you will not be using it anytime soon
- Protect all of your accounts with strong, unique passwords that you change routinely
We’re Here to Help
Remember, you are not responsible for the criminal behaviors of a hacker. However, you can take steps that reduce your risk of becoming a victim and help minimize the damage if the worst does occur. The Identity Theft Resource Center is always here to help. Call us toll-free at 888.400.5530 or live-chat with one of our advisors.
You might also like…
New Google Chrome features have privacy experts excited. Software developers spend a lot of time and money creating the programs and apps we use on a daily basis. Sometimes, that software could use a little facelift, especially as new features and innovations come along. Other times, the software desperately needs an upgrade due to security issues.
In the new Chrome web browser update, password security is even stronger. If you attempt to login on a website or account and that username and password combination has been compromised anywhere else online, Google will alert you immediately and encourage you to change your password. This new Google Chrome feature is really helpful if you are one of the many tech users who still reuses their passwords on multiple accounts, something the Identity Theft Resource Center does not recommend.
Another great Google Chrome feature is the updated anti-phishing tool. In the past, Google would compare website URLs you visited against a list of known phishing sites. While the turnaround time for updating its list was about 30 minutes, meaning Google’s team updated the list continuously, that was still enough time for scammers to slip through or redirect their web traffic to avoid being caught. The new phishing detection happens in real-time, so if you attempt to visit a phishing website, you will be alerted immediately.
While Google’s team was making upgrades for the new Google Chrome features, they included a bunch of other new features that are not really security tools. However, they are still really handy, so Chrome users will want to take a look.
With that said, there is a catch when it comes to all these great new Google Chrome features. You cannot have them if you do not update your browser. The same is true of any app or software you use. If the developer creates a new feature, launches a new tool or discovers a massive security problem, your version will not have any of the benefits or fixes unless you update it. When you receive an alert or a notification about an available update, it is important to install it right away.
Think of it this way: if a developer discovered a dangerous security flaw that allowed hackers to break in and steal identities, the last thing they would want to do is broadcast that information. Hackers around the world could swoop in and attack computers that have not installed the update. Therefore, the news of these Google Chrome features and fixes does not tend to be very widespread. Just know that it is important to update the tools you use in order to stay protected and enjoy all the great benefits they have to offer.
You might also like…
GET ID THEFT NEWS
Stay informed with alerts, newsletters, and notifications from the Identity Theft Resource Center