Halloween is not the only celebration to look forward to at this time of year. Every October, the National Cybersecurity Alliance hosts a consumer-awareness event, National Cybersecurity Awareness Month, also known as #CyberAware month, based on protecting you from harm. This month-long celebration of digital security and privacy promotes safer connectivity, healthy device use and a better understanding of how to keep your identity and data from falling into the wrong hands.

This year’s theme is “Own It. Secure It. Protect It.” In other words, the tech public is being cautioned to take more of a sense of control over their own protection, starting with how they engage online.

#CyberAware month is dedicated to understanding how you can have ownership over your privacy and security, and StaySafeOnline has the following tips:

Never Click and Tell: Staying Safe on Social Media

Social media is one of the biggest pitfalls to our privacy, partly due to the way different platforms collect, store and sell information. However, a lot of users also have to take some of the blame for oversharing and not locking down their accounts.

Oversharing is when you tell too much about yourself online. It might be spreading around your full name, address, or email or giving away too many details about where you live or work. You might be revealing too much about your family members, even your children. Some users even give away too much information about their present locations, including the exact coordinates and street address.

Remember, strong privacy settings on all of your accounts can help keep others from seeing too much, but with shareable content, someone else might be able to get in. You do not have to tell all you know when you post, and you certainly do not have to post birthdates, locations, the names of your children’s schools and your maiden name if you have one. Guard that information and remember that all of those little details are pieces of your complete identity puzzle.

Update Privacy Settings

The privacy settings mentioned above determine who can see your posts and your profiles, and they also determine which of your friends can share your content. If you post a nice family photo of a relative’s birthday, depending on your privacy settings, one of your friends can innocently share it to their profile so that other family members can see it. From there, it can make the rounds and end up in a hacker’s inbox.

On some platforms, there are default settings that you have to manually adjust to your comfort level. On others, some of your posts are public and some can be kept private. It is important that you understand how each platform works and what your privacy settings are before you use them.

Keep Tabs on Your Apps

The apps you install on your devices and the accounts you establish online might be just another part of using technology, however they can also come back to haunt you. If you have reused your username and password on multiple apps and accounts, if you have connected your social media profiles to your apps in order to log in faster or if you have not updated your apps or accounts in a while—just to name a few of the potentially harmful problems—then you may not be protected.

Remember, hackers want information. They use that information to get even more information, and then they can go after bigger payoffs. It is important that you understand what you are installing, what accounts you are creating and how to protect them and when you must update these things in order to stay safe online.

National Cybersecurity Awareness Month is about welcoming fall and enjoying some spooky fun, but there is nothing fun about cybersecurity lapses. Take the time this NCSAM month to protect yourself and develop good habits that will keep you safe all year.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Zynga Data Breach Spells Trouble for 200 Million Users 

Steps to Take After Doordash Data Breach

10,000 Breaches Later: Top Five Retail Data Breaches

 

Popular game developer Zynga is the company behind such widely popular apps as Words with Friends, Farmville and Draw Something, but these games are not only popular with smartphone users. A well-known hacker named Gnosticplayers has claimed responsibility for stealing the login credentials for around 200 million Android and iOS users who had downloaded those and other games.

These games allow users to find friends online and play long-distance games, as well as to engage in fun challenges with strangers within the safety of the app. Unfortunately, a hacker was able to inject themselves into the system that controls things like usernames, passwords, email addresses and any Facebook accounts that were connected to the app in order to speed up login as part of the Zynga data breach.

While the hacker did not necessarily grab any highly-sensitive information, the information that was stolen in the Zynga data breach can easily be used for malicious purposes. These include spam emailing, scams and phishing attempts. Of course, any users who reused a password on their apps, meaning one that they use on other unrelated accounts, may have put those other accounts at risk as well.

Zynga is urging all of its users who downloaded these apps prior to September 2019 to change their passwords immediately. If you connected the app to your Facebook profile, it is a good idea to go into your settings and remove that connection, then change your Facebook password just to be safe.

In the future, there are two really important things you can do to minimize the risk from this kind of attack like the Zynga data breach.

First, never reuse a password or use one that is easily guessed.

Anyone who nabs your password in any data breach has automatic access to every account where you have reused it.

Second, avoid connecting your apps, especially frivolous ones like games, to your social media accounts.

It might make it easier to login and you can post updates on how many levels you have beaten at some random three-in-a-row game, but you are also opening yourself up to possible harm.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

New Venmo Scam Targets Payment App Users 

Breach Clarity Helps Consumers Make Sense of Data Breaches

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

 

On September 26, 2019, a DoorDash data breach was announced by the popular food delivery app, leading to hackers accessing the company’s data system. Approximately 4.9 million customers, restaurants and delivery workers had their personal information exposed, including their driver’s license numbers, names and addresses and bank and credit card information. Users who joined after April 5, 2018 were not affected by this breach.

In a security notice regarding the data breach, DoorDash said earlier this month they became aware of unusual activity involving a third-party service provider. They then immediately launched an investigation that led to the determination they were hacked on May 4, 2019. DoorDash continued on to say that customers who signed up before April 5, 2018 potentially had their names, email addresses, phone numbers, order histories and the last four digits of their credit and debit cards exposed. However, full credit and debit card information was not accessed.

Delivery workers and restaurants could have had the last four digits of their bank account numbers taken. However, once again, the full bank information was not accessed. Approximately 100,000 delivery workers also had their driver’s license numbers hacked.

The food delivery app says they are reaching out directly to those affected by the DoorDash data breach with specific information about what was accessed. If consumers have any questions, comments or concerns, DoorDash has set up a call center that is available for 24/7 support at 855.646.4683. In the meantime, here are some things you can do if you think you may have been affected by the DoorDash data breach.

Change Your Passwords Now

Anytime there is a data breach and you think you might have been affected, the Identity Theft Resource Center urges people to change their passwords immediately. Despite the fact that DoorDash says it will be reaching out to everyone affected, however, it is still a good idea to update your password and make sure it is a strong, unique password.

Track Your Steps

According to Identity Theft Resource Center’s 2018 End-of-Year Data Breach Report last year there were 1,244 data breaches reported. What that is less than 2017, the number of exposed sensitive information significantly increased.

In the event you are a victim of a data breach and have a incurred financial costs or expended time and other resources, the ITRC encourages people to be prepared so you can prove your case in the future. You can do that by downloading our ID Theft Help App, which has a case log manager tool to help track any actions you take in response to a breach.

Consider A Credit Freeze

If you were a DoorDash driver before April 5, 2018, you could have had your driver’s license stolen, as well as potentially the names and contact information. Delivery drivers might want to consider putting a credit freeze on their reports to prevent a criminal from opening an unauthorized account in their name.

It is important to note that a credit freeze will stop someone from taking out a credit card or loan in your name, but it does not prevent identity theft not related to opening up a credit account.

Watch for Suspicious Activity

Be sure to track all your accounts daily for suspicious activity whether you were impacted by the DoorDash data breach or not. This also includes being very careful if you get any emails or phone calls from DoorDash. It is common for scams to happen following a data breach. If you see any suspicious activity do not respond and report it.

For more information on the data breach, you can go to Breach Clarity to see what information was exposed and see the risk score of the DoorDash data breach. You can also call the Identity Theft Resource Center toll-free at 888.400.5530 for assistance or LiveChat online.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

New Venmo Scam Targets Payment App Users 

Breach Clarity Helps Consumers Make Sense of Data Breaches

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

 

It is back to school time, or as many college students know of it, back to debt time. One of the many mounting costs associated with higher education is the price of textbooks. However, thanks to the internet, there many websites offering free and cheap digital versions of the real thing. Because of that, students should beware of malware hidden in eBooks.

As with other websites that offer premium content like first-run movies and new video games for little to no cost, there is a hidden threat: viruses and malware tucked inside the file. In some cases, you do not even get to download the content before the virus from the malware hidden in the eBook attacks your computer.

This used to be a simple issue: you steal some content, you take the risk. With more and more schools helping students cut costs by promoting the real digital versions of the required textbooks, you could accidentally infect your computer or the network with malware hidden in eBooks while trying to do the right thing.

In order to avoid malware hidden in eBooks, there are some important steps you can take.

Do not give in to the temptation to save a lot of money

The price of textbooks is a burden, but there are steps you can take to offset, reduce or avoid the cost that do not put you at risk. Some libraries keep copies of popular textbooks, and there are retailers who now offer textbook rentals for a fraction of the cost. You can even split the cost with a friend and share the book. With that said, trying to get it for free online is a recipe for a virus from malware hidden in an eBook, and that can end up costing you almost as much as the book would have cost.

If you are going digital, know the source

Digital textbooks are great. They are portable, often cheaper and can even include extras like additional resources and homework help. Make sure you are getting it from a trusted retailer or website and not a site that promises free or cheap eBooks.

This can also affect supplemental materials

There is nothing wrong with searching online for additional materials to help you study unless it is pirated content. However, this same threat can hide embedded in other kinds of course materials, too. Even if you are not stealing anything, downloading free study materials or essays could be a great way to spread some malware hidden in eBooks.

Keep your security software updated

Even if you would never download pirated content, that does not mean someone else on the network won’t. Your roommate, a student down the hall or someone in the campus computer lab. If you are all connected to the same network, you stand a chance of “catching” someone else’s infection. Keep your antivirus and antimalware software installed and up-to-date and remember to run a scan regularly to avoid malware hidden in eBooks.

If you are infected…

Remember that the goal of a lot of malware is to steal data from your device or lock the device until you pay the ransom. Change your passwords on important accounts regularly to avoid having your account access stolen and back up your important files to a cloud storage or external hard drive. That way, if you are infected with ransomware, your important documents are still accessible.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Back to School, Back to Scams

FAFSA and Student Loan Identity Theft

The Pros and Cons of Peer-to-Peer Payment Apps

A new Venmo scam is making the rounds nationally, one that can lead to massive financial losses in your Venmo account.

Payment apps are a fairly new invention, especially peer-to-peer apps that are connected to your bank account or a credit card. Unfortunately, what is not new is phishing scams.

Fraudsters are reaching out to unsuspecting victims and convincing them that something is wrong with their account. The scammer, while looking and sounding like the legitimate company, tricks the victim into handing over their account credentials, sending money or doing something else that causes them harm.

Payment apps that allow you to make retail or restaurant purchases have been in use for a long time, but these new apps like Venmo allow you to pay another individual simply by having an account. You might split the cost of dinner with a friend or pay someone back for buying your concert ticket when they bought theirs. The idea is that it is more convenient than cash and does not incur such a high fee as some online payment methods.

Law enforcement and Venmo have both issued warnings to the public about a new Venmo scam that includes phishing attempts that come through as text messages, claiming to be the payment app company.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Image courtesy of Kane County Utah Sheriff’s Office

Since the app is installed on the user’s phone, receiving a text message might not seem so strange at first. What is strange, though, is the request to verify your username and password due to a supposed problem with your account. In the Venmo scam the victim clicks the link, enters their credentials to verify or unlock their account, and the scammers log into that account from their own device, then send themselves a massive payment from the Venmo user’s account. As you can see, this Venmo scam is very effective because it looks trustworthy.

A Facebook post to warn the public of the Venmo scam was issued by the Dighton, Massachusetts police department with information on the scam. It was later confirmed by Venmo, who issued its own warning.

The company has stated that they will never text or email you for your credentials. However, avoiding any scam like this requires the ability to ignore it.

If you ever get a text, email or phone call about an account you own, ignore it and go directly to the app settings or customers service number yourself. Do not trust the contact information in the message, but rather look it up on your own. Do not click any links or open any attachments. Look into your account to see if there really is anything suspicious going on, and then contact a support agent if you need to be sure.

Image of Venmo app settings

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Robocalls and What to do About Them 

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

Airport Technology Risks Can Threaten Your Identity 

 

 

In our 2018 End-of-the-Year Data Breach Report, the Identity Theft Resource Center reported 907 data breaches that impacted the business sector; these breaches equaled more than the amount reported for the banking, education, government and medical sectors combined. Of the five industry categories ITRC tracks for data breaches (banking/credit/financial; business; education; government/military; and medical/healthcare), business-related data breaches are the most common.

You can learn more by signing up for the ITRC Monthly Breach Newsletter.

That is just one reason why the ITRC has been working to empower identity theft victims with the resources and tools to resolve their cases since 1999. Our mission is to help people proactively reduce their risk of becoming a victim of identity theft and to empower them if they become a victim. Since 2005, the ITRC has recorded over 10,000 publicly notified data breaches. We’re continuing our 10,000 breaches blog series with a look at the top five business data breaches that impacted U.S. consumers and personal information compromised.

Starwood Hotels & Resorts Worldwide, LLC. (Marriott International)

In November 2018, Marriott announced that its Starwood guest reservation database had been accessed by an unauthorized user. Nearly 383 million records were accessed in this business data breach, which included names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest account information, birth dates and encrypted payment card numbers. Hotels are typically hot targets for data thieves due to the sheer volume of people’s data available.

Heartland Payment Systems

Payment processor Heartland Payment Systems announced in January 2009 that its processing systems had been breached one year prior, affecting thousands of businesses and banking institutions. Around 130 million consumers’ credit and debit card information had been stolen including cardholder names, card numbers and card expiration dates, putting all consumers at risk for fraud. An investigation into the business data breach began once Heartland received notifications from Visa and MasterCard about suspicious activity surrounding the payment systems processed card transactions.

Equifax

Once again, Equifax makes the list. As many people know, in 2017 Equifax experienced a hack that exposed 148 million U.S. consumer’s personal information including names, dates of birth, Social Security numbers, addresses, phone numbers, Driver’s License numbers, email addresses, payment card information and Tax ID numbers. In July 2019, Equifax reached a $700 million settlement due to their business data breach and agreed to spend up to $425 million to help the victims of the breach. If you were affected, you can file a claim for cash or free credit monitoring services. You can also file a claim for a minor that has been impacted as well. If you have questions about the settlement and what it means, read more here.

Experian/T-Mobile

In September 2015, Experian North America disclosed a breach of their computer systems that affected 15 million applicants for device financing from wireless provider T-Mobile. Names, birthdays, addresses, Social Security numbers, alternate forms of identification (such as Driver’s License numbers, passport numbers or military ID numbers) were some of the information exposed. While the business data breach impacted Experian’s services, it did not affect their consumer credit database. According to T-Mobile, Experian took full responsibility for the theft of data from its server and offered free credit monitoring services to all the consumers who were potentially at risk.

MyFitnessPal (Under Armour)

It was discovered that an unauthorized party acquired data associated with Under Armour’s MyFitnessPal user accounts in March of 2018. Approximately 150 million user accounts were compromised in the business data breach exposing usernames, email addresses and hashed passwords. MyFitnessPal released a notice of data breach stating they quickly took steps to determine the nature and scope of the issue and were working with data security firms and law enforcement authorities in an investigation. In the same statement, MyFitnessPal recommended users change their passwords for all their MyFitnessPal accounts, review their accounts for suspicious activity, be cautious of any unsolicited communications that ask for your personal data and to avoid clicking on links or downloading attachments from suspicious emails. (These are practices the ITRC encourages consumers to take with all of their accounts to reduce their risk of identity theft.)

Coming Up In 10,000 Breaches…

As we recap the last 10,000 breaches, the ITRC hopes that we can help those impacted – both as consumers and business – understand how to minimize their risk and mitigate their identity compromises. If you received a data breach notification letter, don’t just toss it aside. Call us at 888.400.5530 or LiveChat to talk with a live-advisor on what you should do. If you are a business impacted by a data breach incident, please reach out to the ITRC to discuss how we can provide assistance to your impacted customers.

 As part of this series, in our next 10,000 Breaches Later blog we will take a look at some of the top medical and healthcare breaches since 2005. For a look at all of the 10,000 breaches blogs, visit https://www.idtheftcenter.org/10000-data-breaches-blog-series.

 

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

10,000 Breaches Later: The Benchmark Breaches That Created Systemic Change

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

 

Facebook says using real names helps them keep the most popular social networking site in the world safer. By confirming identities, Facebook states it can help stop or minimize the risk of scams, phishing, abuse and foreign political influence.

In an effort to protect your identity from threats, Facebook is asking some users to send personal identifying information (PII) to prove users are who they say they are. This can happen for general users as well as advertisers. With obvious concerns for the safety of one’s identity, this blog details what, why and how Facebook uses this information.

What This Means for Users

For the average Facebook user, the company might ask you to provide a form of personal identification if you have lost access to your account, they detect suspicious activity or you need to confirm your Facebook name. Facebook will prompt you for verification when a concern arises on your account.

What Must I send to Facebook?

Facebook asks for PII that either includes your name and birth date or name and photograph. This could be a driver’s license, birth certificate, passport, green card or a tax identification card (view the full list here). If you do not want to send Facebook one of the items listed above for personal identification, you do have the option to send additional documentation like bank statements, credit cards, medical records, military IDs, religious documents or a social welfare card. You must provide two documents from this list, and Facebook still might require photo and birth date documentation.

Why Must I send Personal Information to Facebook?

Facebook claims they ask for personal identification to protect your identity and the overall safety of the network ecosystem. If you submit a complaint that you have been locked out of an account, for example, they want to make sure they grant access back to the right person and not an impostor. Of course, there are less serious incidents when it comes to account safety, like requesting to reset a password through email verification.

Another instance Facebook might ask you for personal identification is when you request to change your Facebook name. Whether you just got married, decided to stop or start going by a nickname or are removing your husband or wife from your joint account, Facebook could ask you to verify your identity first.

Technically Facebook users are supposed to go by their real name, even if this rule was not enforced in the past. For this process, Facebook requires the name on your account and the name on your personal identification to match.

How do I Provide my ID to Facebook?

Facebook asks users to scan or take a photo of their personal documents. Then upload them when prompted while trying to access their account.

Facebook will never ask you for your password or to provide identification in an email, or send you a password as an attachment. Emails sent from scammers posing as Facebook often include notifications about platform engagement, community standards and security warnings. Do not engage with Facebook emails if you are unsure of the content. Log directly into Facebook from a secure browser to check for any notifications regarding your account.

How does Facebook Protect the Information I Send?

Facebook claims to treat user personal information with the proper security standards. Their website says, “After you send us a copy of your ID, it’ll be encrypted and stored securely. Your ID will not be visible to anyone on Facebook.”

Facebook does ask users to allow them to “increase their efforts” by giving permission to store your encrypted personal identification for up to one year, with the hope of preventing fake accounts and imposters. To prevent Facebook from using your photo in this instance, visit your security settings.

A published Facebook statement emphasizes their concern for user privacy stating,

“We’ll use your ID or official document to confirm your identity. We’ll also use it to help detect and prevent risks such as impersonation or ID theft, which helps to keep you and our Facebook community safe. It will not be shared on your profile, in ads or with other admins of your Pages or ad accounts. After we’ve confirmed your identity, we’ll delete your ID or document within 30 days.”

Community Reaction

One Facebook user posted on the company’s forum on behalf of her father, who could not get into his account after resetting his password saying,

“Now when he goes to log in, he is being asked for a scanned document to verify his identity. Honestly, I think this is ridiculous! He is being asked to submit a picture of his birth certificate, driving license or marriage certificate. I have never been asked for anything like this in all my time on Facebook and I think it is ridiculous to ask people to do this. No wonder there is so much identity fraud!!”

This post, from 2013, is not an isolated incident and addresses the exact concerns of the Identity Theft Resource Center. When you share your PII with companies or individuals, you increase your risk of identity fraud and theft.

Some users reported after providing the required personal identification documents, they were still not granted access to their accounts. Other users are at a loss for how to help their child access his or her account without exposing them to dangers. Out of concern for privacy when creating an account, some users did not use their real birthday or name and now do not have proper personal identification documentation. Those users will be forced to change the provided information to what matches their legal records.

In response to a forum complaint, a member of Facebook’s Help Team provided the following statement:

“This usually happens when we detect suspicious activity or security threats to your account. We take your security very seriously, so before we can provide you with any information about this account or give you access to it, we need to make sure it belongs to you.”

ITRC’s Response

Before providing your PII to Facebook, or any other company, you need to assess the risk involved. By sharing your confidential legal documentation for storage on a third-party website, no matter for how long, your risk for identity theft and fraud increases. As we know too well, secured servers are still susceptible to data breaches and cyber attacks. We urge users to evaluate how important using Facebook is to them, the value it provides and the risk they are willing to take to continue using the social platform.

Need help? Watch our privacy videos or chat with an advisor today!

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

What Does The Facebook Settlement Mean for Consumers?

Facebook Clear History Privacy Feature to Launch This Year

Change in Facebook Privacy Policy Ordered By the FTC

Get the latest trends in data breaches by signing up for the ITRC Monthly Breach Newsletter delivered straight to your inbox.

On July 19, 2019, Pearson PLC reported a data breach affecting approximately 13,000 schools and university AIMS Web 1.0 accounts. The data breach was attributed to unauthorized access by an unknown individual. Students had their names and in some cases dates of birth and email addresses exposed. Additionally, some staff member names, email addresses and work information – such as job title and work addresses – were exposed.

Editor’s note: School districts affected by the Pearson breach have continued to come forward since the initial July 2019 report. ITRC is tracking each school district separately, as well as part of the larger breach by Pearson. Due to the scope of this breach, an unprecedented number of individual student accounts could have been exposed (hundreds of thousands) leaving an unknown number of victims. ITRC will continue to monitor this breach as it unfolds.

In August 2019 there were a total of 130 data breaches exposing 1,748,078 sensitive records.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

10,000 Breaches Later: The Benchmark Breaches That Created Systemic Change

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

 

The first case of AI fraud has been reported after a perpetrator created an audio clip of a company’s CEO and used it to inform someone else within the company to release funds to the scammers.

In the world of artificial intelligence, a “deepfake” is a completely fabricated audio or video clip in which someone’s real voice or image is used in a situation the person was never in. With relative ease, skilled computer designers and editors can often create videos of a famous person saying or doing things they have never done.

Now being called a “vishing” attack, also known as voice phishing, this AI fraud case involves the head of a German company who supposedly contacted the CEO of one of its UK branches and requested a transfer of funds, stating that they would be reimbursed. The UK employee complied, sending around $243,000 to an account in Hungary. The callers made a total of three calls to the UK company but were eventually refused. Fortunately, the company carries insurance against this kind of AI fraud crime and it was covered.

While the entire point of a deepfake is that it is very difficult to discern from the real thing, there are things consumers and businesses alike can do in order to protect themselves from AI fraud.

Never comply with any kind of sensitive request without prior authorization.

It does not matter if the request comes as an email, a text message or now an audio-based call. Simply take down the caller’s name and the instructions and then verify it with the individual using a known contact phone number or in person.

Establish a company coding system for sensitive requests.

Institute a policy that all money transfers, file sharing or other sensitive activity must include the company “code word” in the instructions. The code should be changed frequently to avoid any threat from hackers.

Make sure that this information is shared throughout the company.

One of the best ways to pull off a successful phishing attack is to target a lower-level employee. It is important to make sure that everyone in the company knows and follows the security protocols.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Yahoo Breach Settlement Proposed for $117.5 Million

10,000 Breaches Later: The Benchmark Breaches That Created Systemic Change 

Robocalls and What to do About Them 

 

By 2021, over 2.14 billion people worldwide are expected to buy goods and services online, up from 1.66 billion global digital buyers in 2016. That means retail data breaches will also be on the rise as point-of-sale (POS) systems, e-commerce sites and other store servers are major targets for hackers looking for large volumes of personally identifiable information (PII) and behavioral data.

Sign up for the ITRC Monthly Breach Newsletter

That is one reason why the Identity Theft Resource Center has been working to empower identity theft victims with the resources and tools to resolve their cases since 1999., including helping people proactively reduce their risk of becoming a victim of identity theft. Since 2005, the ITRC has recorded over 10,000 publicly notified data breaches with monthly and cumulative end-of-year report published.

Read next: 2018 End-of-Year Data Breach Report

ITRC currently tracks five industry categories: banking/credit/financial; business; education; government/military and medical/healthcare. ITRC is a leader in reporting new data breach trends. We’re continuing our 10,000 breaches blog series with a look at the five most impactful retail data breaches for consumers.

Target

Retail giant Target makes the list for their 2013 data breach that exposed the payment card information of 40 million people and the personal information of 70 million. Hackers were able to infect Target’s POS systems with malware, disrupting holiday shopping for millions of consumers. Between Black Friday and Christmas shopping, anyone who shopped at Target from November 27 to December 15, 2013 was at risk for fraud. In a public statement to customers, Target said they moved swiftly to address the issue and that they regret any inconvenience it might have caused.

TJX Companies

In January 2007, TJX Companies Inc., operator of stores like T.J. Maxx, Marshalls and HomeGoods, experienced a retail data breach that affected 94 million customers. Payment card information and customer return records, which included driver’s license numbers, military I.D. numbers or Social Security numbers, were stolen by hackers who were able to gain access to TJX’s computer systems that process and store transaction information. TJX reached settlements with a majority of entities in 2007 and 2008.

Home Depot

Target is not the only retailer that experienced a breach of their POS systems. In 2014, Home Depot announced that they had experienced a retail data breach affecting their payment card processing systems. The hackers were able to steal the payment card information of 40 million customers and emails of 54 million. Since the incident, there have been 57 lawsuits filed against the large retailer. While the company did not admit any wrongdoing, they say they settled so they could move forward and put the incident behind them without incurring further costs.

Hudson Bay

Hudson Bay, parent company of Saks Fifth Avenue and Lord & Taylor, experienced a retail data breach that affected the payment card information of five million customers in 2018. Most of the stores affected were located in New York and New Jersey. It is reported that the retail data breach only affected in-store purchases and did not affect its e-commerce sites. In a statement, Hudson Bay said they deeply regretted any inconvenience or concern the breach may have caused. They also said there was no indication that Social Security or driver’s license numbers were stolen.

Hannaford Brothers

In 2008, supermarket company Hannaford Brothers was breached. It affected just over four million customers. Malware was placed on 300 Hannaford servers as part of the retail data breach which allowed hackers to steal customers’ payment card details as they were used at the check-out. Of the just over four million customers who were affected, more than 1,800 reported their credit cards had been used.

As we recap the last 10,000 breaches, the ITRC hopes that we can help those impacted – both consumers and business fall victim to the nefarious acts of fraudsters – understand how to minimize their risk and mitigate their data compromises. If you received a data breach notification letter, don’t just toss it aside. Call us at 888.400.5530 or LiveChat to talk with a live-advisor on what you should do. If you are a business impacted by a data breach incident, please reach out to us to discuss how we can provide assistance to your impacted customers.

As part of this series, in our next 10,000 Breaches Later blog  we will take a look at some of the biggest business breaches since 2005 and what they meant for consumers. For a look at all of the ITRC’s 10,000 breaches blogs, visit idtheftcenter.org.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

10,000 Breaches Later: The Benchmark Breaches That Created Systemic Change

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches