In 2012, Facebook was sued by the Federal Trade Commission (FTC) for misleading consumers about their privacy. One example of their misleading promises was the extent to which they shared user information. Mobile applications used by one consumer were allowed to access the information of that consumer’s friends even though the friends did not grant permission. The 2012 settlement from the FTC required Facebook to tighten its privacy policies and put penalties in place for misleading statements to consumers.

Facebook violated the FTC’s orders by allowing third-party companies access to consumer information they did not want to be shared. This scandal came into the limelight in 2018, with investigations looking back at least four years to determine wrong-doing by the social media company. Facebook and the FTC announced last week that a settlement had been reached of $5 billion, the largest in history for this type of offense. The settlement is not only monetary fines, but also requires a change in Facebook’s privacy policy to comply with new standards.

Some of these standards include creating a system of checks and balances within the company to ensure consumer privacy is being properly handled, and removing CEO Mark Zuckerberg from complete control over privacy decisions. They also outline specific rules Facebook, Inc. must abide by when it comes to consumer privacy.

More Control Over Third-Party Apps

The FTC is requiring Facebook to exercise more control over applications granted access to their platforms. App developers who want to integrate with Facebook must certify compliance with Facebook’s policies and justify the need for consumer data. The social media giant must regulate the acceptance of their policies and stop creators from accessing the platform who do not meet the standards.

Prohibited to Sell Phone Numbers

The settlement ruled that Facebook is not allowed to use or sell user-provided phone numbers for advertising. This pertains to phone numbers given to Facebook for security reasons, like getting texted a code when you are logging in to a new device for two-factor authentication. This does not mean advertisers are prohibited from collecting your contact information in other ways. For example, if you fill out a form on Facebook where a company asks for your phone number and you provide it willingly, that company is entitled to use your phone number as in accordance with Facebook and their privacy policies.

Restrict Facial Recognition Technology

You have probably noticed facial recognition technology when uploading photos to Facebook. The platform often auto-suggests friends for you to tag in the pictures. The FTC is requiring Facebook to provide clear notice, absent of misleading messaging, to consumers and obtain consent from users when it uses facial recognition software.

Implement a Data Security Program

While the FTC does not go into very much detail about this requirement, Facebook will be forced to maintain a “comprehensive data security program.” Meaning it will not only have limits on how they can use and sell consumer information, but they will also be held to a high standard to protect user-information from outside sources.

Encrypt User Passwords

Facebook notified the public earlier this year of misuse of stored user passwords. The passwords for some users were stored as plain text for anyone in the company to access easily. Part of the FTC settlement requires Facebook to encrypt passwords and regularly check whether they are stored in plain text.

Limit Asked Information

According to the FTC press release, “Facebook is prohibited from asking for email passwords to other services when consumers sign up for its services.” Meaning Facebook cannot require users to disclose information about other platforms they might be a part of, even if owned by Facebook, Inc.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Facebook Privacy Settlement Shows New Industry Trend

New Tool Helps Consumers Make Sense of Data Breaches

What Does the Equifax Settlement Mean for its Data Breach Victims?


Capital One, Who’s in Your Wallet?

Announced Monday, July 29, 2019, a Capital One Data Breach puts 106 million consumers at risk. The credit card company released a statement citing “unauthorized access by an outside individual” that occurred in March of 2019, as the cause of data breach. The breach puts consumers at risk who applied for a credit card with Capital One and their existing customers. The company approximates that 100 million Americans and 6 million Canadians’ information was exposed.

Small businesses and individuals were victims in the Capital One data breach with information disclosed including name, address, date of birth, email address, credit scores, credit limits, payment history, and balances. Roughly 80 thousand linked bank account numbers of credit card customers were also exposed. Capital One reports that no credit card information was compromised. They also say 99 percent of Social Security numbers (Social Insurance numbers for Canadians) were not exposed, although 1 percent of 106 million is still 1.06 million affected consumers between the U.S. and Canada.

Take Action Now

If you are a victim of the Capital One data breach, the company has announced it will “notify you through multiple channels.” Lacking specifics, Identity Theft Resource Center suggests taking a proactive approach if you think you could be a victim of the breach.

Freeze Your Credit

This includes steps like freezing your credit report and checking financial statements. Try logging onto your account to see if there are notifications regarding the breach waiting for you.

Be Aware of Scams

Also, be wary of anyone calling in regards to the breach and asking to collect personal information. Capital One is not notifying victims via phone and asking for Social Security numbers or financial information, if someone contacts you in this regard it is a scam.

Document Your Steps

Also, start documenting your activities utilizing the ITRC’s ID Theft Help App – that way if you need to provide the documentation on what you’ve done in the future, you have recorded the time and effort you’ve spent.

While there is no proof that the compromised information has been used to commit identity theft or fraud, there is no time limit on identity crime. Millions of user information has been exposed, and there is no taking it back from the hacker or the places she chose to distribute it. The victims of the Capital One data breach will be offered credit monitoring and “identity protection” at no-cost, but the company does not offer details on the length or terms of these services.

The credit card company says the data breach was allowed by a configuration vulnerability and they have since fixed the issue. Capital One also worked with the Federal Bureau of Investigation (FBI) and the alleged hacker has been arrested, an unusual event compared to most data breach cases.

Sign Up For Identity Theft and Data Breach News

Sign up for the TMI Weekly to stay in the know about potential threats to your identity/privacy and tips to keep you safe. Our monthly breach alert keeps you posted on the latest trends and activity in the world of breaches.

Free Identity Theft Assistance

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

This news is currently evolving and we will update as announcements are made available.  

You might also like…

How to File an Equifax Claim for Data Breach Settlement

How To: Place a Free Credit Freeze

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches


People can now begin to file an Equifax claim for the recent data breach settlement. In 2017, Equifax, one of the three largest credit reporting agencies in the world, announced that it had suffered a data breach. More than 148 million consumers’ identities had been stolen. This month, a settlement was reached in the class-action lawsuit was filed with a federal court, and as a result, Equifax has now launched its claims process to help anyone who may have been a victim.

Before finding out what support you may be eligible for, it is important to know whether or not your information was affected in this breach. The website for consumers concerned about the Equifax data breach settlement has a very handy button that will provide that info for you. All you need to do is enter your last name and the last six digits of your Social Security number, and the site will immediately tell you whether or not your data was compromised.

If you discover that your personal identifiable information (PII) was compromised in the Equifax breach, your next step—should you choose to participate in the class action suit—is to continue filing on the screen. You may be eligible for credit monitoring, identity restoration if your information was fraudulently used and a partial refund if you had already been an Equifax credit monitoring customer.

There are some important things to remember about filing:

Decide what action to take

If you are going to file an Equifax claim, you must do so by January 22, 2020. However, if you wish to state that you are not participating, the deadline to do so is November 19, 2019. If you choose to simply do nothing, which is also an option, the November deadline is only for intentionally opting-out or filing an objection to the suit.

Because this claim process has just launched, the ITRC recommends that you consider all of your personal circumstances and how the breach and any subsequent identity crime issues impacted you before you jump into submitting your claim. While the process of recovering after an identity theft incident is costly in time, personal impacts and financial ramifications, filing without thinking through all of the possibilities or having all the supporting documentation could short-change your identity hygiene in the long-run.

Determine what kind of claim you need to file

The deadline for filing an Equifax claim—again, next January—includes filing for reimbursement of out-of-pocket expenses related to this breach, filing for a refund of Equifax products you would already purchase and filing a claim for credit monitoring. If you already have credit monitoring, you can also file for one-time compensation to put towards your existing service.

Section 1 Credit Monitoring: Free Service or Cash Payment

Submitting a claim can be “overwhelming,” so take it slow. At the very least, you should claim the free credit monitoring for up to 10 years.

Option 1

Option 2 If you already have credit monitoring, then you can claim a cash payment of $125.

Section 2 Cash Payment: Time Spent

Proving the out of pocket expenses could be difficult for victims filing an Equifax claim; “Pointing to a particular compromise and saying that it is the one that caused an issue is extremely difficult,” says Eva Velasquez, president, and CEO of the Identity Theft Resource Center.

In order to become a strong advocate for your case to repair your identity, it is vital to organize your case this includes dated notes, receipts, and summary. The free ID Theft Help App provides an electronic case log feature to track the details of your case.

For example, if you spent time speaking with an Identity Theft Resource Center advisor who helped you remediate your case, you could log that time.

Important Documents

Section 3 Cash Payment: Money You Lost or Spent

Depending on the state you live in, credit freezes were not free to all American consumers prior to September 2018. If at the time the Equifax breach was announced and you decided to pay to freeze your credit, you could be reimbursed those expenses. For example, some consumers paid $10 per bureau to freeze their credit ($30 altogether) as well as having to unfreeze your credit every time you tried to apply for a new account.

Due to the breach actually occurring in May 2017, you could be reimbursed for costs, expenses or losses due to identity theft even before it was announced on September 2017.

Even if you choose not to take part in this class-action suit and your information was compromised in this breach, you are still eligible for the next seven years for identity restoration services. Just because your information has not been used yet, that does not mean it will not happen down the road. After some time, if your identity is fraudulently used, you can still access Equifax’s offer up until January 2024.

Considering placing a freeze on your credit

Whether or not you participate in this suit, it is a good idea to place a freeze on your credit report regardless of whether your information has been compromised (in this or even other data breaches). It is now free to freeze and unfreeze your credit report, but do keep in mind that it can take a little time.

All of the documents, dates, claims process and FAQs can be found on the website that has been built to support Equifax claims. If you are not sure if your information has been affected or if you know it has and need further support, visit

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Facebook Privacy Settlement Shows New Industry Trend

New Tool Helps Consumers Make Sense of Data Breaches

What Does the Equifax Settlement Mean for its Data Breach Victims?


By Eva Velasquez, CEO & President of Identity Theft Resource Center

The Federal Trade Commission (FTC) and Facebook, Inc. have reached a settlement regarding misuse of user data and privacy standards. The Facebook privacy settlement includes $5 billion in fines, the largest penalty in history for this type of offense and almost 20 times more than the previous record holder. This announcement comes just two days after the Equifax settlement was announced, another record-breaking fine of $700 million for a data breach.

The 20-year settlement requires Facebook not only to pay, but also to update their privacy policy and standards for all entities. This decision from the FTC continues to move the needle in the right direction for the industry. It says to businesses that consumer privacy matters and companies are expected to protect data from cybercriminals and would-be data thieves that seem to be acting as legitimate businesses. Failure to protect consumer data and privacy will have powerful consequences.

The Facebook privacy settlement comes a little over a year after the Cambridge Analytica security incident shone a light on the company’s policies. Typically settlements for consumer privacy issues are long processes and a two-year settlement is unusual. It is Identity Theft Resource Center’s opinion that the public can expect many more settlements to be reached over the next 18 months to two years given the current precedent that is being set with this week’s cases. Companies may be more likely to settle now before January 2021 after these two incidents of similar gravity have been finalized, especially given that they will not know what to expect under the potential for a new regulatory climate.

As evidenced by the two dissenting opinions, some professionals still feel that this is not enough to actually discourage the lack of seriousness toward protecting consumers’ privacy. The $5 billion Facebook will pay of the settlement is only about 9% of their total 2018 revenue. While the dollar amount is considered large, the percentage could be seen as merely a slap on the wrist for a company like Facebook. Fines and penalties should not be viewed as a cost of doing business and need to be severe enough to elicit effective organizational changes around privacy and security.

We should also focus on the additional mandatory privacy standard requirements of the settlement. The large monetary penalty gets most of the attention, but the evolution of privacy standards is just as, if not more, important. The framework includes creating a privacy committee, shifting the complete consumer privacy control away from CEO Mark Zuckerberg, holding individuals accountable with compliance officers, evaluating policy by third-party independent assessors and reporting incidents of misuse of data for 500 users or more. More segregation of consumer privacy decisions, systems of checks and balances and reports of misuse are important. We should not lose sight of this part of the settlement and continue to petition businesses to uphold rigorous privacy standards and protect consumer data.

We believe this is the tip of the iceberg and we will continue to see more of these types of post-breach settlement activities over the coming months. We truly hope that as industry and regulatory bodies sit down at the table, they keep the consumer/victim in mind. At the end of the day, it’s the individual that will bear the brunt of poor privacy and security policies by businesses

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Facebook Rolls Out Privacy Updates – Here’s How To Check Your Settings

New Tool Helps Consumers Make Sense of Data Breaches

What Does the Equifax Settlement Mean for its Data Breach Victims?


The Federal Trade Commission (FTC) announced July 24, 2019, that they have reached a settlement with Facebook, Inc. The social media giant received the largest fine in history for violating consumer privacy and were ordered to pay $5 billion – roughly 20 times the last largest fine of this kind. This comes less two years after Cambridge Analytica was found using millions of Facebook users’ data that brought the companies privacy practices into the limelight.

As part of the Facebook settlement, the FTC has ordered the company to make changes to their current standards of privacy. The changes will start at the board level – and will trickle down through their executive ranks – including increases in transparency and holding individuals within the organization accountable.

What Does This Mean for Social Media Users?

Just within the United States and Canada, 185 million people use Facebook on a daily basis. This enormous number represents just how integrated the company is in the daily lives of citizens and does not even account for the other Facebook, Inc. entities, like Instagram and WhatsApp.

Social media users should expect to see more updates and changes to privacy policies on Facebook, Inc. applications. Similarly to the last time Facebook updated their privacy policy, other social media companies – like Twitter and Snapchat – are likely to proactively update their standards as well. This means users will probably be receiving emails and in-app notifications of updated privacy policies. It also means they might have more control over the information they choose to make available to Facebook and third-party partners. Identity Theft Resource Center always encourages users to read privacy policies in order to know exactly what companies can do with your data. We also highly recommend reviewing your current privacy settings on all online accounts to make sure you are comfortable with the information shared.

When these changes are expected to roll out is unknown, as Facebook’s settlement with the FTC is a 20-year plan. Likely, initial changes will likely start to happen within the coming weeks and continue to be updated on a regular basis. Users may not see immediate changes to their how they are able to interact with the platform or its sister properties, Instagram and WhatsApp.

What Does This Mean for Facebook?

On Facebook’s website, the company says this decision has come after months of negotiations with the FTC. The statement also says the settlement will require a “fundamental shift” in Facebook’s approach at every level of the company in terms of privacy and that they hope to be a “model for the industry.”

Requirements of the Facebook settlement include establishing an independent privacy committee, removing CEO Mark Zuckerberg from complete control over decisions that affect user privacy. Compliance officers will be appointed throughout the company that will report to the FTC quarterly regarding the new privacy standards being upheld. Also, third-party assessors will be evaluating Facebook and identifying any issues.

Additionally, Facebook will be required to document cases when data of 500 users or more is compromised and notify the FTC within 30 days of the discovery.

On top of the $5 billion fine from the FTC, Facebook will pay an additional $100 million to the Securities and Exchange Commission (SEC). This fine came after it was discovered Facebook made misleading claims about the misuse of user data. The SEC’s statement said Facebook acted as though the situation were merely hypothetical when they knew the data had in fact been misused. The $100 million fine is the highest penalty to be paid because of this type of lack of disclosure according to the SEC.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Facebook Rolls Out Privacy Updates – Here’s How To Check Your Settings

New Tool Helps Consumers Make Sense of Data Breaches

What Does the Equifax Settlement Mean for its Data Breach Victims?


By Eva Velasquez, CEO & President of Identity Theft Resource Center

The Equifax data breach of 2017, exposed the personal identifying information of over 148 million Americans. One Hundred Forty-Eight Million. To not be affected by, or know someone affected by the breach was nearly impossible. The data exposed was some of the most personal, like Social Security numbers, full credit histories, financial account information and names and addresses. The breach had a strong negative impact and broke consumers’ trust. Equifax – one of the three main credit reporting agencies (CRAs) – was widely regarded as a dependable company and a necessity to work with to be able to secure lines of credit. Americans gave them personal information in exchange for a necessary service, and Equifax failed to protect them.

Now, an Equifax data breach settlement has been reached in the case of the 2017 incident. The credit reporting agency will pay up to $700 million, the largest breach settlement to date. The funds will be split between paying civil penalties and compensating victims. While a large amount of dollars dedicated to Equifax’s efforts to correct their wrongs can be seen as a good thing, the way these dollars will be dispersed among the effected population is relatively unclear.

At least $300 million and up to $425 million of the settlement will go toward victim redress. This includes providing free credit monitoring, reimbursing victims who paid out of pocket to protect or recover their identity and offering identity recovery services. However, the weight will still be placed on the consumers. Victims will have to file a claim, a process that still has not been disclosed, to receive any of the compensation pool. For now, the Federal Trade Commission is recommending that victims save all physical evidence of efforts to secure their identity because of the Equifax data breach and sign up for email updates. Putting the burden of proof on the consumer, not the company responsible for the breach.

Many questions remain: What victims will qualify for reimbursement? How will victims provide accurate evidence of their efforts and misfortunes? Is this fund only for victims who purchased identity theft services? What is the option for victims who did not have the resources then or now to purchase paid services or avail themselves of free services like those Identity Theft Resource Center provides?

Read next: How to File an Equifax Claim for Data Breach Settlement

If all victims filed claims and funds were distributed equally to all 148 million people, each would receive fewer than $3.00 in funds or cost of assistance. This does not accurately reflect the true value of the data that was compromised. Additionally, while the free credit monitoring services offered can span up to 10 years – a large increase from the historical settlement of 1-2 years – identity theft has no expiration date. The threat of identity theft does not decrease as more time passes from the date of the breach. The victims are perhaps more vulnerable as time goes on and they become less diligent in reviewing potentially affected accounts. Personal identifying information can be used to commit identity theft or fraud no matter the date it was exposed. There is no timeline for identity theft, but there is a cap on how many years Equifax will provide free services to victims per the settlement.

The other $275 million of the settlement will be used to pay civil penalties – $175 million to 48 states, Washington D.C. and Puerto Rico and $100 million to the Consumer Financial Protection Bureau. We believe the best use of these dollars would be funding consumer assistance programs within these organizations to continue to help victims of this and other data breaches.

In addition to the monetary payout, the settlement also requires Equifax to comply with more rigorous security standards. While this is not as flashy as a large dollar amount, it is perhaps even more important. It is the industry saying we need to hold our companies more accountable for the privacy of consumers. These standards include regular audits, dedicated staff for security and third-party safeguards. While a step in the right direction, companies must remember the speed of which the industry changes. The best security standards by today’s measures might be the worst a year from now. We must continue to petition businesses to protect consumer privacy and urge consumers to take the necessary precautions to minimize their risk of identity theft and fraud.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us.

If you are a member of the media and would like to contact ITRC regarding the Equifax breach, please email

For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

How to File an Equifax Claim for Data Breach Settlement

New Tool Helps Consumers Make Sense of Data Breaches

How To: Place a Free Credit Freeze

In 2017, criminals accessed Equifax’s database of consumers exposing the personal identifying information of over 148 million Americans. Equifax, one of the three main credit reporting agencies (CRAs), noted that Social Security numbers, addresses, birth dates and credit card information were all apart of the information exposed. This data breach created an increased risk of identity theft for millions of Americans. Now over two years after the breach was reported, a settlement has been reached. Details are still emerging but it’s important to understand the basics of what we know today.

The Equifax settlement agreed to pay up to $700 million dollars for harms caused by the data breach – the largest monetary settlement in data breach history. In the settlement, filed on July 22, 2019, Equifax agreed to spend up to $425 million to help the victims of its 2017 data breach. An additional $275 million will be spent to pay civil penalties. Also included in the Equifax settlement is the requirement to update security protocol and increase measures to protect consumer information.

If your information was exposed in the data breach, Equifax should have notified you directly via mail. A part of the settlement, a new breach claim site will also have a tool for consumers to check if their information was exposed. If you were affected by the breach, the Equifax settlement is offering certain benefits to minimize your risk of identity theft.

Settlement Benefits for Victims

First, Equifax will provide a total of up to 10 years in free credit monitoring services. The first 4 years will be provided for all three major CRAs – Equifax, TransUnion and Experian. Then Equifax will provide the services for monitoring their report for an additional 6 years. If you were a victim of the breach and a minor, even more services are available at no cost. If victims choose to opt-out of the free credit monitoring option, they may be eligible for a $125 cash payment.

Second, victims who have already dedicated resources to protecting their identity because of the Equifax breach could be reimbursed up to $20,000. This includes time spent protecting your identity or efforts to recover it. It also includes any money spent like the cost of lawyers or fraudulent financial charges. It’s unclear what the specifics behind how to obtain this reimbursement, but consumers will most likely bear the burden to prove the impact in order to receive compensation.

Finally, if you did fall victim to identity theft because of the breach Equifax is providing free restoration services. These services are offered for up to seven years and can be used if someone steals your identity or if you are a victim of fraud. Again, it’s unclear how consumers will have to prove that they were directly victimized as a result of the breach, but as details emerge we will share information.

As of July 24, 2019, the settlement administrator is now accepting claims. The deadline to file a claim is January 22, 2020. Find the full details here:

Read our guide on How to File an Equifax Claim for Data Breach Settlement

Beyond the financial impacts of the breach, nearly 90 percent of respondents said they experienced adverse feelings or emotions within one year of the initial event as reported in The Aftermath: Equifax One Year Later study by Identity Theft Resource Center.

Stay Updated with Alerts

The Federal Trade Commission (FTC) says the settlement is still in process and claims can be made after court approval. The FTC is regularly updating information as it becomes available at

Steps to Reduce Your Risk

Being a victim of the data breach does not automatically make you a victim of identity theft; however, it does greatly increase your risk. There are some steps ITRC recommends that can reduce your risk of identity theft. You can also call to speak with one of our expert advisors at no-cost at 888.400.5530 or livechat to learn more about your risk and preventative measures.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

How to File an Equifax Claim for Data Breach Settlement

How To: Place a Free Credit Freeze

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches


There are countless moving parts when it comes to planning your wedding, and many of those parameters can lead to scams and fraud. Wedding scams can turn your dream day can turn into a nightmare.

Say yes to the dress but no to scams. Wedding dresses that do not look like they did online and photographers who do not produce the photos of your big day despite advance payment, are just the tip of the wedding scam iceberg. Some bride and groom related scams can lead to identity theft, online account takeover and even home invasions. Here are just a few possible ways those planning a wedding can fall victim to a scam.

Social Media Oversharing

Your engagement means you will be planning a wedding, booking a honeymoon and perhaps looking for a new place to live. It could even mean expensive gifts will be arriving at your residence. Social media is great for keeping your friends and family updated on your wedding preparations, but it can also have some pitfalls.

If you do not choose to keep your posts private, then you need to be on your guard against too-good-to-be-true offers and advertisements. Worse, a bride-to-be could be sharing both her married name and her maiden name with a would-be identity thief, or alerting a burglar to a possible payday.

Honeymoon Travel

Whether you are taking a far-flung distant trip of a lifetime or a more low-key weekend getaway, your honeymoon does not need to be ruined by a travel scammer. From phony listings, reservations that steal your credit card information and bookings with bogus hidden fees, there are a lot of ways someone can take advantage of your finances and your identity.

To avoid this trap, only use reputable sites that you can trust with your private information, and monitor the payment accounts you used carefully for any sign of fraudulent activity. Remember, this is not only true for your pre-wedding planning. Follow up in the weeks and months after your trip to make sure nothing is amiss.

Gift Registries

If you are accepting gifts from your friends and family, a gift registry really does help them out. It can provide a wide price range to choose from, and helps ensure their thoughtful gesture is really something you want or need – but no one needs identity theft.

Establishing an account with a reputable online retailer with a proven history of security gives peace of mind about making an online purchase. You will also have a better chance of receiving a tracking number for purchases, as well as customer service protection.

Credit Reports, Social Security Cards and More

Part of getting married inevitably involves your government documents. Some brides choose to change their last names, which means applying for new drivers’ licenses, Social Security cards, credit cards, insurance benefits and more. Newly married couples may also need new tax withholding forms, wills, insurance paperwork, utility or rental agreements and other similar considerations.

What it boils down to is an abundance of paperwork with your complete identities on it, waiting to be stolen, copied or forged. It is vital that newlyweds keep all of their important papers secured and out of sight, and destroy completely before discarding. That might mean adding a home-model cross-cut shredder to your gift registry, just to be safe!

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Is Deepfake the Next Step in Cybercrime?

Things to Consider When Using VPN

New Tool Helps Consumers Make Sense of Data Breaches

You might just be asking what exactly even is deepfake? Well, deepfake is the technique of superimposing existing images and videos using machine learning. You could be hearing about it more recently since the actual term was coined in 2017 but deepfake has been commonly used by the film industry for many years.

The 1994 Academy Award-winning film Forrest Gump relied on expert video editing to insert actor Tom Hanks into actual footage reels of famous historical events. From meeting different U.S. presidents to standing next to Martin Luther King, Jr. during a well-known speech, the fabrication was both entertaining and poignant.

However, was it scary? Perhaps. Could we ever again trust what we saw with our own eyes?

A new potential threat called “deepfakes” might answer that question. The concept of a deepfake, a combination of the words “deep learning” and “fake,” is a real person’s face and voice, but they have been altered to speak someone else’s words in a recorded video. That video could then be widely shared, and unsuspecting viewers might not know the difference.

Some of the most widely viewed deepfakes involved celebrities who appeared to be starring in adult videos, except they had never actually filmed in those situations. The infamous deepfake video of former President Barack Obama portrays him using profanity while appearing to look directly into a camera for an interview, something he never recorded.

While those celebrity sex tapes and the Obama video got a lot of attention, the bigger concern is what happens when it is not a famous person and not obvious the video is fake? What happens when it is an executive within your company sending a video message over a messaging platform, telling you to change account numbers or passwords? What if it was your grandchild claiming to be kidnapped and needing ransom money right away? What if it was your face and voice, agreeing to have your account numbers changed or authorizing someone else to use your account?

When identity theft first began to be recognized as increasingly widespread crime, victims discovered that law enforcement agencies’ hands were tied. There were no laws enacted to protect victims. As laws changed around the country to respond to ID theft, more consumer protections were put in place.

Deepfake can be a crime depending on how it is used. Making an altered image of someone engaged in an embarrassing situation is becoming a crime in certain places under “revenge porn” laws. If the deepfake is used for things that are already a crime, such as stealing money from the victim’s bank account or workplace, then it could be covered under existing theft laws. If someone merely posts a video of your image and voice saying things you do not agree with, it might not fall under existing identity theft laws.

Fortunately, the chances that video editors with this kind of skillset will target individual citizens just for entertainment is small. What you have to be concerned with is its believability. As the old adage says, you cannot believe everything you read on the internet. Now that goes for what you see and hear as well. Make sure you are using caution and discernment before sharing content or making significant decisions based on video evidence because it could be a deepfake.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

How To Spot a Fake Website

Things to Consider When Using VPN

New Tool Helps Consumers Make Sense of Data Breaches

The internet may be abuzz once again with users sharing images from their FaceApp filters, but security experts are treading carefully. The AI-powered photo editing app, which provides fun filters to enhance your pictures of your face, became a viral sensation when it launched in 2017.

When it first became popular, FaceApp had a fairly convincing filter that would change the gender appearance of the person in the photo. Now, it is once again sweeping social media for its old-age filter. Everyone from school kids to celebrities are sharing pictures of how they are going to look when they are nearly 80-years-old.

However, it is not exactly harmless fun. The terms and conditions for this Russian-owned app have alarmed some security experts and privacy attorneys. The app developer being outside the U.S. is not why it is problematic. In fact, their servers where the photos are stored are located in the U.S., Ireland, Singapore and Australia, and are hosted by U.S. companies like Amazon and Google.

What has raised red flags for experts is where the photos are stored. Rather than applying the filter to the image in the phone the way a colorizing filter might happen, the user must submit the photo to FaceApp’s servers in order for the filters to be applied. Those photos are then kept on the server, and the terms and conditions state that FaceApp can do nearly whatever they want to with the photos once the user submits them.

Reactions have ranged from “no big deal, lots of companies have users’ photos” to “this just proves they are developing facial recognition software to spy on us!” What are we actually supposed to believe and what are we supposed to do about it?

The first answer is simple: nothing. If you are not concerned with your photo being used by a third-party company, then carry on. There were initial concerns that uploading one photo actually gave access to your entire camera roll in your phone to FaceApp, but that does not appear to be the case.

If you are someone who values your privacy in these matters, then this might be one of those apps that is not for you. If you do not want your children using this app, or their friends uploading your child’s picture, then you need to have a talk with your kids about digital safety and security. If you are worried about the future of facial recognition software being used in harmful ways, then you might not want to add your picture to the database of more than 150 million users’ photos that FaceApp has already collected.

The biggest issue with this news is not what FaceApp could be doing with it. Rather, how users have become very quick to download and use the latest fun app without really paying attention to the terms and conditions. If you do not know what permission you have given an app, how will you know if the app does something you are not comfortable with?

Remember that it takes money to build a platform or an app. If someone is letting you use it for free, you should proceed with caution. They are getting paid somehow, and in many cases, their income is from the user data they sell. If you are not having to pay to use it, either advertising dollars or your information are probably providing that revenue. Again, it might be harmless data that you do not mind sharing, but if you did not understand the terms and conditions, you could find out its information or purposes you are not comfortable with.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Is Deepfake the Next Step in Cybercrime?

Things to Consider When Using VPN

New Tool Helps Consumers Make Sense of Data Breaches