A privacy law in California is changing and addresses biometric protection. As criminals find new and different ways to inflict harm, various laws have evolved over the years to address such needs. Driving laws, for example, have had to adapt to faster speeds, stronger engines, self-driving technology and cellular phones. Schools and medical offices have had to revisit their student or patient protections with the advent of computerized record keeping. Even sports organizations and their governing bodies have had to reevaluate their regulations in light of newer technologies and the studies behind sports-related injuries.

Update to the Information Practices Act of 1977

Now, a new privacy law signed by California’s Governor Gavin Newsom recently highlights the way that change can make a huge impact on a lot of people, especially where their privacy is concerned.

In California, a privacy law, the Information Practices Act of 1977, was still the deciding factor in prosecuting or filing civil suits in privacy cases. What lawmakers knew about personally identifiable information (PII) back then, as well as what criminals could do with it, was outdated, and it was time for a fresh look.

Now, thanks to the newly signed bill, biometric data is included in the kinds of information that companies must keep secured if they are going to gather it. As more and more companies use things like fingerprints or facial recognition software for a wide variety of purposes, the burden of protecting that information falls on them.

Change Needed Due to Increase in Data Breach Incidents Exposing PII

According to the Identity Theft Resource Center, the volume of PII exposed in data breaches increased by 126% between 2017 and 2018 to more than 446 million records exposed. The bill also re-examines how people must be notified in the event of a data breach. One of the positive trends in identity theft and fraud over the past few years has been the increasingly rapid response to breach events, especially in terms of notifying consumers quickly if they were victimized.

Perhaps the most important thing for lawmakers to recognize is the fluid nature of creating laws that protect the public. There have been cases historically in which a perpetrator of a heinous act was let go simply due to the fact there was no clear law in place to punish the offender. With updates to identity theft and privacy laws, the public will now be even more secure.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

New Texas Law Protects Victims of Coerced Debt

Popular VPN Provider, NordVPN, Breached by Hackers

Instagram Creates New Feature That Fights Phishing Attacks

Halloween is just around the corner, so what better time to talk about the scariest of all monsters? Zombies! And zombie apps.

Zombie apps are far more dangerous than the undead threat.

Worse, they move slowly, they can work in packs and if they get their teeth in you, you are done for. A zombie app or account is one that you do not use and may not even remember opening, but it is still lagging along out there in cyberspace with your identifying information. It might be a free trial you signed up for, a subscription service you cancelled but did not delete, a social media platform that is now defunct, a throwaway email you created that one time in order to bid on concert tickets or any other similar scenario. It can also be one of those multiple apps that take up space on your phone but you never use.

Unfortunately, just because you forgot all about it does not mean the zombie is not still sitting there. It is waiting to strike your zombie apps, or more accurately, waiting for the right hacker to bring it back to life and unleash it on humanity.

That is the real problem with zombies. You might have forgotten all about your old MySpace account, but the hackers who broke into MySpace’s servers and stole 360 million logins did not forget. If any of those 360 million account holders reused their username and password on another account—and, statistically, a lot of them did—the hackers now have access to that account, too. The MySpace zombie you forgot about came back, stalked around the internet slowly, then gave up access to your email, Facebook, Amazon or any other account where you reused your credentials.

There is another frightening thing about zombies on zombie apps: they may be slow, but they definitely move. The developer may have sold the zombie app to a company with different security protocols. Maybe the owner discovered a security flaw and issued an update, but since you have not opened it since 2009, you never installed the patch. Perhaps the company suffered a data breach and you never learned about it because you used a throwaway email when you created an account. Any of these scenarios can mean a zombie attack is coming for you.

How are you supposed to save yourself from the countless hordes of zombies out there?

If this was a horror movie, we would have to recommend taking them down and making sure you do not get bitten. Fortunately, the real answer is a lot easier and a lot less messy:

1. If you have apps on your device that you do not use, delete them. First, it will clean up some of your device’s memory and make it run better. Second, it will also be less of a chance that someone can work their way into your device via the zombie app. Don’t worry, you still own the zombie app and the account, it is just not accessible on your device until you reinstall it.

2. If it is an account that you created, either online or when you installed an app, that is a little trickier. You will need to go online to the company’s website and delete or deactivate your account. At the very least, make sure you change the password to something you will never accidentally reuse on another platform. If there is a profile section of your account, change any information that you can, like your email address, home address and phone number. Also, unlink your social media accounts from that account so that a data breach will not give the hackers access to your social media accounts as well.

3. Finally, develop good zombie defense practices to keep these creatures from coming for you in the future. If you are signing up for a new account or downloading an app, make sure it is one you need and plan to use, do not link your social media accounts to it, then make sure the password is completely unguessable and don’t reuse that password anywhere else.

Remember to just protect yourself and any tech users around you from these dangerous attacks.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Synthetic Identity Theft: The “Frankenstein” of Identity Crime 

The Dark Web is Actually the Boogeyman in Your Child’s Closet

Who’s Haunting You This Halloween? Spooky Scams and Cyber Nightmares

Be careful about what you are searching for online regarding your favorite celebrity because it could lead to malware attacks. Social media and the internet have given us unprecedented access to our favorite actors, singers, artists and other famous people. Celebrity searches, everything from fashions and the latest gossip to viral videos and streaming shows, let us follow our favorite stars everywhere they go.

Unfortunately, there is a hidden cost for the fans if you click the wrong link. Hackers have learned that our obsession with famous people is a good way to spread viruses and other malware to a lot of people with very little effort, leading to malware attacks.

All they have to do is embed the harmful software in the code, then release that tidbit of information, a stolen article, a pirated episode of their show or any other similar content online. The very thing we are craving, information or entertainment involving these stars, is the mechanism for infecting our networks and devices, increasing the risk of malware attacks.

Security software developer McAfee tracked which celebrities were most likely to be used in this way. Each year, they compile a list that ranks celebrity search results by the number of infected hits there are. This year’s top spot, for example, goes to “Handmaid’s Tale” actress Alexis Bledel. That is followed by talk show host James Corden, actresses Sophie Turner, Anna Kendrick and Lupita Nyong’o, comedian and talk show host Jimmy Fallon, actor and martial artist Jackie Chan, performers Lil Wayne and Nicki Minaj and finally actress Tessa Thompson.

The celebrities in this list are in no way responsible for the malware attacks and the harmful software that is being linked to their names. The film studios or recording labels for actors or singers are not responsible either. This is solely the work of hackers who follow what is trending online, nab an article of video, embed the virus and post it online. As people use search engines to learn more about their favorite stars, they click on the hackers’ links and infect their own networks.

This is especially dangerous if you accidentally download a harmful virus or malware at work, as every computer on your network may be infected and suffer a malware attack. The same is true of downloading this content using a school campus’ network. Even worse, if you are simply using a shared Wi-Fi network at a coffee shop, hotel or airport when someone else downloads celebrity-linked malware, you could be at risk of a malware attack.

To avoid this danger, be careful where you search and clicking on spoofed accounts or links. Only click trusted sources for information, and make sure that your security software is installed and updated regularly. Also make sure that your security software has a malware blocker, not just a scanner. A malware blocker will actively stop harmful software from downloading rather than just locating it after it is installed.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

New Instagram Feature Fights Phishing Attacks

TikTok Platform Found to Be Full of Scams and Fake Accounts

The Harm in Hoaxes on Social Media

Depending on where you live, your chances of becoming a victim of identity theft may increase, according to a new study by WalletHub. The study tracked three different avenues of this kind of crime and ranked each state by its prevalence in those areas. All fifty states and the District of Columbia were then assigned a ranking for each of the three areas, plus a combined overall score.

Top States for Identity Theft

Surprisingly, one of the longstanding frontrunners for identity theft just barely made the top ten. For many years, Florida has been one of the worst states for this crime, both in terms of total numbers of victims and in total the amount of money lost. According to these new findings, Florida is ranked 10th overall.

The factors the team used to come up with their scores included the number of per-capita identity theft complaints, per capita fraud complaints and the amount of money lost to these crimes per capita. When comparing the states with the highest numbers of issues to the states with the lowest numbers, they also discovered the difference between the highest and lowest was often exponential. Some top five states were twice as likely to have incidents as the lowest five. In some categories, the most vulnerable states were even five times as likely to experience this crime as the bottom five states.

The District of Columbia topped the list for the overall combined score. It was followed by California, Nevada, New Hampshire, South Carolina, Delaware, Louisiana, Texas, New York and Florida. Strategically, these states have very little in common in terms of location, population size or even income level. It goes to show that identity theft can be a crime of opportunity and intention rather than targeting.

You might breathe a little easier if you live in Missouri, Maine, Arkansas, Hawaii, Kansas, Oklahoma, West Virginia, Vermont, Wyoming or Kentucky. They ranked numbers 42 to 51, with Kentucky being the least vulnerable for identity theft. However, that does not suggest that residents in those states can let their guards down. It just means that they are less likely to be victimized than residents of other states, and not completely free of this crime.

No matter where you live, though, you can take proactive measures to reduce your risk of identity theft-related attacks. Freezing your credit report, practicing good password security, being mindful of oversharing your personal data and getting a good grasp on how to spot phishing attempts are all excellent ways to work towards a more secure identity.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

New Texas Law Protects Victims of Coerced Debt

New Report Finds DMVs are Selling Personal Information

Are You CyberSmart? Majority of U.S. Adults Lack Digital Knowledge

While data breaches of any kind are alarming enough, a business data breach that can leak information from an open database relating to national security can be very scary. For example, the Office of Personnel Management breach in 2015 leaked the complete identities, sometimes including background checks, fingerprints and even information pertaining to security clearances, for about 21.5 million people who work for or are related to an employee of the U.S. government.

A data breach of a hotel chain reservation system might not seem as significant as the OPM breach, but in its own way, it could be. Autoclerk, a reservation management system used by the Best Western Hotels and Resorts company, was the target of a breach of an open database that leaked names, addresses, birth dates, obscured credit card information, dates of reservations and even room numbers for thousands of people. In total, there are expected to be hundreds of thousands of individual reservations in the cache of data.

Hotel reservations might not seem that serious, but any data breach of government records is a notable event. It is especially troubling when many of these guests are military or government personnel traveling on official business. The information pertaining to locations, dates and names could prove useful to someone with an interest in it. The data from the open database contained past travel arrangements and upcoming scheduled trips for officials in the military and the Department of Homeland Security. The government records even reportedly included the names of officials who have scheduled trips to Russia and Israel, among other places.

What is worse is that the information from this data breach was discovered online with no encryption. Anyone who had reason to look for it could locate it and sift through its contents.

This is the kind of event that should serve as a wake-up call to anyone who uses technology. There is no such thing as a “foolproof” system that can keep every hacker out. It is up to individuals to do their part in keeping outsiders from finding out too much about their personal information and their activities. Protecting your information and your sensitive details should be paramount when operating any type of technology.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Popular VPN Provider, NordVPN, Breached by Hackers

FBI Warns of Hackers Bypassing Some Types of Two-Factor Authentication

Facebook Lottery Scam Brings Attention to Hoaxes, Phishing Attempts and Account Takeovers

One of the most baffling forms of identity theft and fraud is synthetic identity theft. This crime occurs when a would-be thief assembles an identity from stolen or assumed parts. It might be a name and birthdate gleaned from a computer record, an address made up on the spot, a Social Security number (SSN) concocted or stolen from a database of unissued numbers and an email address that has not been used in years.

Creating Frankenstein’s Digital Monster

According to the Identity Theft Resource Center, the volume of PII exposed in data breaches increased by 126% between 2017 and 2018 to more than 446 million records exposed. Marketplaces on the dark web then sell these breached records and by piecing it together, these random and disconnected pieces of information come alive to create a whole new non-existent person, one that credit reporting agencies and lenders have never heard of.

Much like Frankenstein’s monster, whose body (and therefore its’ identity )was created from various corpses’ parts, this new identity is out there in the world causing chaos and wreaking havoc, and no one knows how to locate it. Unfortunately, the very mechanism that is supposed to stop fake or erroneous credit applications from going through is the actual method criminals use to make it work.

What Comes Next

Once they have their Frankenstein identity in hand, the criminal begins filling out applications. These initial attempts get rejected because the creature has no credit history. However, filing an application and having it rejected actually creates the credit report.

After those first failed attempts, one of them goes through and the criminal’s fun begins. By using that new line of credit to make purchases, future credit applications get approved more often and faster.

One of the great conundrums about the story of Frankenstein is the ethics of killing a monster that is not really alive. The same is true of synthetic identity theft. How do you punish a criminal who has not actually stolen anyone’s identity? Of course, purchasing goods in a fake name and never paying for them is a crime, but it does not rank with identity theft in many people’s minds.

The Victims of Identity Crimes

There can actually be a victim, though. First, if the SSN the thief created actually matches someone’s legitimate number, that SSN can be tied to the criminal activity. More commonly, the SSN that was stolen from the list of unissued SSNs and used for synthetic identity theft eventually gets issued to a newborn applicant. This child may now have hundreds of thousands of dollars in debt that was accrued before they were ever born. This is one of the reasons why parents are being cautioned to freeze their children’s credit reports until they are adults.

While the reader is eventually led to feel sympathy for Frankenstein’s monster, all of his crimes aside, no one should overlook the damage caused by synthetic identity theft. As noted in the newest whitepaper by the Federal Reserve, “Detecting Synthetic Identity Fraud in the U.S. Payment System,” Auriemma Group estimates that synthetic identity fraud cost U.S. lenders $6 billion and accounted for 20% of credit losses in 2016. Retailers are stolen from, and a real individual could inherit a mess. There is no such thing as a victimless identity theft crime.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Somebody Has Accessed My Annual Free Credit Report

The Dark Web is Actually the Boogeyman in Your Child’s Closet

Are You CyberSmart? Majority of U.S. Adults Lack Digital Knowledge 

The process of ending a marriage can be lengthy and painful. During the months or even years it can take to finalize things legally, a lot can happen. In an all-too-common scenario, many people discover after their initial steps towards divorce that their spouse opened new credit cards or lines of credit in their names, leaving them with thousands of dollars of coerced debt.

While it has long been a crime to steal someone’s identity, a new law in Texas will protect victims of coerced debt and allow individuals to file charges against their exes for spousal identity theft. In some cases, stealing a partner’s identity can even be prosecuted as a form of domestic violence, according to the non-profit organization Vera House.

This law is not so much “new” as that it provides a very important clarification. Previously, identity theft was limited to using someone’s information without their consent. In the case of divorce proceedings, it might seem obvious that one partner in the marriage did not consent for their soon-to-be ex-spouse to use their information. However, in divorces in which domestic violence has played a role, this law now covers individuals who knew their information was being used during the time they were married but were powerless to stop it for some reason, leading to coerced debt.

Coerced debt is now a crime under this law. This can include a partner who has threatened you and one who has maintained tight control over all income sources. If you are facing a divorce and your partner has established debt in your name that you did not agree to but could not prevent for some reason, you may have options under this law. A qualified attorney, victim resource center or other agency may be able to tell you more, and the Identity Theft Resource Center is always available to help anyone with concerns or questions.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

One Simple Way to Not Get Your Twitch Account Hacked

Do Your Boss a Favor and Don’t Fall for a Gift Card Scam

Instagram Creates New Feature That Fights Phishing Attacks

Many security-minded tech users employ a virtual private network (VPN) when they’re online as their own private tunnel on the internet. But, it could be a bit of a disaster if someone managed to break into a VPN provider’s servers and uncover what its subscribers have been up to. That appears to be what happened to one of the world’s most highly recommended providers, NordVPN.

The Impact on Users

In response to the NordVPN breach, the company has issued a statement following online speculation about a breach of its system. Apparently, someone gained access to an expired internal private key, which let them recreate one of NordVPN’s servers on their own system. Some sources have said that the only way this would have been possible is if the hacker had “root access to a container server,” which would have let them uncover a lot of information, but that has not been confirmed by the company. In fact, NordVPN’s statement indicates that no compromising information could have been accessed since the company does not gather, store, or sell its customers’ logs.

While the company assures its users that their login credentials and internet activity could not have been accessed, it’s important to understand that tools like a VPN are only an additional layer of protection. They’re not meant to be the entire fortress that protects your browsing or your identity. Interestingly, two other VPN providers have been mentioned in this same incident as having also been breached, but those have not been confirmed.

Protect Your Browsing

Obviously, VPNs are supposed to keep people from being able to see what you do when you’re browsing, shopping, using your financial accounts, and more. Also, they have a special feature that allows you to “reroute” where the internet thinks you’re logging in from. That means someone in one country can use a VPN and appear as though they’re logging in from another country; there are quite a few legal reasons why someone might want to do that.

As such, everyone from privacy-focused parents who want to protect their kids online to journalists who are reporting from deep within a dangerous zone might benefit from a VPN. Business users are especially likely to use one since they can help protect proprietary information, keep sensitive documents from leaking to the public, safeguard new projects, and more.

Keep Up Your Identity Hygiene

Protect yourself online and via mobile by locking down your identifying information, securing everything with strong passwords, and using two-factor authentication when you can. Remember, cybersecurity is often a leap-frogging game of catch-up; as new security tools come to market, hackers find new ways to break into them or abuse them. Therefore, it’s important that you treat all of your security measures as safety nets, not the sum total of your online protection.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

One Simple Way to Not Get Your Twitch Account Hacked

FBI Warns of Hackers Bypassing Some Types of Two-Factor Authentication

Are You CyberSmart? Majority of U.S. Adults Lack Digital Knowledge

Two-factor authentication is a security protocol that requires users to take an extra step whenever they log in. For example, you open your online banking app and enter your username and password, and then wait a few seconds for a text message or email that contains a six-digit code. You enter that one-time code into your banking app, and you are in.

Two-factor authentication provides an extra layer of security for your accounts, especially ones that contain sensitive data or financial access. It is a great way to keep criminals out of your accounts, especially if your personal information has been stolen in previous data breaches. With two-factor authentication in place, a hacker who managed to steal your login credentials cannot sit at their computer half a world away and get into your bank account because they do not have your phone in order to receive that code.

Unfortunately, hackers work very hard to stay one step ahead. There are a variety of ways that two-factor authentication has been cracked, sometimes with disastrous results. Hackers might steal access to the entire inner workings of your smartphone by going through your cellular provider, and therefore getting the login codes as well. Other hackers have created fake websites that look like the real thing, tricking you into entering both your login credentials and your code, although this one is a little more difficult. Hardest of all, though, are the criminal operations where hackers are actually waiting at the time of login; you type your username, password and unique code, and hackers were “watching” the site while you typed.

Fortunately for most consumers, the effort it takes to breach two-factor authentication is so involved that it is usually reserved for things like cryptocurrency trading websites and online marketing. That does not mean you are completely safe if you do not trade in Bitcoin or make money from YouTube advertising, but it means that you are less likely to draw that kind of effort.

The important takeaway is that even with the potential for being breached, you are still far more protected from everyday cybercriminals if you use two-factor authentication than if you do not. Think of it like the safety restraints in your car; yes, in extremely rare and unpredictable circumstances, there have been vehicular deaths associated with the use of a seat belt or an airbag. However, seatbelts and airbags save lives literally every day, so you would never disengage them on the off chance that they could cause harm.

The same is true of two-factor authentication. Enabling two-factor authentication on your accounts will not hurt you more than not having it, as hackers were trying to get into the account for some reason. Not having it in place, though, could invite lower-level hackers who do not need special tools and know-how to steal from you.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

One Simple Way to Not Get Your Twitch Account Hacked

Do Your Boss a Favor and Don’t Fall for a Gift Card Scam

Instagram Creates New Feature That Fights Phishing Attacks

Those fun quizzes you can take on social media where you have to identify characters from ‘90s TV shows or figuring out what kind of pasta you would be based on your answers are not the only online tests that make security experts cringe. While those are often fraught with danger, such as viruses or data mining, a recent  quiz from the Pew Research Center tackled different aspects of digital knowledge.

Could you answer the ten questions correctly? Do you know what “https” indicates on a website? Do you know how social media platforms earn money to stay in business? Do you even know who Jack Dorsey is?

Unsurprisingly, the majority of the survey’s 4,272 American adults lack digital knowledge and did not do as well as they might have hoped. For example, only 28 percent of the respondents could correctly identify an example of two-factor authentication; not explain it or tell why we need it to protect ourselves, but even point to an example of it. Only 24 percent knew what “private browsing” really means—and no, it does not mean that companies cannot track your internet history and use that information—and less than half of the respondents knew what net neutrality is.

As you might expect, the correct answers varied with things like age and educational level. To be fair, Mark Zuckerberg might be more recognizable than Jack Dorsey (owners of Facebook and Twitter, respectively) simply because Zuckerberg has been in the news a lot more for some of the data gathering and privacy foibles that have been linked to Facebook.

Fortunately, this is not the kind of test you need to cram for. If you do not know all the ins and outs of net neutrality or phishing scams, you can read up on those online. No, you do not really need to be able to recognize Jack Dorsey’s picture unless you plan to pick him up at the airport, and even then, you could just hold up a sign with his name on it.

However, you have to have digital knowledge on how to protect yourself online. That means avoiding oversharing on social media platforms, locking down your important accounts with both strong passwords and two-factor authentication, spotting a scam or fraud attempt that arrives digitally or by phone or mail and knowing how to respond to a data breach notification letter. Do you know how to freeze your credit report? Do you know why “password” is a terrible password? Do you know that connecting your social media accounts to other apps you use can result in having your personal information gathered and sold?

If you do, congratulations! You passed!

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Facebook Lottery Scam Brings Attention to Hoaxes, Phishing Attempts and Account Takeovers 

One Simple Way to Not Get Your Twitch Account Hacked

Instagram Creates New Feature That Fights Phishing Attacks