Car safety does not just apply to how you drive. It also applies to what you leave behind. Our vehicles can often feel like a home away from home, especially for busy people with a lot on their plates. At any given time, your car might contain a change of clothes in your gym bag, some snacks or your lunch, a few extra water bottles that were supposed to go in the house and other random supplies that see us through the day.

While there is little harm in leaving some band-aids and spare change in the car, there are certain items that should not be left in a vehicle. Medicines, food, important papers, documents and even your devices should never be unattended, even in a locked vehicle.

Unfortunately, this practice is all-too-common, especially in the connected-everywhere world we live in. Leaving laptops, tablets, smartphones, wallets and even GPS-based devices in your vehicle can have disastrous results if an identity thief helps themselves. Here are some things to do when considering car safety:

Safety First

All concerns about your identity aside, keeping these kinds of items in your vehicle can be a problem in a collision or other kind of accident. A briefcase or electronic device on your front seat can become a projectile under the wrong conditions. A heavy backpack or briefcase can also trigger the airbag sensor in your car, making a minor accident in which the driver’s airbag deploys even more expensive if the passenger-side airbag goes off needlessly.

Enact car safety and lock up all bags and devices that are not actively part of operating the vehicle. Stow them in the backseat if there are no passengers back there, or put them in the trunk or rear of the vehicle.

Keep It Secure

If your laptop or mobile device is stolen, replacing the expensive device might be the least of your worries. Keep a thief out of your email account, retailers’ apps and social media accounts by passcode protecting your device. After too many failed attempts, the device will become useless and your information will be safe.

Paper or Plastic?

You might think a stack of paper is useless to anyone—except for the employee who is bringing home paperwork to do. However, an identity thief might help themselves to those documents in hopes of stealing personally identifiable information after breaking out a window in your car. Exercise car safety and keep them out of sight where they cannot tempt a potential criminal.

Handbags Are Begging to Be Stolen

The rise of mobile payment apps means that our shopping just got a little more hands-free. The ability to pay with our phones means no more lugging a giant handbag or an overstuffed wallet with us. However, leaving your handbag or wallet in the car is a bad idea, even if it does not contain anything a thief can use. Just seeing it might be enough for someone to break the window and snatch it up, leaving you with a headache and a hefty repair bill.

Heading into the New Year, take a few moments to think about car safety habits that can lead to identity theft and other crimes and those that can help you reduce your risk. Here is wishing an identity-safe holiday season for us all!


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Holiday Phishing Scams Target Small Businesses

Social Security Phone Scam

E-Skimming is a New Cybercrime That is Just in Time for the Holidays

There is a new Better Business Bureau (BBB) complaint phishing scam making its way around that is hitting the inboxes of consumers, business owners and even charities.  

Phishing attempts get their name from the wide net that scammers throw out, hoping to catch a few gullible people in the process. Some reports have even said that ridiculous stories and bad grammar are intentional. The reports have said it helps the scammers only catch the kind of people who are willing to believe that a major corporation sends out emails with terrible typos and awkward sentences.

However, this new BBB complaint phishing scam that appears to come from the BBB pretty much takes the cake:

Attn,

The Better Business Bureau has received the bellow referred complaint from one of your associate on the subject of their dealing with you. …We look forward to your urgent response. Before we take action on you

As you can see, the author of this email does not pay much attention to the rules of standard English. Remember, though, that the goal is to only interact with people who would believe an email such as this one would really come from the BBB. Anyone savvy enough to spot the errors and understand that a national company would never release such a message is probably too worldly to fall for the BBB complaint phishing scam.

However, there is a dangerous aspect to the BBB complaint phishing scam, that being the instructions (removed from the middle of the message for brevity) telling the recipient to download the attachment in order to read the complaint against them. It is noted twice in the email that it must be downloaded to a computer to be read, which is actually not true. The goal is simply to get you to open the attachment, which will undoubtedly install harmful software on your computer.

In order to avoid scams like the BBB complaint phishing scam—even if there is a chance that the message is legitimate—make it a habit to never click a link, download a file, open an attachment or any other dangerous response. Even if you recognize the sender’s name and email address, do not click or open anything unless you were expecting it since their account could have been hacked or spoofed.

Also, learn to be a little bit of a “message detective” when you receive a strange email or text. Is the grammar up to par? Are there strange salutations, like “Dearest Sir or Madam” or simply “Attn” instead of a formal greeting? Do you even have an account with the bank the email supposedly came from? Or in the case of the BBB complaint phishing scam, do you even own a business? If not, how would you be cited by the BBB for complaints about shady business practices?

Remember, scammers do not care if you actually have an account or own a business. All they need you to do is be curious enough to click that attachment. From there, they can root through your computer and find what they want. Do not fall for it.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Holiday Phishing Scams Target Small Businesses

Social Security Phone Scam

E-Skimming is a New Cybercrime That is Just in Time for the Holidays

If you work at a small business, be sure to keep your eye out for small business phishing scams. Consumers have been warned for some time about the threat of phishing attacks. These scams are highly prevalent because they are easy to pull off and require almost no technical know-how. At the same time, they are also highly believable and victims fall for them too often. Therefore they can have devastating financial consequences.

However, consumers are not the only victims who face down this threat on a near-daily basis. Small business phishing scams have emerged as an increasingly popular scam for a variety of reasons.

In a phishing scam, someone sends you a message and pretends to be someone else. They might pose as your favorite retailer, your financial institution, your email provider, your college roommate or even your boss. The goal is to lure you into handing over sensitive information, making a payment, downloading a virus to your computer or some other similar malicious activity.

For small businesses, the scammer’s goal might be similar but may include a different approach, one that is more oriented towards businesses. One report of a small business phishing scam involved an email that offered the business owner the chance to be featured in a holiday gift guide. The link included in the email redirected to a harmful website and contained a virus. Other common small business phishing scams can include phony invoices, bogus tax notices, fake customer service complaints and instructions from the boss to purchase gift cards and submit the gift card numbers.

No matter how it occurs and what is the goal, it is the victims’ unfortunate task to be prepared. Avoiding a small business phishing scam requires that you can spot the signs of a phishing attempt, such as an email address that does not match the company name, intentionally bad grammar and spelling, a vague greeting or description of the issue or any instructions to provide sensitive information. Also, making it a good habit—or even a company policy—to never download an attachment, click a link or visit a website through a message unless you were expecting it can protect you. Keeping your antivirus software up-to-date is also important for fighting back against certain forms of phishing attempts. For companies, keeping a tight rein on who can interact with your computer network can also help prevent these kinds of attacks.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Our Holiday Shopping Tips to Keep You Cybersafe

Hacked Disney+ Accounts Are Being Sold Online

E-Skimming is a New Cybercrime That is Just in Time for the Holidays

A recent Macy’s data breach is creating headaches for lots of its shoppers. There are a lot of different ways a cybercriminal can gain access to sensitive data. Not all of those ways involve highly sophisticated technological know-how. Sometimes it is as simple as finding unsecured information online, stealing someone’s work laptop or sending out a fake email that looks like the real thing in order to get the victim to hand over their data.

However, other forms of attack are something straight out of a cyberthriller. Knowledgeable black-hat hackers with a very specific skill set can inject malicious computer code into the script of a website, channeling activity from that website to any location they choose. Even worse, this is often done without the web owner’s knowledge and can continue on undetected for quite some time.

That is the case with the October 2019 Macy’s data breach. A MageCart attack, in which harmful code was embedded into Macy’s retail website, resulted in the loss of customers’ names, addresses, account numbers, credit card information and other related data points. The code was redirecting all of the information that customers entered to another location without Macy’s permission. Imagine the old home phone lines in which two handsets worked on the same phone number. This attack is just like someone picking up the other extension and listening in on a conversation without the other parties knowing.

The Macy’s data breach was discovered about a week after the code was injected into the company’s site. Macy’s has now issued a notification letter to all affected customers of the Macy’s data breach and has established a free 12-month credit monitoring option for those customers. They have also removed the malicious code and enabled safeguards to prevent further attacks of this kind.

As for the customers, there are some key takeaways from Macy’s data breach. First, the only information the thieves managed to steal was data that would be entered when creating your Macy’s account. No Social Security numbers, for example, or the information that was entered upon checkout. Second, this means that the thieves could have used your stored credit card but not establish new lines of credit or open new credit cards in your name. If you have card not present alerts enabled from your financial institution, you would have been alerted the moment a thief tried to use the card you have stored on the Macy’s website.

For now, customers affected by the Macy’s data breach are encouraged to monitor their account statements carefully for any signs of fraud, sign up for the free credit monitoring if offered and remember to activate the kinds of security measures that will protect you in the event something like this happens again. Card not present alerts and two-factor authentication are just two of the tools that many banks and credit card companies offer in order to keep you safe.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

T-Mobile Data Breach Exposes One Million Prepaid Accounts

Hacked Disney+ Accounts Are Being Sold Online

E-Skimming is a New Cybercrime That is Just in Time for the Holidays



T-Mobile has become the most recent telecom giant to announce a data breach affecting a large number of U.S. customers. As part of the T-Mobile data breach, more than one million prepaid service accounts were affected, which included names, addresses, phone numbers and information about customers’ rate plans, calling features and international calling.

This information may not appear to be very damaging. After all, there is no financial information or identifying data from the T-Mobile data breach that could allow thieves to open a new line of credit or a new account. However, the information that was compromised could still be used for malicious purposes. By having detailed information on what plan a customer has and what calling features they subscribe to, it would not be very difficult to convince a T-Mobile associate that the hacker is actually the account holder, and then solicit the employee’s help in taking over the account entirely.

T-Mobile has not answered some key questions about the T-Mobile data breach, such as the specific number of customers who were affected and whether it was a breach of its customer website or another online source. While the company should be applauded for a rapid response to discovering the T-Mobile data breach, there is other pertinent information that the public and security experts alike could benefit from knowing.

Many of the customers have already received a text message notification about the T-Mobile data breach, which is another possible cause for concern. Users have to be able to discern between genuine communications from the company and phishing attempts by hackers who are posing as T-Mobile representatives. Any message that asks you to confirm your information, especially sensitive things like your password or PIN, is suspicious and the company has said it will never contact its customers for that kind of data.

This is true of most companies, whether there has been a data breach or not. Phishing attacks work because the victim thinks they are talking to someone from the business. Instead, it is a cleverly disguised copy of a company communication. In any event, there is never a reason to verify your identifying information for someone who contacts you, no matter what form the communication takes. Ignore the message and go directly to your account online in order to verify that everything is okay.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Are the Wrong Toys on Your Holiday Shopping List?

Hacked Disney+ Accounts Are Being Sold Online

E-Skimming is a New Cybercrime That is Just in Time for the Holidays

If you are a fan of the Facebook ten-year challenge, you are probably excited about its recent comeback. As more people come to terms with the uncertainty surrounding social media use and privacy, many users are starting to take a more cautious approach to how and what they share. From changing their privacy settings to safeguarding the names and images of their children, a lot of users have become more knowledgeable—and therefore more concerned—about what happens to their content once it is posted. If issues like Facebook’s relationship with Cambridge Analytica taught us anything, it is that someone is always willing to pay for information about us.

For example, the Facebook ten-year challenge that swept through Facebook in the early part of 2019 is back, and it has left a lot of people asking what the social media giant is really doing with the images. If you have not seen it yet, users are encouraging one another to post a photo from 2009 and another one from 2019, presumably in recognition of the end of this decade. What is really behind the Facebook ten-year challenge?

A growing number of people have speculated that it is an attempt by Facebook to educate its facial recognition algorithms in the area of age-progression by looking at a ten-year age difference among users. That does not sit well with some privacy-minded people. There has been a lot of outcry over companies like Facebook, Amazon and others who have produced software that has stronger-than-ever capabilities for recognizing faces in a crowd. Amazon has even sold its software, Rekognition, to law enforcement agencies and has just announced brand-new features.

Even some tech industry insiders have been alarmed by the potential for grabbing up social media posts and using them to develop software that some see as an invasion of privacy. However, the Facebook ten-year challenge has led others to try to put a damper on the runaway conspiracy. After all, doesn’t Facebook already own countless photos of its users? What would be the benefit of having users simply post those same images again? Plenty, according to Wired magazine writer Kate O’Neill. Facebook can much more easily “mine” data when they have a fresh set of content that was taken a precise number of years apart.

In this case, it is not about what social media platforms already have access to or doing their legwork for them. Instead, the cause for alarm is more about what users are willing to post without really thinking through the potential for harm. Whether it is an endless stream of food pictures or the GPS coordinates to our children’s schools, we all need to be more aware of what it is that we are posting and how someone else could use it for their own purposes.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Hacked Disney+ Accounts Are Being Sold Online

Our Holiday Shopping Tips to Keep You Cybersafe

E-Skimming is a New Cybercrime That is Just in Time for the Holidays

According to the National Center for Education Statistics (NCES), about 56.6 million students are attending school this fall. The NCES also reports that there are 3.7 million teachers currently in the United States. That is over 60 million students and teachers spending their time inside of schools, on their Wi-Fi, online programs and much more.

Data breaches that affect students and teachers are not uncommon, although education ranked lowest of the five industry sectors that the Identity Theft Resource Center (ITRC) records in 2018 with 76 education data breaches exposing 1,408,670 records. However, 2017 was a different story. According to the ITRC’s 2018 End-of-Year Data Breach Report, in 2017 there were 128 education data breaches exposing 1,418,455 records. So far in 2019, there have been 104 breaches exposing 2,248,578 records. You can learn more by signing up for our ITRC Monthly Breach Newsletter.

While the education sector is not seeing as many breaches as some of the other industry categories, the ITRC believes that one breach is one too many. That is why we continue to empower identity theft victims – particularly those that are victims of education data breaches – with the resources to resolve their cases. Our mission, since our founding in 1999, is to help people proactively reduce their risk of becoming a victim and to empower them to mitigate their cases if they have become one. Since 2005, the ITRC has recorded over 10,000 publicly notified data breaches. As part of our 10,000 Breaches Later blog series, last week we looked at the top banking, credit and financial data breaches. This week we conclude our blog series with a look at the top five education data breaches that impacted U.S. teachers, students and families and their personal information that was compromised.

Maricopa County Community College District

Following a data breach incident in January 2011, Maricopa County Community College District experienced another education data breach in 2013 that led to personal information like names, addresses, Social Security numbers, dates of birth and financial aid information being exposed. The breach affected 2.5 million current and former students, employees and vendors. In January 2011, the district was first notified by the FBI of a small data breach affecting 400 people. Information from its database was found online for sale, and the FBI warned the district that it needed to properly secure its systems. Ten months later the district was warned, once again, this time after the Arizona Auditor General found that terminated employees still had active user accounts on the district’s network. One year later an audit found that the district had still not tightened up its security procedures. This led to the breach in 2013 which discovered, once again, sensitive information had been found for sale online. The impact on those teachers and students was potentially catastrophic given the amount of sensitive information and data compromised. This education data breach also highlights the importance of businesses and schools to take their security measures seriously.

Georgia Tech

In April 2019, Georgia Tech announced that nearly 1.3 million current and former faculty members, students, staff and student applicants had been affected by an education data breach that was caused by unauthorized access to a web application. Information compromised included names, addresses, dates of birth and Social Security numbers. The university has taken steps since to help people who were affected by offering credit monitoring and identity theft protection services to individuals who had their Social Security number exposed. Faculty members and students should be aware of the sensitive nature of their data and the potential unique identity theft aspects that could come from its exposure.

Washington State University – Social & Economic Science Research Center

Two years prior to the Georgia Tech education data breach, Washington State University learned that a locked safe containing a hard drive used by the Social & Economic Science Research Center to store backed-up files had been stolen. The hard drive contained a wide range of sensitive information on 1.1 million individuals including demographic information, Social Security numbers and personal health information. In April of 2019, the university reached a $4.7 million settlement where victims were entitled to receive up to $5,000 in cash reimbursements for any out-of-pocket expenses incurred, credit monitoring services or credit reports. This breach stresses the importance of making sure schools and universities have guidelines and measures in place to make sure that all student and faculty information is securely protected and that there is no risk of it being stolen, whether online or from a safe.

University of California Los Angeles (UCLA)

In October 2006, UCLA was hit by a cyber-attack allowing a hacker to gain access to a restricted database containing sensitive information of 800,000 current and former students, faculty and staff. The database included names, addresses, dates of birth and Social Security numbers. While this breach affected less than five percent of the records in the database, it was still one of the largest education data breaches at that time. While the university said there was no evidence of any personal information being misused, they suggested those possibly affected contact credit reporting agencies and take steps to minimize the risk of potential identity theft.

Pearson

Initially reported in July 2019, educational software maker, Pearson, experienced a data breach affecting its AIMSWeb 1.0 platform. Roughly 13,000 school and university accounts were affected by this breach. However, this number does not include the individual students and staff members whose information was contained in each account. Although the information exposed varies per account, information like student names, student dates of birth, student email addresses, student ID numbers, staff names, staff email addresses, job titles and more was exposed. In an interview with the Las Vegas Review-Journal, ITRC president and CEO, Eva Velasquez said, fortunately, the information exposed was limited: “Just a name is not going to necessarily lead to an increase in the risk of identity theft. A name and date of birth could potentially lead to a slight increase. But as far as very serious personal identifying information, it does not appear that this breach contains that level of data.” School districts are continuing to come forward to report being affected by the Pearson breach.

As we recap education data breaches, the ITRC hopes to help those impacted – both as faculty members, students, schools and universities – understand how to minimize their risk and mitigate their identity compromises. If you received a data breach notification letter, do not just set it aside. Call us at 888.400.5530 or LiveChat to talk with a live-advisor on what you should do. If you are a school or university that has been impacted by a data breach incident, please reach out to the ITRC to discuss how we can provide assistance to your impacted customers. Every victim of a data breach should download our free ID Theft Help App to track their activities around any given data breach.

For a complete look at all the blogs from the 10,000 Breaches Later blog series, visit https://www.idtheftcenter.org/10000-data-breaches-blog-series.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

10,000 Breaches Later: Top Five Financial, Credit and Banking Data Breaches

10,000 Breaches Later: Top Five Military and Government Data Breaches

10,000 Breaches Later: Top Five Medical and Healthcare Data Breaches

One week after its launch, hacked Disney+ accounts are what is being discussed rather than the new video streaming service. A week ago, Disney launched a highly anticipated video streaming service, and hackers have already found a way to make a buck while ruining your fun. The service, called Disney+, contains not only Disney film favorites but also original content and new shows in the Star Wars universe. Social media sites have been flooded with overjoyed responses from happy customers, as well as complaints from unhappy customers who have lost control over their accounts.

Hackers have been able to infiltrate accounts, change the passwords to lock out the account owners and then post the credentials online for others to use or buy. Rather than the $7-per-month subscription fee, some forums have listed accounts for sale for as little as three dollars from the hacked Disney+ accounts.

There are a couple of ways hackers may have pulled this off, most of which customers can avoid if they are careful.

First, anyone who ever reuses an old username and password combination from another site is playing with fire. If you reuse the login credentials from your MySpace, Yahoo, Adobe, Ancestry.com, Bank of America or Capital One account, a hacker with the right information can break in. Again, any previous data breach in which usernames and passwords were stolen means that information may be available on the Dark Web. If you open any new accounts with old information, a hacker may already have access to it, which may be the case for some of the hacked Disney+ accounts.

Next, if you receive an email or text message that someone has changed your account login for any account, do not ignore it or treat it as spam. It can mean that someone is in your account at that very moment, and they are locking you out.

Also, there is some speculation that hackers may have used keylogging software to steal credentials. This can happen when you visit a harmful website and login, click a link or download a file in an email that installs harmful software on your computer or connect over public Wi-Fi and log into an account. By electronically gathering up your keyboard strokes as you type, hackers can grab your login credentials, go into your account and take control.

Once they change your password, you are not only locked out of your account, you are also powerless to delete the account or block the payment method. You must contact customer support immediately if you are ever locked out of an account you own since a hacker may be involved.

Remember, the Disney+ website was not breached. It is the individual users themselves whose accounts have been compromised. Another handy tip to avoid hacks like the hacked Disney+ accounts is to stop announcing on social media whenever you download a new game, try out a new service or some other hot commodity. No one needs to know that you have paid for a subscription, and hackers are standing by (through basic keyword searches online) to see who has got an account they can grab. It is important to avoid oversharing your personal business in this way.

Finally, all of this serves as a great reminder about password hygiene. Apart from never reusing a password on another account, it is a good idea to change up your passwords frequently. The same is true of your security questions, as those are often targeted in a data breach as well. That database of old information the hackers have will not work if you are updating your passwords from time to time.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Three-Pronged Web Service Data Breach A Cause For Alarm

Virtual Reality Privacy Concerns

Who is Responsible for Fraud Prevention? Join the Fraud Week Twitter Chat with ACFE!

It seems hard to imagine that companies still suffer accidental data breaches, but it happens with alarming frequency and it led to a ‘Magic: The Gathering’ data breach. It may be an employee who downloads some malicious software or falls for a spear phishing campaign, or someone who leaves an unsecured laptop or flash drive out. Regardless of how it happens, what is important is that it happens often enough that more companies should be safeguarding themselves from this kind of threat.

One frighteningly common event is the accidental overexposure, which occurs when a company unintentionally puts its sensitive information online for anyone to find. Sadly, even though they are doing it by mistake, that does not stop malicious people from finding the information and using it.

The most recent example of a company leaving a database of customer information exposed on the internet is Wizards of the Coast, the developer of the popular game, ‘Magic: The Gathering.’ It led to a ‘Magic: The Gathering’ data breach. This card-based game has been widely popular for many years and has a devoted following. Unfortunately, the owners used an unsecured Amazon Web Services bucket. This online server contained customer data for more than 452,000 users, including usernames and hashed and salted passwords. However, the information was not encrypted.

Accidental data breaches like the ‘Magic: The Gathering’ data breach have happened to numerous well-known, large-scale companies recently. It is always with the same issue that the requirement to password protect the server is turned off by default. Unless the company opts to password protect the server and takes the steps to do so, their information can go online without any kind of wall around it.

Unfortunately, TechCrunch reported this incident with a somewhat bothersome finding. A security company called Fidus Information Security discovered the database of information and contacted the game developers. However, there is no way of knowing if anyone else had already compromised the information. In this case, as TechCrunch states, “Fidus reached out to Wizards of the Coast but did not hear back. It was only after TechCrunch reached out that the game maker pulled the storage bucket offline.”

One of the most critical things any company can do during a data breach like the ‘Magic: The Gathering’ data breach is to respond in a timely way. Leaving the information online while looking into the matter or failing to notify the customers of the breach quickly is not the best way to protect anyone. The developer has informed affected customers to change their passwords and has reported the breach to officials who oversee the EU’s privacy compliance regulations.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Three-Pronged Web Service Data Breach A Cause For Alarm

Virtual Reality Privacy Concerns

Who is Responsible for Fraud Prevention? Join the Fraud Week Twitter Chat with ACFE!

Three web services recently suffered a web service data breach in August. The news broke from Krebs On Security that users of Network Solutions, Register.com and Web.com may have received notice that an unauthorized user was able to gain access to certain important pieces of information from users’ accounts.

Domain Registration Websites

The three companies in question have a very important place in the online business world. They register website domain names, which means that if you create a website, they may hold the key data around that website. This web service data breach is particularly alarming if your website had sensitive information about the owners—including names, email addresses, phone numbers and physical addresses—which may have been compromised. Sensitive websites might be political in nature, may involve children’s photographs or identifying features or might pertain to marginalized communities of people.

Change Your Password Immediately

So far, Web.com, which owns both of the other two registration companies, has only issued a blanket warning to customers to change their passwords. The web service data breach notification is available on a separate section of their website, but none of the companies list this important announcement on their home pages.

If you have registered a website via any of these companies, it is important to change your password right away. However, even if you have not used one of them, it is encouraged to take this time to go to your domain registration company and change your password for good measure.

Watch For More Sophisticated Phishing Emails

Phishing attacks are another serious concern from breaches like the web service data breach. Hackers use or sell your email information in order to flood you with spam emails, mass marketing and fraud attempts. It would be easy for someone to create a fake email that appears to come from one of these companies and then send you an email demanding your login credentials or financial information. Be on the lookout for these kinds of approaches, and know how to respond to a potentially harmful email or text message.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Adobe Account Information Leaked After Server Left Unsecured

Be on the Lookout for 2020 Census Scams

Hy-Vee Cards Stolen in Recent Data Breach Are Fetching a Higher Price on Dark Web Websites