In a story that seems to start in 2014, blogging platform LiveJournal appears to have suffered a data breach. The LiveJournal data breach—whose database of users’ names, email addresses and plain-text passwords was supposedly sold and traded on the Dark Web many times over the past six years—has been speculated about by several different entities.

While the LiveJournal data breach may have occurred as early as 2014, some sources can only link the database of 26 million user records with any reasonable certainty to about three years ago. In 2018, rumors of a LiveJournal data breach surfaced once again when users reported being victims of a sextortion campaign. The victims knew where the stolen information had come from because it was involved unique email addresses and password combinations that they had only used on LiveJournal.

Later, the database was discovered making the rounds on the Dark Web as various hackers used or leaked it online. The well-known data breach search site Have I Been Pwned received the LiveJournal database on May 27, 2020, and lists the formal date of the original breach as January 1, 2017. However, that could be the only verifiable time frame for this particular set of user information and not the actual data breach event date.

The LiveJournal database appears to have been posted for sale online and traded privately between hackers using it for credential stuffing attacks. In that form of attack, fraudsters gain access to usernames and passwords and try those combinations on numerous other sites. If any LiveJournal users reused their username and password on another site, the hackers – or anyone who purchased the database – would have access to those accounts as well.

With that said, not everyone who buys a database of this kind intends to steal account access. Other malicious actors use these records for spam email campaigns, phishing attacks, ransomware attacks and other harmful tactics.

Credential stuffing is a major problem in information security. With so many data breaches and compromised consumer records, reusing a password is essentially the same as failing to secure an account. For some time, security experts have recommended changing to an easy to remember, but difficult to attack, passphrase instead of the old eight-character passwords.

For its part, LiveJournal’s owner, Rambler Group, has not confirmed that a LiveJournal data breach ever occurred, despite the users’ information available online. The company claims that this database and the connection to hacking involving its other platform DreamWidth are merely coincidental and that the database of LiveJournal or DreamWidth users’ login credentials was simply gleaned through unrelated breaches or malware attacks on users’ computers and then compiled into one file. This is despite the fact that ads offering the LiveJournal database for sale are still posted online.

If someone believes they might have been impacted by a potential LiveJournal data breach, they can live-chat with an Identity Theft Resource Center expert advisor. They can also call the ITRC toll-free at 888.400.5530. Finally, they can download the free ID Theft Help App for iOS or Android to communicate with advisors via live chat, use the case management tool to track their action for resolving their data breach case, find resources for protecting themselves from further harm and much more.


You might also like…

Formjacking Tactics Used in FabFitFun Data Breach

Arbonne Data Exposure Compromises Thousands of Accounts

Consumers Should Watch Out for COVID-19 Job Reopening Scams

Some members of FabFitFun are trying to figure out the next steps for them to take following a FabFitFun data breach. FabFitFun, a company that allows consumers to become members and get customized boxes mailed to them with products, suffered a data breach as the result of formjacking, where a thief inserts a code that gathers credit card information and, in some cases, more personal information in the background while the transaction processes like normal.

According to the Office of the Vermont Attorney General, the FabFitFun technical team discovered illegally placed malicious code on the company’s website. The breach notification letter states the malicious code was placed on the “Shop” portion of the website on May 2 and taken down on May 6. FabFitFun says the data breach did not impact the “Add-Ons” and “Box Purchases” portions of the website.

Members who completed purchases between May 2 and May 6 may have had personal information exposed during the FabFitFun data breach, including names, addresses, cities, states, zip codes, phone numbers, email addresses, credit card numbers, CVV codes and card expiration dates. If members were in the process of checking out but did not complete a purchase between May 2 and May 6, they could have had their names, addresses, cities, states, zip codes, phone numbers and email addresses exposed. Fortunately, those members are not believed to have had any credit card information leaked.

After learning of the malicious code, FabFitFun took down the code and offered affected members an annual membership. Anyone who’s information was exposed in the FabFitFun data breach should contact their credit card or debit card provider and follow their recommendations. Members should monitor their credit card or debit card statements for any suspicious activity and report anything suspicious to the bank listed on the card. For fraudulent charges, members should file an ID Theft Report with the Federal Trade Commission and obtain a copy for their records in case it needs to be used with a creditor to clear fraudulent charges.

Members affected by the FabFitFun data breach can also live-chat with an Identity Theft Resource Center expert advisor, or call toll-free at 888.400.5530. They can also download the free ID Theft Help App, where they can create a customized log to track all their steps in resolving their data breach case, access ITRC advisors for a personalized action plan, resources and much more.


You might also like…

Arbonne Data Exposure Compromises Thousands of Accounts

Consumers Should Watch Out for COVID-19 Job Reopening Scams

ShinyHunters Hacks Expose Business Vulnerabilities

Arbonne International, LLC, a worldwide skin care and health product company that operates as a multi-level marketing business model, announced that it had discovered a data compromise of its computer system. After noticing some unusual, unauthorized activity on its network, Arbonne hired a third-party security company to investigate the scope of the Arbonne data exposure.

While their findings are still incomplete, they did discover that an unknown entity gained access to certain aspects of the computerized system. No highly-sensitive information like Social Security numbers was compromised and no payment card information was accessed. However, to be safe, Arbonne forced a password reset of its affected users’ accounts and filed a notification with the proper authorities. The company also issued data breach event notification letters for the Arbonne data exposure and is offering one year of identity monitoring to affected users in compliance with state laws.

While Arbonne continues to sort out how the data exposure happened and what the extent of the compromise may be, it serves as an important reminder to all tech users about the need for good passphrase practices. The passwords of old may not be secure enough anymore and experts recommend a longer “passphrase” that is difficult for malicious actors to guess but easier for the individual user to remember. By establishing passphrases, users may be more likely to make new ones for every account instead of reusing them or changing them by only one letter or digit when a situation like the Arbonne data exposure arises.

Arbonne account holders should monitor their other accounts carefully for the foreseeable future to keep a close watch for any suspicious activity. If they see suspicious activity, they should contact their bank immediately. Victims of the Arbonne data exposure can also live-chat with an Identity Theft Resource Center advisor or call the ITRC toll-free at 888.400.5530. Victims can also download the free ID Theft Help App for iOS or Android, which allows victims to track their steps in a case management tool, live-chat with an advisor, access resources and much more.


You might also like…

Consumers Should Watch Out for COVID-19 Reopening Job Scams

ShinyHunters Hacks Expose Business Vulnerabilities

College Student Stimulus Check Scams Begin to Heat Up

State and local governments around the country are working hard on plans, and in some cases, starting to execute, to carefully reopen their communities and businesses in the wake of the COVID-19 pandemic. Data is being tracked; task forces are mobilizing and planning; and the “new normal” is beginning to take shape. However, this could lead to an increase in reopening job scams.

More jobs could be a welcomed sight for over 40 million U.S. workers who have had to file for unemployment benefits since mid-March. Some consumers expect to return to their old jobs. However, many others will be looking for a new one.

According to a survey issued by FlexJobs, 19 percent of respondents reported that they have already been victimized by an employment scam. The company further stated that for every legitimate work-from-home job—a highly sought-after option during the pandemic—there are between sixty and seventy scam offers. Out of concern for consumers, as they seek employment, the FBI is warning the public about reopening job scams or fake job offers that would ordinarily raise some red flags if not for the specific changes that quarantine has required.

The FBI says they have seen an uptick in fake job and hiring scams with cybercriminals posing as legitimate employers by spoofing company websites and posting fake job openings on popular online job boards. One of the scams involves fraudsters going as far as conducting false interviews with applicants, then requesting personal information or money that could be transferred to a private location. The Better Business Bureau told FOX 13 in Memphis that fraudsters are using the COVID-19 pandemic in their employment scams to make them more believable.

Fortunately, much of the same caution that applied to job-seeking before COVID-19 still applies. Consumers should know the source of the job listing and only use reputable websites to find employment opportunities. To avoid a reopening job scam, consumers should also be mindful of unsolicited emails and offers with outrageous claims—such as, “Earn $3,000 a week working from home.”

Once a job posting is found, consumers should also be careful about how much personal data they share, at least during the application period. If a company claims they want to do a phone, Skype or Zoom interview due to social distancing and safety, that’s okay. However, it does not mean candidates should turn over information like their Social Security numbers until they have been hired.

Finally, to avoid a job reopening scam, consumers should remember that legitimate jobs don’t usually require any upfront fees or costs. Even things like company uniforms or specialized equipment such as steel-toed shoes are often deducted from the first paycheck or purchased by the employee through an outside company. Typically, they are not charged in the form of a payment. If an employer asks for a finder’s fee, administrative fee, background check fee or any other funds, it is probably a reopening job scam. Even for legitimate actions like submitting a bank account number and routing number for direct depositing of paychecks, it’s important to be sure the company is legitimate and the job has already been awarded before submitting the information. If someone believes they are victim to a COVID-19 reopening job scam, they can live-chat with an Identity Theft Resource Center expert advisor. They can also call toll-free at 888.400.5530.


You might also like…

ShinyHunters Hacks Expose Business Vulnerabilities

Stolen Stimulus Checks Creating Concerns for Consumers

College Student Stimulus Check Scams Begin to Heat Up

Since 2005, the Identity Theft Resource Center (ITRC) has been tracking publicly notified breaches, building one of the most comprehensive repositories of data in the U.S. that is updated daily.

One of the most recent cybercrimes the ITRC reported involves a cybercrime ring, ShinyHunters, stealing the information of over 200 million customers from at least 13 different companies. In early May, ShinyHunters posted 15 million customer records on the dark web. Two days later, the hacking group began offering the entire database to buyers, which included 91 million user accounts from an Indonesian website.

Since then, ShinyHunters has offered more than 100 million users’ account information at popular websites like dating app Zoosk, meal kit company Home Chef, design-focused marketplace Minted, Minnesota’s Star Tribune newspaper, health and wellness website Mindful, photo printing service Chatbooks and online publication Chronicle of Higher Education.

While not all of those companies acknowledged ShinyHunters’ claims, more are recognizing the data breaches once they confirm there was data theft. One of the latest companies to confirm a data breach was Mathway, a popular education app for iPhone and Android devices. It is believed that the information stolen includes data about children who are the primary users of the app. The Mathway data has proven to be worth a lot on the dark web, going for $4,000 in bitcoin (or over $375 million U.S.) for 25 million stolen user accounts.

ShinyHunters has acknowledged its successful hacks. In fact, in an interview with WIRED magazine, a spokes-hacker said “it is not too hard” to breach so many organizations. They continued to say that “it’s just a way to make money.”

Groups that commit wholesale data theft are not amateurs like one might see in a TV show or a movie. These groups are professional threat actors that run their groups like any business. They have advertising campaigns, marketing campaigns, help desks and customer support – all to steal people’s information and convert it into cash.

Two other recent data breaches the ITRC has noted were of PaperlessPay, a third-party provider for personal information like W-2’s and paystubs, and Wishbone, a social media app that lets users compare products and then interact with other app users to find out what products are hot and what are not.

In February, federal law enforcement investigators found identity thieves selling PaperlessPay client data. The personal information compromised included the names, addresses, pay and withholdings, Social Security numbers and bank account numbers, in some cases.

In regards to Wishbone, hackers are selling 40 million account profiles, which includes names, email addresses, phone numbers, locations, genders, social media profiles and hashed accounts passwords of users. While hashed passwords are typically useless because the information is encrypted and has to be unlocked, Wishbone uses an outdated form of encryption that is easily cracked with a password breaking tool. This is the most recent breach for Wishbone that was also successfully attacked in 2017.

Businesses must keep their cybersecurity and data protection up-to-date. If not, it can lead to data breaches and a loss of revenue from customers who might not trust the business with their personal information. It is also important for consumers to make sure their apps, websites and businesses they share data with have strong security to protect their information. Consumers are encouraged to ask questions before sharing personal information so they can take their business to a company that takes data protection and privacy seriously.

If someone believes they have had their information exposed as part of a data breach, or is a victim of identity theft due to a data breach, they can live-chat with an ITRC expert advisor. They can also call toll-free at 888.400.5530. Advisors can help victims create action plans that are tailored to them. Victims can also download the ID Theft Help App. The app lets them track their case in a case log, access resources and tips to help them protect their identity and more.

Join us on our weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.


Contact Tracing Scams Ramp Up as New Technology Evolves Amid COVID-19 Pandemic

Possible Nigerian Fraud Ring to Blame for Unemployment Identity Theft Attack

Some consumers have yet to receive their stimulus check, leaving many wondering why. The Identity Theft Resource Center has seen a sharp increase in “stolen stimulus check” cases. However, not everyone who believes they had their stimulus check stolen finds that to be the case. In fact, there are a handful of reasons why people could still be waiting. With that said, some are legitimately stolen.

The FTC reports that some stolen stimulus checks appear to be from nursing home residents. Nursing homes in several states have made residents sign over their stimulus checks. Other cases involve people committing physical mail theft, like this New York man who stole over $12,000 worth of stimulus checks. Some thieves are going as far as stealing stimulus checks from postal trucks. The Chicago metro saw multiple postal trucks get broken into in April.

No matter how stimulus checks are being stolen, it can be a headache for consumers and something law enforcement is working to stop. If someone believes they are the victim of a stolen stimulus check, they should report it to the Federal Trade Commission (FTC) and the IRS.

  • Victims of a stolen stimulus check can go to IDTheft.gov and click “Get Started”
  • On the next page, which is titled “Which statement best describes our situation,” victims should click the line that says “Someone filed a Federal tax return – or claimed an economic stimulus payment – using my information.”
  • After the victim answers the questions provided, the page will complete an IRS Identity Theft Affidavit for the victim to submit electronically to the IRS, which can also be downloaded for file keeping
  • The website will provide the victim with a recovery plan to follow that includes steps to prevent identity theft
  • The IRS and their “Get My Payment” tool is a way for consumers to learn the status of their payment, including where it was sent. For more information, consumers can visit the IRS’s Economic Impact Payment Information Center and Get My Payment Frequently Asked Questions pages for detailed, and frequently-updated, answers to questions. They also can find information here about payments that the IRS may have deposited to an account that is not recognized.

It is important for consumers to remember that the IRS will never call, email, text or reach out via social media to anyone about a stolen stimulus check or to receive a stimulus check. If someone does, it is probably a phishing scam looking to steal personal information and should be reported to the proper agency.

If someone had their stimulus check stolen, or had another form of government identity theft,  they can live-chat with an Identity Theft Resource Center expert advisor or call toll-free at 888.400.5530. ITRC advisors will walk victims through the process and tell them where they need to go, who they need to talk to, what they need to say and what they need to do.


You might also like…

Contact Tracing Scams Ramp Up as New Technology Evolves Amid COVID-19 Pandemic

Possible Nigerian Fraud Ring to Blame for Unemployment Identity Theft Attack

Five State Unemployment Department Data Exposures Uncover System Flaws

Since 2005, the Identity Theft Resource Center has compiled publicly-reported U.S. data breaches as part of our data breach tracking efforts. While our 2019 Data Breach Report revealed an annual 17 percent increase in data breaches compared to 2018, there has since been a data breach decrease reported during the first quarter of 2020, both in the number of incidents and individuals impacted.

In the first quarter of 2020, there were 337 publicly reported breaches and exposures. During the same time period in 2019, 520 data events were reported, which means there have been nearly 185 fewer breaches/exposures reported in 2020. In terms of people impacted, 131 million individuals were affected from January through March of 2020. While that might sound like a lot, 442 million people had their data compromised during that same timeframe in 2019. Overall, the number of data compromises decreased by nearly 35 percent, and the number of people affected by 66 percent in the first three months of 2020. Any decrease in data compromises is a good thing, but it’s important to understand what’s behind the numbers dropping due to the data breach decrease.

The ITRC tracks both publicly reported data breaches and data exposures in a database containing 25 different information fields and 63 different identity attributes that are updated daily. While the ITRC has one of the most comprehensive repositories of data compromises, not all incidents are publicly reported; there can be significant delays between when a breach occurs and is publicly reported. The result of these factors can produce a reduction of publicly reported data events.

There are other reasons why the ITRC’s data could be different from other data breach reports – especially those that are reporting an increase in data compromises in Q1 2020. For example, the ITRC reports the number of records compromised based on the number of individuals impacted, not the number of records stolen or exposed. We believe this methodology gives a more accurate view of the human impact of a data breach or exposure since a single person may have multiple records involved in a single event.

The COVID-19 pandemic could have also played a role in the data breach decrease (particularly in March) as threat actors turned their attention to using the data they already had to launch phishing attacks and COVID-19 scams rather than launching new mass cyberattacks. However, there is no substantive proof of why there was such a drastic decline in the first quarter numbers. With that said, the ITRC believes data breaches could return to a more traditional trendline later in 2020.

If someone believes they have had their information exposed as part of a data breach, or is a victim of identity theft due to a data breach, they can live-chat with an ITRC expert advisor. They can also call toll-free at 888.400.5530. Advisors can help victims create action plans that are tailored to them. Victims can also download the ID Theft Help App. The app lets them track their case in a case log, access resources and tips to help them protect their identity and more.

Join us on our weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.


You might also like…

Contact Tracing Scams Ramp Up as New Technology Evolves Amid COVID-19 Pandemic

Possible Nigerian Fraud Ring to Blame for Unemployment Identity Theft Attack

Five State Unemployment Department Data Exposures Uncover System Flaws

This post will be updated as more information becomes available

Contact tracing scams have begun to pick up steam with the evolving technology coming closer to becoming a reality. Some of those scams include hackers and fraudsters posing as contact tracers – both online and in person – trying to steal personally identifiable information (PII), personal health information (PHI) and other personal data.

The United States began the re-opening process after the COVID-19 pandemic closed many aspects of daily life. That is expected to include many precautions to keep people safe, including contact tracing – a method used to find the people who may have come into contact with someone infected with COVID-19. In fact, many people anticipate contact tracing will play a large part in keeping people informed of their risk of exposure until a vaccine is available.

Apple and Google are cooperating to ensure the different phone operating systems are compatible for contact tracing purposes. Apple and Google are also working with health departments across the country to figure out how to roll-out an effective contact tracing Bluetooth-based system that would allow public health departments to create their own contact tracing apps. Despite doubts from some health officials on how useful Apple and Google’s optional systems will be, the two tech companies have developed the digital contact tracing system, and have included it in their latest software updates. Contact tracing apps have already rolled out in other countries. According to MIT Technology Review, so far, there are 25 contact tracing efforts globally. However, none of those apps work in the U.S. Consumers should beware of any attempt to entice them or someone else to download and register for an app.

While app development efforts continue, scammers are tricking people into contact tracing scams using fake apps that steal their personal information. The Better Business Bureau of Connecticut warns people about text messages in their area that appear to be linked to COVID-19 contact tracing, alerting people that they were near someone who tested positive for coronavirus. Police in Washington state are alerting residents of contact tracing scams going around trying to steal sensitive information, including credit card information and Social Security numbers. The Champaign-Urbana Public Health District urges residents not to fall for contact tracing scams, adding that they will never alert people of a positive test via text.

In all of these scams, fraudsters are trying to steal people’s personal information, whether it is by trying to get them to click on unknown malicious links or simply asking for them to provide it. Hackers then have the ability to turn right around and sell the information, which could lead to identity theft. Even when legitimate apps are available, users should check to see if the data they share will be used for marketing purposes without their permission or sold for other purposes.

To avoid a contact tracing scam, people should stay informed on the latest contact tracing details, as well as the most up-to-date COVID-19 information from their state and local health departments. Local health departments will inform people of what a legitimate contact tracer will ask and any protocols they will follow. If anyone gets a text or notification they are not expecting that they were in contact with someone who tested positive for COVID-19, they should ignore it and call their local health department to confirm the validity of the message. They should not provide any information they are asked for, nor should they click any links, open any attachments or download any files.

If anyone believes they have fallen victim to a contact tracing scam or is a victim of identity theft, they can live-chat with an Identity Theft Resource Center expert advisor or call toll-free at 888.400.5530. An advisor can help victims create an action plan on the steps they need to take that are customized to their needs.


You might also like…

Online Shopping Safety a Priority During Coronavirus Pandemic

Five State Unemployment Department Data Exposures Uncover System Flaws

COVID-19 Could Lead to Increase in Travel Loyalty Account Takeover

Unemployment identity theft, also known as unemployment fraud, continues to skyrocket across the United States during the COVID-19 pandemic; particularly hard-hit is Washington state. A possible Nigerian fraud ring could be to blame for many of the cases involved in the uptick. According to the New York Times, a group of international fraudsters from Nigeria are believed to be behind a sophisticated attack on the U.S. employment systems, an attack that has already led to millions of dollars being stolen. While the U.S. Secret Service is still working to identify everyone involved, Special Agent Roy Dotson believes the unemployment identity theft is being aided by mules (people who transfer illegally acquired money on behalf of or at the direction of another) being used for money laundering after making connections with fraudsters online.

According to a memo from the U.S. Secret Service in the New York Times article, investigators received information that suggested the scheme was coming from a Nigerian fraud ring, and that hundreds of millions of dollars could be lost. Washington state is believed to be the primary target for the unemployment identity theft and unemployment fraud attacks. However, there has also been evidence of similar attacks in Florida, Massachusetts, North Carolina, Oklahoma, Rhode Island, Maryland and Wyoming.

The Identity Theft Resource Center (ITRC) believes many fraudsters are trying to take advantage of more people, money and activity running through state employment offices due to the unusual lengths that government has gone to support Americans in light of the COVID-19 pandemic financial impacts. The ITRC has received reports from victims where workers have received notifications that their unemployment application was approved, even though they did not apply or are still working.

There are things consumers can do to prevent the likelihood of becoming a victim of identity theft as a result of an unemployment identity theft attack. If someone has an account with a government agency, they should upgrade to a passphrase and check to see if their information has been changed. If it has been changed, it should be reported to the state agency. It is also important for people affected to update all of their accounts to passphrases, to make sure their passphrases are not reused, or that a work passphrase is shared at home and vice versa. It is important to update passphrases and not use them across multiple accounts because identity thieves use stolen login information from data breaches to commit other crimes like unemployment benefits identity theft.

It is also a good idea for people to freeze their credit because it prevents new accounts and new obligations from being created that require a credit report. However, it will not stop the creation of an account with a state agency. To help protect personal information from being used in a cyberattack, it is a good idea for people to keep all of their software up-to-date, including their anti-virus software.

If someone believes they are a victim of unemployment identity theft or unemployment fraud, they are urged to live-chat with an ITRC expert advisor. Victims can also call toll-free at 888.400.5530 to leave a message for an advisor to return the call. Advisors will help guide victims and walk them through the process by creating an action plan that is tailored to their needs.


You might also like…

Five State Unemployment Department Data Exposures Uncover System Flaws

Key Ring Data Leak Exposes 14 Million Users Sensitive Information

Online Shopping Safety a Priority During COVID-19 Pandemic

This blog will be updated as more information becomes available

Reports of accidental exposures and data leaks from six different states’ unemployment websites have some consumers concerned. Illinois, Arkansas, Colorado, Ohio, Florida, and most recently, Kentucky have all suffered recent unemployment department data exposures due to their quick response in setting up convenient, DIY websites for those seeking unemployment benefits due to closures from the coronavirus.

Pandemic Unemployment Assistance, or PUA, offers federal assistance to those who are affected by the quarantine. The PUA can be especially helpful as self-employed people, independent contractors and other “gig economy” workers can receive assistance during this time.

In an effort to expedite the submission and processing of these applications, many states have relied on outside vendors to establish their PUA application web portals. Unfortunately, in the rush to help consumers, some of those websites launched before they could be thoroughly quality tested and reviewed for security. The multiple unemployment department data exposures left tens of thousands of users’ complete identities exposed, leading to even more cause for concern.

In each of the six states, the PUA application sites were taken down until they could be secured. Two states, Colorado and Ohio, were notified by Deloitte, their vendor, as to the exposure. One state is already offering credit monitoring to all 72,000 of its PUA recipients, while the others are still investigating and could offer support as their findings unfold.

Also, due to the difficulties surrounding quarantine and employment at this time, the Identity Theft Resource Center has seen cases where workers received notifications that their unemployment application was approved, even though they had not applied for assistance or were still working. However, there is no known link between those cases and the current issues with the Pandemic Unemployment Assistance sites.

All consumers should remain aware of the threat, regardless of their current employment status. If anyone suspects that their personally identifiable information has been exposed or compromised, they are encouraged to place a freeze on their credit reports with the three major credit reporting agencies. They are also encouraged to use anti-virus solutions to secure their devices and protect their online accounts, update their old passwords to a stronger passphrase and make sure none of those passphrases on their personal accounts are also used on their work accounts.

Anyone who has questions or believes they have been affected by an unemployment department data exposure is urged to live-chat with an Identity Theft Resource Center expert advisor. Victims can also call the ITRC toll-free at 888.400.5530. Another tool for victims of a data breach or data exposure is the ID Theft Help App. The app can serve as a “breach activity” case manager for those impacted.


You might also like…

Online Shopping Safety a Priority During Coronavirus Pandemic

The Evolution of Password Advice

COVID-19 Could Lead to Increase in Travel Loyalty Account Takeover