If you had told someone even ten years ago that a criminal sitting on the other side of the world could steal their credit card information with a simple email, they might have written you off as a conspiracy theorist. Only a few decades ago, identity theft was not even recognized as a crime, let alone something that the police could actually investigate and prosecute. However, as new technology emerges that makes our lives more convenient and more connected, new virtual reality privacy concerns can also appear.

New Tech, New Concerns

That is the current understanding of innovations like virtual reality and augmented reality. These high-tech, digital forms of media—used for everything from education and business to entertainment—create new virtual reality privacy dangers by placing the user in entirely fabricated situations and locations, usually thanks to special software that interacts with their visual hardware.

Popular games like Pokémon Go, for example, allow the player to walk around in the real world while finding virtual characters in their actual surroundings.

Misuse of Your Personal Information

By giving access to your phone, tablet or computer to another platform in order to participate in these kinds of activities, you are opening yourself up to potential new virtual reality privacy concerns. Any time someone else can access your stored photos, camera and Facebook account or friends list, there is a possibility of them misusing that access.

Even worse, any time a platform is free to use, it is a sure sign that your information is being sold to third-parties. You have no way of knowing who those other companies are or what they plan to do with your information.

Virtual Reality User Permissions 

It is important that companies who utilize these technologies understand the new virtual reality privacy concerns of interacting with consumers in this way. However, it is equally important that users know how their information could be compromised. It is a reminder that we all must be cautious about the latest gadgets and games, and to understand what permissions we are granting when we create an account or allow access to our information. If you cannot verify what a company can do with your connection, it is better to play it safe and avoid interacting.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Adobe Account Information Leaked After Server Left Unsecured

E-Skimming is a New Cybercrime That is Just in Time for the Holidays

Be on the Lookout for 2020 Census Scams

The Association of Certified Fraud Examiners (ACFE) and the Identity Theft Resource Center are teaming up for a very important public event on Twitter.

International Fraud Awareness Week Nov 17-23

The two organizations have partnered to help consumers understand what is fraud, how to recognize a potential fraud attempt, and what to do about it.

This year’s week-long event focuses on the theme, “Who Is Responsible For Fraud Prevention?” The very short answer to this complicated question is: All of us! But without the proper tools and awareness, it can be hard to uncover and protect yourself against fraud attempts and related crimes. Whether you’re an industry professional, a public or consumer advocate, a lawmaker or law enforcement professional, or just someone who wants to know how to protect themselves and their privacy, this event is for you.

For more info: https://acfeinsights.squarespace.com/acfe-insights/join-the-acfe-and-itrc-for-a-fraud-week-twitter-chat

Join the #FraudWeekChat on Twitter Nov 20

A Twitter chat is an open conversation on the social media platform that anyone is able to join in. In order to read others’ tweets from the chat or contribute your own, you simply add the specific hashtag to your posts or search for it to read. The hashtag, #fraudweekchat, will allow you to see others’ comments and questions, even if you do not currently follow them on Twitter, while also allowing them to see your remarks.

Anyone who has a vested interest in recognizing and preventing fraud attempts—which really means everyone!—is welcome to participate. Simply log into your Twitter account on Wednesday, November 20, at noon ET / 9 a.m. PT, and be sure to follow both the ACFE (@TheACFE) and the Identity Theft Resource Center (@IDTheftCenter) for up-to-date information all year long. Remember to use the #fraudweekchat hashtag by typing the pound symbol and the words at the end of your tweets. Note: If you raise a question that is unanswered, please repeat it; it may have been overlooked in the high volume of traffic during the chat.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Can you handle this? New @IDTheftCenter social media

New Venmo Scam is Trying to Give You Money, Not Take It Away

E-Skimming is a New Cybercrime That is Just in Time for the Holidays

There is a new Better Business Bureau (BBB) complaint phishing scam making its way around that is hitting the inboxes of consumers, business owners and even charities.

Phishing attempts get their name from the wide net that scammers throw out, hoping to catch a few gullible people in the process. Some reports have even said that ridiculous stories and bad grammar are intentional. The reports have said it helps the scammers only catch the kind of people who are willing to believe that a major corporation sends out emails with terrible typos and awkward sentences.

However, this new BBB complaint phishing scam that appears to come from the BBB pretty much takes the cake:


The Better Business Bureau has received the bellow referred complaint from one of your associate on the subject of their dealing with you. …We look forward to your urgent response. Before we take action on you”

As you can see, the author of this email does not pay much attention to the rules of standard English. Remember, though, that the goal is to only interact with people who would believe an email such as this one would really come from the BBB. Anyone savvy enough to spot the errors and understand that a national company would never release such a message is probably too worldly to fall for the BBB complaint phishing scam including the email address from “report@bbbcomplain.com”.

However, there is a dangerous aspect to the BBB complaint phishing scam, that being the instructions (removed from the middle of the message for brevity) telling the recipient to download the attachment in order to read the complaint against them. It is noted twice in the email that it must be downloaded to a computer to be read, which is actually not true. The goal is simply to get you to open the attachment, which will undoubtedly install harmful software on your computer.

In order to avoid scams like the BBB complaint phishing scam—even if there is a chance that the message is legitimate—make it a habit to never click a link, download a file, open an attachment or any other dangerous response. Even if you recognize the sender’s name and email address, do not click or open anything unless you were expecting it since their account could have been hacked or spoofed.

Also, learn to be a little bit of a “message detective” when you receive a strange email or text. Is the grammar up to par? Are there strange salutations, like “Dearest Sir or Madam” or simply “Attn” instead of a formal greeting? Do you even have an account with the bank the email supposedly came from? Or in the case of the BBB complaint phishing scam, do you even own a business? If not, how would you be cited by the BBB for complaints about shady business practices?

Remember, scammers do not care if you actually have an account or own a business. All they need you to do is be curious enough to click that attachment. From there, they can root through your computer and find what they want. Do not fall for it.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Adobe Account Information Leaked After Server Left Unsecured

Be on the Lookout for 2020 Census Scams

Hy-Vee Cards Stolen in Recent Data Breach Are Fetching a Higher Price on Dark Web Websites

According to our 2018 End-of-Year Breach Report, there were a total of 135 financial, credit and banking data breaches, exposing 1,709,013 records last year. In the report, banking/credit/financial had the third-highest amount of data breaches of the five industry categories the Identity Theft Resource Center tracks. Of all the data breaches recorded in 2018, hacking was the most common form of data breaches. That trend has been noticeable throughout our 10,000 Breaches Later blog series and continues to play a role when it comes to financial, credit and banking data breaches.

Sign up for our ITRC Monthly Breach Newsletter for more information on these data breaches.

This is one of many reasons why the ITRC  has been working to empower financial, credit and banking identity theft victims with the resources they need to resolve their cases since 1999. That includes helping people proactively reduce their risk of becoming a victim of identity theft. Since 2005, the ITRC has recorded over 10,000 publicly notified data breaches with monthly and cumulative end-of-year reports.

Last month, we looked at some of the largest government and military data breaches. Now we shift our focus to the top five most impactful financial, credit and banking data breaches (as well as a bonus breach) for consumers.

Capital One

Just three months ago on July 29, 2019, Capital One announced that a hacker had gained access to 100 million U.S. and six million Canadian Capital One customers’ accounts and credit card applications in March of 2019. Individuals and small businesses were affected by this data breach that disclosed names, addresses, dates of birth, email addresses, credit scores, credit limits, payment history and balances. Roughly 140,000 Social Security numbers (SSNs) and 80,000 linked bank account numbers were also exposed. At the time of the breach, the ITRC urged consumers to take action, freeze their credit, be aware of scams and to document all of their steps they were taking if they were impacted (utilizing our ID Theft Help App as one tool). This breach was particularly impactful due to the high amount of SSNs and bank account numbers exposed and the gigantic amount of accounts accessed. A stolen Social Security number can lead to multiple types of identity theft, including financial identity theft, government identity theft, criminal identity theft, medical identity theft and utility fraud.

JPMorgan Chase & Co.

First reported in August of 2014, JPMorgan Chase & Co. experienced a cyberattack that allowed hackers to access the personal information of 76 million households and seven million small businesses. The information accessed included names, addresses, phone numbers, email addresses and internal JPMorgan Chase & Co. information of those users. Customers affected by this breach were those who used Chase.com, JP Morgan online, Chase Mobile and JP Morgan Mobile. Many JPMorgan Chase & Co. customers were impacted because JPMorgan Chase & Co. did not have to send out notification letters to affected consumers in many states because the breach did not expose sensitive information like account numbers, passwords, dates of birth and Social Security numbers. Instead, Chase posted a blanket statement on the homepage of their website. That left some individuals affected on their own to figure out what to do.


Credit card processing company, CardSystems Solutions, Inc., discovered in May 2005 and reported one month later that they had experienced a  data breach in which a hacker was able to insert a virus into the computer system that captured customer data. Around 40 million Visa and MasterCard credit and debit card accounts were affected. Following the breach, Visa said it would continue to work with CardSystems when the case was resolved. MasterCard said that it would give CardSystems a limited amount of time to demonstrate compliance with MasterCard’s security requirements. The data breach led to Visa and MasterCard dropping CardSystems as their credit card processor. An important point for consumers to understand in this instance, in particular, is that many institutions utilize third-party vendors that can have a detrimental impact on their data even if the consumer is as vigilant as possible.

BNY Mellon Shareowner Services

On February 27, 2008, Bank of New York Mellon (BNY Mellon) lost a box of backup tapes in transit to a storage facility that contained the names, addresses, dates of birth and Social Security numbers of 12.5 million customers. Connecticut Attorney General Richard Blumenthal said he was alarmed and deeply concerned at the time of the breach. Notification letters were sent to those affected in May and the breach had such a large impact the bank went on to hire more customer service representatives to handle the influx of calls from concerned customers. This is a reminder that if you are impacted by a breach, it is important to take the necessary steps to protect yourself.


In October 2015, retail stock brokerage firm, Scottrade, INC., disclosed that hackers had stolen client contact information and SSNs for 4.6 million customers. In an email notice sent to customers, Scottrade said that although SSNs, email addresses and other sensitive data were contained in the accessed system, they believed that only client names and street addresses were the focus of the hack. However, the company said it would offer those affected identity theft protection services “as a precaution.” At the time of the breach, federal authorities were also investigating similar thefts at other financial services companies. It is important for consumers to realize that even if a company believes that only certain records where the targets, any data that may have been compromised opens those impacted to much more risk than an organization may communicate in its notification.

Bonus Breach: First American Financial Corp.

In May 2019, it was reported that financial services corporation, First American Financial Corp., had been exposing a massive 885 million real estate and mortgage-related documents through its website. By simply altering a nine-digit record number attached to a transaction link, users were able to potentially pull up other transaction documents containing information such as names, phone numbers, addresses, driver’s licenses, Social Security numbers, bank account numbers and statements, mortgage and tax records and wire transactions receipts. In an update posted by First American regarding the financial, credit and banking data breach, the investigation only identified 32 consumers whose non-public personal information was likely accessed without authorization. This breach could have led to mortgage fraud where a hacker tries to take out a loan in the victim’s name as well as other types of fraud like title fraud.

As we recap the last 10,000 breaches, the ITRC hopes to help those impacted understand how to minimize their risk and mitigate their data compromises. If you have received a data breach notification letter, call us at 888.400.5530 or LiveChat to talk with a live-advisor on what you should do.

In our final 10,000 Breaches Later blog, we will take a look at some of the biggest education data breaches since 2005 and the effect they have had on children, parents and teachers. For a look at all of ITRC’s 10,000 breaches blogs, visit https://www.idtheftcenter.org/10000-data-breaches-blog-series/.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

10,000 Breaches Later: Top Five Military and Government Data Breaches

10,000 Breaches Later: Top Five Medical and Healthcare Data Breaches

10,000 Breaches Later: Top Five Business Data Breaches

A lot of data breaches are the work of highly-skilled hackers who use technical know-how to infiltrate a company’s cyber defenses. Others are not so elaborate, such as when a low-level criminal sends a phishing email to a company employee, one that contains a virus purchased on the dark web. While those two malicious scenarios involve different ability levels, there is a whole other possibility for data breaches, that being accidental overexposures. The Adobe account information leak followed a similar scenario.

When a company employee allows information to simply exist in a way that anyone can steal it, it is called an accidental overexposure. Unfortunately, recent news has demonstrated that far too many businesses are storing their sensitive data in cloud-based storage solutions, then failing to secure it.

As the recently announced Adobe Creative Cloud breach, leading to Adobe account information leaked shows, all it takes is uploading a few customers’ login credentials—or in this case, about seven million customers’ data—to a cloud-based storage bucket and then not switching the default setting of “no password required” to a password-protected option.

Security researcher Bob Diachenko and Comparitech discovered the database of emails, usernames and product selections online, available to anyone who stumbled upon it in their web browser. While some estimates show that the database was left exposed for about a week, there is no way of knowing how long it was visible. The experts who found it alerted Adobe, who secured the database that same day after Adobe Account information leaked.

Unfortunately, with such a common occurrence as this, there is really only one recourse consumers have. It is imperative that all tech users rely on strong, unique passwords for all of their online accounts, and that they change these passwords regularly. That way, if a database is left exposed and a nefarious actor discovers it, the password contained in the database will be useless because it is outdated.

Also, as the information contained in this breach event shows, learning how to spot spam and phishing emails is another way to protect yourself. With limited information such as this, scammers can easily send users emails that masquerade as communications from Adobe, even going so far as to list the exact products the recipients use. Be alert to this kind of tactic, and know how to protect yourself from emailed threats.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Hy-Vee Cards Stolen in Recent Data Breach Are Fetching a Higher Price on Dark Web Websites

Millions Of Venmo Payments Accessed Publicly

Best Western Open Database Exposes Government Records

If you have never heard of e-skimming before, you probably want to educate yourself, especially with the holidays right around the corner. You may have heard warnings over the years about criminals tampering with credit card swipe systems at stores, gas pumps and other point-of-sale consumer stations. This tampering, known as “skimming,” happens when someone inserts a thin film into the card reader that steals your information and allows the thief to use your account. It is rare that the process is instantaneous, though, as typically the thief has to come retrieve the skimmer in order to download all of the stolen data.

Cybersecurity experts have now uncovered a new threat that works the same way, e-skimming, although it gives the criminal instant access to your account. Even worse, the criminal does not have to tamper with any physical systems and can pull it off from anywhere in the world.

E-skimming happens when a hacker inserts malicious credential-stealing software into a retailer’s website. You think you are checking out with your credit card or debit card—because you are, and your items even arrive as intended—but the hacker is stealing your payment information from the shopping cart in real-time. They may even be using your card or selling the information on the Dark Web before you are done with the transaction.

Unlike physical card skimming, you cannot simply look at a website and tell that a hacker has tampered with the system with e-skimming. The website owner themselves may not even know unless there is an investigation. However, there are some things you can do to protect yourself.

Enable alerts on your cards

Card Not Present” transaction alerts are a good idea anyway, and they are one of your best defenses against e-skimming. This alert, usually sent by text or email, comes from your card issuer and lets you know anytime your card is used to make a number-only purchase. As soon as the transaction is processed, the alert is issued. You can contact your bank immediately and stop the payment from going through, as well as close that card and order a new one.

Monitor your account

It is important that all consumers take a routine peek at their bank and card accounts in order to make sure there is nothing suspicious going on. Your card may be used or sold by a hacker, and there can be a limited window of time for you to dispute any charges in order to avoid accepting responsibility for them.

Use trusted websites and look for HTPPS

Hackers have a fun game of seeing who can earn the most credibility by taking down bigger and bigger targets. However, the more trusted and secure the retailer, the more likely they are to have strong security protocols in place. Avoid sites you are not familiar with, no matter how great the advertised deals are.

Consider a low-limit card for online purchases

Especially with holiday shopping coming up, you might consider a low-limit credit card for use on the internet. It can help reduce the amount of damage a hacker can do if your card information is stolen online.

Pre-plan your holiday shopping

If you are doing a lot of online shopping in the next few weeks, it is a good idea to plan what you will be buying and from which retailers. First, it will help you stick to your holiday budget, but more importantly, you will not be lured into opening dozens of online accounts and spreading your spending around. Limiting where you shop can help reduce your risk of encountering an e-skimmer.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Don’t Get Scrooged by a Holiday Scam

Boss Phishing Bah Humbug: Don’t Fall for this Holiday Scam!

Millennials at Risk of Identity Theft – This Holiday and Year Round

Can you handle this? 👑 🐝

We’re excited to announce that we have switched our social media handles to @IDTheftCenter and we thought we’d drop the news like a Beyoncé album.

Be sure to follow us on FacebookTwitterInstagram, and LinkedIn for tips to protect your identity, news regarding scams and data breaches, and upcoming events.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

TikTok Platform Found to Be Full of Scams and Fake Accounts

The Most Dangerous Celebrities Online: Being a Fan Can Lead to Malware Attacks

Facebook Lottery Scam Brings Attention to Hoaxes, Phishing Attempts and Account Takeovers

The 2020 census is approaching next spring, and forms are already being compiled to be mailed to U.S. households. With any large political event or happening, scammers try to take advantage of the public and this could soon mean a rise in census scams.

This important process comes around every ten years, and it helps with things like ensuring a region has adequate representation in Congress, adequate school funding and is cited in scientific research and social surveys. However, it is also time-consuming and can feel really invasive. Page after page will ask questions that might not seem to be anyone’s business. What is your household income? How many cars do you own? How many children do you have and how old are they? How many televisions do you have?

Increase in Government Imposter Scams

Unfortunately, there has been an increase in identity theft and fraud that masquerades as government agency communications, which could mean an increase in census scams. Scammers try everything from claiming your Social Security number has been suspended to threatening you with police action for unpaid taxes. They can even spoof their email address or phone number on your caller ID to seem legitimate.

There is every reason to suspect that scammers will take advantage of the publicity surrounding the 2020 census in order to steal your information as part of a census scam. They may even threaten you with jail time if you do not immediately pay a fine since it is technically a crime to not fill out the census.

Here are some things to remember that will hopefully help you spot census scams:

The official website

The website for the Census Bureau is census.gov, and the specific website for the 2020 census is 2020census.gov. However, a scammer could easily buy the domain for 2020census.com or spoof their email by swapping a capital 0 for one of the zeros in the number. Remember, caller ID and email domain names are not proof that the person is legitimate.

They will not call you

If the Census Bureau tried to call every U.S. household and take their census data over the phone, we would be ready for the 2030 census before they were finished. They will not call you and request your information, no matter what your caller ID says. They will also not email you a link to complete it online, so never click a link in an email unless you are expecting it. If you get a call, it is a census scam.

They might come to your house, but will not request anything

In some areas, government volunteers serving as census takers will knock on doors. However, they will not request Social Security numbers, bank or credit card numbers or any other payment information. They will also not ask for payments for their time or for the postage on your forms, no matter what the person claims.

The police are not coming to your house

Regardless of what the person on the phone says, the police are not being sent to your house for failure to fill out the census. Yes, it is required under the law and it is vitally important for a variety of reasons, but the police are very busy. The caller who claims you can simply pay some kind of fine over the phone, especially with prepaid debit cards or iTunes gift cards, is lying to you. It is a census scam.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Worst Places in the U.S. for Identity Theft

Facebook Lottery Scam Brings Attention to Hoaxes, Phishing Attempts and Account Takeovers

California Improves Outdated Privacy Law with Biometric Protection

Individuals are reporting a new Venmo scam that tries to overpay you out of the blue but why would a scammer want to pay you? There is no limit to the creativity scammers can employ when they are trying to separate you from your money. Worse, as new technologies and platforms emerge, scammers come up with even more ways to take advantage of their victims.

A new Venmo scam that relies on the Venmo peer-to-peer payment app has users and security experts alike scratching their heads, trying to determine how exactly scammers can benefit and victims can be harmed. Venmo, owned by PayPal, lets you send money instantly from a stored credit card, bank account or pre-loaded Venmo card to anyone with an account. It is a great way to pay your friend for your part of the rent, for takeout food they brought over or concert tickets they bought in order to ensure seats located together.

What do you do if a stranger on Venmo sends you a suspiciously large amount of money? Some potential victims from the Venmo scam have received as much as $1,000 from someone they do not know, only to receive a strange message: “Sent to you by mistake, please return the money.”

It is already starting to sound fishy.

A lot of people have confused this Venmo scam with a fake check scam. In a fake check scam, someone sends you a check, you cash it, then you either return a portion according to their directions or make some kind of purchase on their behalf, such as buying them gift cards or sending them electronics. Once the bank finds out the check was fake, though, that money actually came out of your bank account.

In this Venmo scam, the best guess is that the scammer is only using you and you do not actually come to any personal harm at first. The scammer uses a stolen credit card number to send you money and says, “Oops! Can you send that back?” You actually see the money sitting there in your account and you do not really know that this person is a criminal. So you do it.

Most likely, the scammer withdraws the money to their Venmo card instead of back on the original credit card. They might also delete the stolen credit card from their account and submit their own card in its place so that the money you are sending them goes to their personal card.

First, you might wonder how anyone could make such a ridiculous mistake as to send you $1,000. Sadly, it happens. With Venmo, you do not have to have any kind of approval in order to look up someone’s name and try to send them money. However, that is exactly what the scammers are counting on.

Second, you might be tempted to think, “It is not affecting me in any way, so I do not mind sending it back to them.” That can be a dangerous tactic, though. It is unclear whether or not this scam is actually impacting the recipient of the money, but more importantly, you would now be taking part in money laundering of stolen funds.

Third, there is that little voice that might be telling you, “You do not have to send this money back! After all, you would be stealing from a scammer. They deserve it!” Not exactly. Remember, the money still came from someone’s stolen credit card and that person is a victim. When the victim discovers the charge on their card and sees that it is a Venmo transaction, the company may be more than happy to tell them which Venmo user it went to. In this case, that would be you.

Some users affected by this Venmo scam have reported that they tried to contact Venmo and the results were not very reassuring; they were simply told, “Sure, refund the money.” After all, accidents do legitimately happen.

If you are at all concerned about how this Venmo scam could affect you, reach out to law enforcement for support. Some forum users have stated they returned the money only after waiting for a reasonable amount of time, but again, that advice is more for avoiding a fake check scam. You can also contact Venmo and discuss suspending your account once you do return the money so that no further transactions can go through from that sender.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Venmo Scam Targets Payment App Users

Millions Of Venmo Payments Accessed Publicly

Payment App Protection: Keep Scammers Out of Your Accounts

Dark web websites contain a lot of stolen information, and that now includes Hy-Vee cards selling at unusually high prices. When an identity thief steals your information, you might be surprised to discover how little you are actually worth, at least when it comes to posting your data for sale on dark web websites. Hackers often fetch as little as $1 apiece for complete identities, largely because they can sell them to multiple people and because they often upload entire databases containing thousands of identities at a time.

However, a recent data breach shows an alarming departure from the ordinary. Hy-Vee stores suffered a breach in which customers’ credit card information was stolen, and these and other Hy-Vee cards are now appearing on dark web websites for as much as $17 to $35 each. What brought on such an unheard-of price increase?

First, these Hy-Vee cards are verified to work. Unlike phony cards or even ones that were stolen from your wallet, for example, this is a massive trove of card numbers that were used recently. If they were listed for sale on dark web websites before Hy-Vee was notified of a breach, then there would have been no reason for the cardholders to cancel them. Even if a client bought a hundred or a thousand sets of card numbers, some of the Hy-Vee cards should still be working.

Security experts say that credit cards have begun fetching a higher price overall recently, possibly due to the ability to use a credit card online before even paying the thief who stole them, just to prove they still work. From there, criminals use the cards to buy high-priced items that they can sell for a quick profit on dark web websites.

Remember, if you receive a data breach notification letter, it is important that you take it seriously. Follow the steps outlined in the letter and contact your credit card company immediately if your card was affected.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

California Improves Outdated Privacy Law with Biometric Protection

How Zombie Apps and Accounts Can Come Back To Life

Worst Places in the U.S. for Identity Theft