The Federal Trade Commission (FTC) announced July 24, 2019, that they have reached a settlement with Facebook, Inc. The social media giant received the largest fine in history for violating consumer privacy and were ordered to pay $5 billion – roughly 20 times the last largest fine of this kind. This comes less two years after Cambridge Analytica was found using millions of Facebook users’ data that brought the companies privacy practices into the limelight.

As part of the Facebook settlement, the FTC has ordered the company to make changes to their current standards of privacy. The changes will start at the board level – and will trickle down through their executive ranks – including increases in transparency and holding individuals within the organization accountable.

What Does This Mean for Social Media Users?

Just within the United States and Canada, 185 million people use Facebook on a daily basis. This enormous number represents just how integrated the company is in the daily lives of citizens and does not even account for the other Facebook, Inc. entities, like Instagram and WhatsApp.

Social media users should expect to see more updates and changes to privacy policies on Facebook, Inc. applications. Similarly to the last time Facebook updated their privacy policy, other social media companies – like Twitter and Snapchat – are likely to proactively update their standards as well. This means users will probably be receiving emails and in-app notifications of updated privacy policies. It also means they might have more control over the information they choose to make available to Facebook and third-party partners. Identity Theft Resource Center always encourages users to read privacy policies in order to know exactly what companies can do with your data. We also highly recommend reviewing your current privacy settings on all online accounts to make sure you are comfortable with the information shared.

When these changes are expected to roll out is unknown, as Facebook’s settlement with the FTC is a 20-year plan. Likely, initial changes will likely start to happen within the coming weeks and continue to be updated on a regular basis. Users may not see immediate changes to their how they are able to interact with the platform or its sister properties, Instagram and WhatsApp.

What Does This Mean for Facebook?

On Facebook’s website, the company says this decision has come after months of negotiations with the FTC. The statement also says the settlement will require a “fundamental shift” in Facebook’s approach at every level of the company in terms of privacy and that they hope to be a “model for the industry.”

Requirements of the Facebook settlement include establishing an independent privacy committee, removing CEO Mark Zuckerberg from complete control over decisions that affect user privacy. Compliance officers will be appointed throughout the company that will report to the FTC quarterly regarding the new privacy standards being upheld. Also, third-party assessors will be evaluating Facebook and identifying any issues.

Additionally, Facebook will be required to document cases when data of 500 users or more is compromised and notify the FTC within 30 days of the discovery.

On top of the $5 billion fine from the FTC, Facebook will pay an additional $100 million to the Securities and Exchange Commission (SEC). This fine came after it was discovered Facebook made misleading claims about the misuse of user data. The SEC’s statement said Facebook acted as though the situation were merely hypothetical when they knew the data had in fact been misused. The $100 million fine is the highest penalty to be paid because of this type of lack of disclosure according to the SEC.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Facebook Rolls Out Privacy Updates – Here’s How To Check Your Settings

New Tool Helps Consumers Make Sense of Data Breaches

What Does the Equifax Settlement Mean for its Data Breach Victims?

 

By Eva Velasquez, CEO & President of Identity Theft Resource Center

The Equifax data breach of 2017, exposed the personal identifying information of over 148 million Americans. One Hundred Forty-Eight Million. To not be affected by, or know someone affected by the breach was nearly impossible. The data exposed was some of the most personal, like Social Security numbers, full credit histories, financial account information and names and addresses. The breach had a strong negative impact and broke consumers’ trust. Equifax – one of the three main credit reporting agencies (CRAs) – was widely regarded as a dependable company and a necessity to work with to be able to secure lines of credit. Americans gave them personal information in exchange for a necessary service, and Equifax failed to protect them.

Now, an Equifax data breach settlement has been reached in the case of the 2017 incident. The credit reporting agency will pay up to $700 million, the largest breach settlement to date. The funds will be split between paying civil penalties and compensating victims. While a large amount of dollars dedicated to Equifax’s efforts to correct their wrongs can be seen as a good thing, the way these dollars will be dispersed among the effected population is relatively unclear.

At least $300 million and up to $425 million of the settlement will go toward victim redress. This includes providing free credit monitoring, reimbursing victims who paid out of pocket to protect or recover their identity and offering identity recovery services. However, the weight will still be placed on the consumers. Victims will have to file a claim, a process that still has not been disclosed, to receive any of the compensation pool. For now, the Federal Trade Commission is recommending that victims save all physical evidence of efforts to secure their identity because of the Equifax data breach and sign up for email updates. Putting the burden of proof on the consumer, not the company responsible for the breach.

Many questions remain: What victims will qualify for reimbursement? How will victims provide accurate evidence of their efforts and misfortunes? Is this fund only for victims who purchased identity theft services? What is the option for victims who did not have the resources then or now to purchase paid services or avail themselves of free services like those Identity Theft Resource Center provides?

Read next: How to File an Equifax Claim for Data Breach Settlement

If all victims filed claims and funds were distributed equally to all 148 million people, each would receive fewer than $3.00 in funds or cost of assistance. This does not accurately reflect the true value of the data that was compromised. Additionally, while the free credit monitoring services offered can span up to 10 years – a large increase from the historical settlement of 1-2 years – identity theft has no expiration date. The threat of identity theft does not decrease as more time passes from the date of the breach. The victims are perhaps more vulnerable as time goes on and they become less diligent in reviewing potentially affected accounts. Personal identifying information can be used to commit identity theft or fraud no matter the date it was exposed. There is no timeline for identity theft, but there is a cap on how many years Equifax will provide free services to victims per the settlement.

The other $275 million of the settlement will be used to pay civil penalties – $175 million to 48 states, Washington D.C. and Puerto Rico and $100 million to the Consumer Financial Protection Bureau. We believe the best use of these dollars would be funding consumer assistance programs within these organizations to continue to help victims of this and other data breaches.

In addition to the monetary payout, the settlement also requires Equifax to comply with more rigorous security standards. While this is not as flashy as a large dollar amount, it is perhaps even more important. It is the industry saying we need to hold our companies more accountable for the privacy of consumers. These standards include regular audits, dedicated staff for security and third-party safeguards. While a step in the right direction, companies must remember the speed of which the industry changes. The best security standards by today’s measures might be the worst a year from now. We must continue to petition businesses to protect consumer privacy and urge consumers to take the necessary precautions to minimize their risk of identity theft and fraud.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us.

If you are a member of the media and would like to contact ITRC regarding the Equifax breach, please email media@idtheftcenter.org.

For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

How to File an Equifax Claim for Data Breach Settlement

New Tool Helps Consumers Make Sense of Data Breaches

How To: Place a Free Credit Freeze

In 2017, criminals accessed Equifax’s database of consumers exposing the personal identifying information of over 148 million Americans. Equifax, one of the three main credit reporting agencies (CRAs), noted that Social Security numbers, addresses, birth dates and credit card information were all apart of the information exposed. This data breach created an increased risk of identity theft for millions of Americans. Now over two years after the breach was reported, a settlement has been reached. Details are still emerging but it’s important to understand the basics of what we know today.

The Equifax settlement agreed to pay up to $700 million dollars for harms caused by the data breach – the largest monetary settlement in data breach history. In the settlement, filed on July 22, 2019, Equifax agreed to spend up to $425 million to help the victims of its 2017 data breach. An additional $275 million will be spent to pay civil penalties. Also included in the Equifax settlement is the requirement to update security protocol and increase measures to protect consumer information.

If your information was exposed in the data breach, Equifax should have notified you directly via mail. A part of the settlement, a new breach claim site will also have a tool for consumers to check if their information was exposed. If you were affected by the breach, the Equifax settlement is offering certain benefits to minimize your risk of identity theft.

Settlement Benefits for Victims

First, Equifax will provide a total of up to 10 years in free credit monitoring services. The first 4 years will be provided for all three major CRAs – Equifax, TransUnion and Experian. Then Equifax will provide the services for monitoring their report for an additional 6 years. If you were a victim of the breach and a minor, even more services are available at no cost. If victims choose to opt-out of the free credit monitoring option, they may be eligible for a $125 cash payment.

Second, victims who have already dedicated resources to protecting their identity because of the Equifax breach could be reimbursed up to $20,000. This includes time spent protecting your identity or efforts to recover it. It also includes any money spent like the cost of lawyers or fraudulent financial charges. It’s unclear what the specifics behind how to obtain this reimbursement, but consumers will most likely bear the burden to prove the impact in order to receive compensation.

Finally, if you did fall victim to identity theft because of the breach Equifax is providing free restoration services. These services are offered for up to seven years and can be used if someone steals your identity or if you are a victim of fraud. Again, it’s unclear how consumers will have to prove that they were directly victimized as a result of the breach, but as details emerge we will share information.

As of July 24, 2019, the settlement administrator is now accepting claims. The deadline to file a claim is January 22, 2020. Find the full details here: https://www.equifaxbreachsettlement.com/

Read our guide on How to File an Equifax Claim for Data Breach Settlement

Beyond the financial impacts of the breach, nearly 90 percent of respondents said they experienced adverse feelings or emotions within one year of the initial event as reported in The Aftermath: Equifax One Year Later study by Identity Theft Resource Center.

Stay Updated with Alerts

The Federal Trade Commission (FTC) says the settlement is still in process and claims can be made after court approval. The FTC is regularly updating information as it becomes available at ftc.gov/Equifax.

Steps to Reduce Your Risk

Being a victim of the data breach does not automatically make you a victim of identity theft; however, it does greatly increase your risk. There are some steps ITRC recommends that can reduce your risk of identity theft. You can also call to speak with one of our expert advisors at no-cost at 888.400.5530 or livechat to learn more about your risk and preventative measures.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

How to File an Equifax Claim for Data Breach Settlement

How To: Place a Free Credit Freeze

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

 

There are countless moving parts when it comes to planning your wedding, and many of those parameters can lead to scams and fraud. Wedding scams can turn your dream day can turn into a nightmare.

Say yes to the dress but no to scams. Wedding dresses that do not look like they did online and photographers who do not produce the photos of your big day despite advance payment, are just the tip of the wedding scam iceberg. Some bride and groom related scams can lead to identity theft, online account takeover and even home invasions. Here are just a few possible ways those planning a wedding can fall victim to a scam.

Social Media Oversharing

Your engagement means you will be planning a wedding, booking a honeymoon and perhaps looking for a new place to live. It could even mean expensive gifts will be arriving at your residence. Social media is great for keeping your friends and family updated on your wedding preparations, but it can also have some pitfalls.

If you do not choose to keep your posts private, then you need to be on your guard against too-good-to-be-true offers and advertisements. Worse, a bride-to-be could be sharing both her married name and her maiden name with a would-be identity thief, or alerting a burglar to a possible payday.

Honeymoon Travel

Whether you are taking a far-flung distant trip of a lifetime or a more low-key weekend getaway, your honeymoon does not need to be ruined by a travel scammer. From phony listings, reservations that steal your credit card information and bookings with bogus hidden fees, there are a lot of ways someone can take advantage of your finances and your identity.

To avoid this trap, only use reputable sites that you can trust with your private information, and monitor the payment accounts you used carefully for any sign of fraudulent activity. Remember, this is not only true for your pre-wedding planning. Follow up in the weeks and months after your trip to make sure nothing is amiss.

Gift Registries

If you are accepting gifts from your friends and family, a gift registry really does help them out. It can provide a wide price range to choose from, and helps ensure their thoughtful gesture is really something you want or need – but no one needs identity theft.

Establishing an account with a reputable online retailer with a proven history of security gives peace of mind about making an online purchase. You will also have a better chance of receiving a tracking number for purchases, as well as customer service protection.

Credit Reports, Social Security Cards and More

Part of getting married inevitably involves your government documents. Some brides choose to change their last names, which means applying for new drivers’ licenses, Social Security cards, credit cards, insurance benefits and more. Newly married couples may also need new tax withholding forms, wills, insurance paperwork, utility or rental agreements and other similar considerations.

What it boils down to is an abundance of paperwork with your complete identities on it, waiting to be stolen, copied or forged. It is vital that newlyweds keep all of their important papers secured and out of sight, and destroy completely before discarding. That might mean adding a home-model cross-cut shredder to your gift registry, just to be safe!

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Is Deepfake the Next Step in Cybercrime?

Things to Consider When Using VPN

New Tool Helps Consumers Make Sense of Data Breaches

You might just be asking what exactly even is deepfake? Well, deepfake is the technique of superimposing existing images and videos using machine learning. You could be hearing about it more recently since the actual term was coined in 2017 but deepfake has been commonly used by the film industry for many years.

The 1994 Academy Award-winning film Forrest Gump relied on expert video editing to insert actor Tom Hanks into actual footage reels of famous historical events. From meeting different U.S. presidents to standing next to Martin Luther King, Jr. during a well-known speech, the fabrication was both entertaining and poignant.

However, was it scary? Perhaps. Could we ever again trust what we saw with our own eyes?

A new potential threat called “deepfakes” might answer that question. The concept of a deepfake, a combination of the words “deep learning” and “fake,” is a real person’s face and voice, but they have been altered to speak someone else’s words in a recorded video. That video could then be widely shared, and unsuspecting viewers might not know the difference.

Some of the most widely viewed deepfakes involved celebrities who appeared to be starring in adult videos, except they had never actually filmed in those situations. The infamous deepfake video of former President Barack Obama portrays him using profanity while appearing to look directly into a camera for an interview, something he never recorded.

While those celebrity sex tapes and the Obama video got a lot of attention, the bigger concern is what happens when it is not a famous person and not obvious the video is fake? What happens when it is an executive within your company sending a video message over a messaging platform, telling you to change account numbers or passwords? What if it was your grandchild claiming to be kidnapped and needing ransom money right away? What if it was your face and voice, agreeing to have your account numbers changed or authorizing someone else to use your account?

When identity theft first began to be recognized as increasingly widespread crime, victims discovered that law enforcement agencies’ hands were tied. There were no laws enacted to protect victims. As laws changed around the country to respond to ID theft, more consumer protections were put in place.

Deepfake can be a crime depending on how it is used. Making an altered image of someone engaged in an embarrassing situation is becoming a crime in certain places under “revenge porn” laws. If the deepfake is used for things that are already a crime, such as stealing money from the victim’s bank account or workplace, then it could be covered under existing theft laws. If someone merely posts a video of your image and voice saying things you do not agree with, it might not fall under existing identity theft laws.

Fortunately, the chances that video editors with this kind of skillset will target individual citizens just for entertainment is small. What you have to be concerned with is its believability. As the old adage says, you cannot believe everything you read on the internet. Now that goes for what you see and hear as well. Make sure you are using caution and discernment before sharing content or making significant decisions based on video evidence because it could be a deepfake.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

How To Spot a Fake Website

Things to Consider When Using VPN

New Tool Helps Consumers Make Sense of Data Breaches

The internet may be abuzz once again with users sharing images from their FaceApp filters, but security experts are treading carefully. The AI-powered photo editing app, which provides fun filters to enhance your pictures of your face, became a viral sensation when it launched in 2017.

When it first became popular, FaceApp had a fairly convincing filter that would change the gender appearance of the person in the photo. Now, it is once again sweeping social media for its old-age filter. Everyone from school kids to celebrities are sharing pictures of how they are going to look when they are nearly 80-years-old.

However, it is not exactly harmless fun. The terms and conditions for this Russian-owned app have alarmed some security experts and privacy attorneys. The app developer being outside the U.S. is not why it is problematic. In fact, their servers where the photos are stored are located in the U.S., Ireland, Singapore and Australia, and are hosted by U.S. companies like Amazon and Google.

What has raised red flags for experts is where the photos are stored. Rather than applying the filter to the image in the phone the way a colorizing filter might happen, the user must submit the photo to FaceApp’s servers in order for the filters to be applied. Those photos are then kept on the server, and the terms and conditions state that FaceApp can do nearly whatever they want to with the photos once the user submits them.

Reactions have ranged from “no big deal, lots of companies have users’ photos” to “this just proves they are developing facial recognition software to spy on us!” What are we actually supposed to believe and what are we supposed to do about it?

The first answer is simple: nothing. If you are not concerned with your photo being used by a third-party company, then carry on. There were initial concerns that uploading one photo actually gave access to your entire camera roll in your phone to FaceApp, but that does not appear to be the case.

If you are someone who values your privacy in these matters, then this might be one of those apps that is not for you. If you do not want your children using this app, or their friends uploading your child’s picture, then you need to have a talk with your kids about digital safety and security. If you are worried about the future of facial recognition software being used in harmful ways, then you might not want to add your picture to the database of more than 150 million users’ photos that FaceApp has already collected.

The biggest issue with this news is not what FaceApp could be doing with it. Rather, how users have become very quick to download and use the latest fun app without really paying attention to the terms and conditions. If you do not know what permission you have given an app, how will you know if the app does something you are not comfortable with?

Remember that it takes money to build a platform or an app. If someone is letting you use it for free, you should proceed with caution. They are getting paid somehow, and in many cases, their income is from the user data they sell. If you are not having to pay to use it, either advertising dollars or your information are probably providing that revenue. Again, it might be harmless data that you do not mind sharing, but if you did not understand the terms and conditions, you could find out its information or purposes you are not comfortable with.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Is Deepfake the Next Step in Cybercrime?

Things to Consider When Using VPN

New Tool Helps Consumers Make Sense of Data Breaches

Ransomware attacks have risen steadily in the past few years to become a widespread, costly form of cybercrime. This attack, which happens when someone infects a computer or network with harmful software and demands payment to remove it, has hit every kind of industry and business and can affect companies and consumers alike.

The first problem with ransomware is there is no guarantee that paying the ransom will restore access to your files, hardware or network. It is a dangerous gamble, and while sometimes it pays off, other times the hacker refuses to unlock the access even after making off with your money.

Some industries seem to have more of a problem with ransomware than others. The healthcare industry has long been a favorite target. This could be attributed to the hefty fines and penalties that medical centers can face for allowing outsiders to infiltrate information that is protected by HIPAA laws. As history has shown, the ransom is often less than the fines would be, so the hospital attempts to pay up.

Cybercrimes like data breaches and computer scams have been known to come and go. However, with ransomware, there has been a very slight decrease. In fact, ransomware attacks and the financial losses associated with them have been steadily rising with no end in sight.

The city of La Porte, Indiana, just paid a Bitcoin ransom of $130,000 to restore access to their city’s network of computers. Without access, many city functions were at a standstill. Unfortunately, that amount is pocket change compared to some ransom demands. For example, Monroe College recently lost access to everything, including email, learning systems and grades, until the hackers receive $2 million in Bitcoin.

The FBI recommends against paying ransomware attackers, and the U.S. Conference of Mayors recently passed a resolution that tells cities they should not pay a ransom in these cases. However, it is ultimately up to the victims to decide how they are going to respond.

Fortunately, there are a few steps businesses and individuals can take to reduce the risk of harm from a ransomware attack:

Backup everything on your computer

If you store all of your important files like documents or photos in an external storage source, then the worst that happens is you have to buy a new computer. For businesses, that expense can be more significant, but usually not more than the ransom would cost. The stored files are put on the new computer, and the money you would have given to a criminal is instead spent on brand-new hardware.

Up-to-date cybersecurity software

Keeping your antivirus and anti-malware software updated and installed can go a long way towards preventing harmful software from infecting your computer or network in a ransomware attack. It is not going to stop every single threat, but if you regularly update your security software with the latest fixes sent to you by the developer, you will be protected from a lot of harmful software.

Never click unknown links or attachments

One of the easiest ways for ransomware to infect your computer is through a phishing attempt. When a hacker sends an email that says something like, “You won’t believe these photos I found,” or “Click here to get your free $100 Target gift card,” you may be installing the ransomware for the hackers.

With proper training and good habits, you can work to avoid ransomware. If an attack does occur, contact law enforcement and IT professionals if you need assistance.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Is Deepfake the Next Step in Cybercrime?

Things to Consider When Using VPN

New Tool Helps Consumers Make Sense of Data Breaches

Savvy online shoppers look forward to the veritable Christmas in July that is Amazon Prime Day, but scammers look forward to this event too. Amazon scams account for a significant percentage of internet retail fraud so it is important that consumers know what to look for. Armed with the ability to spot an Amazon scam, you can work to avoid them while still saving big during online shopping.

Amazon scams are so prevalent simply because they tend to work. With the sheer number of Amazon and Amazon Prime customers using the website, there is a good chance that any phishing attempt hiding behind the Amazon name and logo will find its way to a customer. There is no single type of Amazon scam, but they can take on so many different forms that it can be hard to tell what is real and what is a trap.

Many online shoppers are about to embark on a two-day shopping spree full of great deals for Amazon Prime Day. However, good deals could also mean lots of scammers. This Amazon Prime Day, which runs through July 15 and 16, make sure you know how to protect yourself from these scams:

Phishing Scams

There are several different phishing scams involving Amazon, especially on Amazon Prime Day, and other retailers, but some of the more common ones include:

  • “There is a problem with your account, please click here to verify your account or change your password”
  • “Here is your receipt and shipping confirmation” for a product you never ordered
  • “Please verify your payment method”

The goal is always to get you to click an included link then enter your sensitive account information for the scammers. The link may even install a virus or other harmful software on your computer.

Discount and Coupon Scams

Amazon is not the only retailer whose name and logo are used for fake coupons and discounts. This tactic offers phony discounts of up to $100 to use on the website in exchange for filling out an online form. The coupon is not real, and the scammers have just stolen all of the information you supplied to them. These can often be seen making the rounds on social media sites like Facebook and in consumers’ email inboxes.

Review Scams

After a big shopping event like Black Friday or Amazon Prime Day, you might suddenly be inundated with requests for product reviews, whether you bought anything or not. Some of these offers will even sweeten the deal with promises of cash in exchange for your review. Paying someone for a review is a clear violation of Amazon’s terms and conditions and can lead to problems with your account. More importantly, these offers are not real. The scammer may steal your personal information, launch a spam email campaign, install malicious software on your computer or worse.

Amazon Prime Day can also lead to account takeovers. It is important to monitor your debit card and credit card accounts for any suspicious activity, and report anything unusual to your financial institution or the retailer immediately.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

How To Spot a Fake Website

Things to Consider When Using VPN

New Tool Helps Consumers Make Sense of Data Breaches

A newly disclosed smart home breach has consumers and tech manufacturers concerned. Luckily, it appears to be the work of the good guys or “hacktivists.” These cybersecurity experts infiltrate networks and find security flaws to inform the companies so they can fix these problems. In this case, they found a database containing private, sensitive information that all led back to more than one million consumers’ smart home devices.

2 Billion Records Left Exposed

Noam Rotem and Ran Locar from vpnMentor discovered a large database of information that had been left unsecured online. The database belonged to a Chinese smart home management company, Orvibo. This company’s platform allowed users of smart devices like light switches, outlets, and video cameras to manage all of their home electronics. Orvibo had left a database with more than 2 billion separate lines of information open to the internet without any kind of password protection, resulting in a smart home breach.

Anyone who knew to look for it, or who happened to stumble across it online, could find usernames, passwords, reset codes and even video recordings from home cameras. Precise GPS locations to the homes that had these devices were also included in the list, as well as the IP addresses to the homes’ computers.

How It Happened

To understand how this smart home breach happened, just look at other accidental exposure breaches that have made recent headlines. Cloud-based storage solutions like Amazon S3 web servers are automatically set to a “no password,” open default. It is up to the server account’s owner to change that setting and enable a password. In this case, companies have stored massive amounts of sensitive information online but failed to password protect it.

Potential Harms

While any data breach has the potential for some kind of harm, this kind of breach allows attackers to literally infiltrate your home through your technology. Smart locks on doors, security cameras, video baby monitors and thermostats are just a few of the devices that a malicious hacker could take over by resetting the device and changing the email address on the account.

Protecting Your Smart Home Privacy

So what can you do when it comes to keeping your smart home safe?

  • Password protecting everything at the home level, not just a once-and-done password on your account or internet connection, is a good place to start.
  • It is also important to make sure your Wi-Fi router and internet connection are password protected.
  • Be sure to, change your passwords frequently and never reuse a username and password combination.

Orvibo recommends that its customers change their device passwords immediately. This is a good idea for all smart home device users from time to time. That way, if someone stumbles on sensitive information online, it will be outdated and less likely to cause you harm.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Government Cracks Down on Robocalls

Millions of Venmo Payment Apps Accessed Publicly

Rental Car Risks: What it means for Your Identity

Dominion National, a US-based health and dental insurance provider, has recently made a startling discovery concerning a breach of its stored information. As better cybersecurity tools are developed, the time it takes to discover a breach incident, like the Dominion National data breach, and inform the victims is getting shorter. Some breaches have been discovered just hours after the fact, while others have actually minimized the damage by recognizing an attack while it was in progress.

Anything that can shorten the amount of time between a cyberattack and the discovery of one is a good thing. However, it is not always typical. In fact, Dominion Nationals’ data breach began nearly ten years ago.

An internal investigation with the help of cybersecurity experts is ongoing, but the investigation first began due to an internal alert. The findings revealed that a lot of client information was potentially accessible by unauthorized outsiders. The information included names, addresses, birth dates and Social Security numbers. In some cases, the information also included linked bank account numbers and routing numbers. Dominion National is sending out data breach notification letters but has not disclosed how many of its customers were affected by the Dominion National data breach. It is also unclear whether or not any of the compromised information was accessed by outsiders and used maliciously.

The Dominion National data breach is not necessarily isolated to just them. Any company, even ones who have suffered other data breaches or cyberattacks in the past, could uncover evidence that their data was not secure and had not been for quite some time. Even as better security tools and protocols come along, old and long-term events like this one are not disappearing.

For affected consumers, it is important to follow the instructions in the Dominion National data breach notification letter precisely. The company is offering two years of credit monitoring to those whose information is known to have been compromised. It is vital that you follow the letter’s recommendations in order to protect yourself from any further possible harm.

The Identity Theft Resource Center has been tracking data breaches since 2005, looking for patterns, new trends and any information that may better help us to educate consumers and businesses on the need for understanding the value of protecting personal identifying information.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Government Cracks Down on Robocalls

Millions of Venmo Payment Apps Accessed Publicly

Rental Car Risks: What it means for Your Identity