Online clothing reseller, StockX, has admitted that hackers have compromised their customer accounts. StockX, an online platform for reselling high-end shoes and apparel, appears to have suffered a data breach that affected 6.8 million of its customers’ accounts.

Forced Password Reset

However, that is not the newsworthy part of the story. After discovering suspicious activity on its servers that could have indicated unauthorized access, StockX sent out a forced password reset to its customers following the StockX data breach but did not state why. The information in the message requiring users to change their passwords was so vague that some questioned whether or not the email was a phishing attempt.

When a tech industry news outlet reached out to StockX for a comment on the forced reset, they were told that it was part of necessary system updates. However, that seems not to have been true. The same news outlet was later contacted by a hacker who claims to have stolen the customers’ information and posted it for sale on the Dark Web. The hacker went on to provide 1,000 records from the database to prove the StockX data breach was real.

The outlet, TechCrunch, contacted those individuals and verified that the stolen information, which contained their emails, usernames and shoe sizes from previous purchases at StockX, was accurate. At the time of the discovery, the hacker claimed the database of records had already been purchased at least once.

TechCrunch has not received any updates from StockX and their questions have gone unanswered. It is important for the public to be aware of some of the ramifications in the StockX data breach since it could happen with other companies and future data breaches.

Never Reuse Passwords

Companies actually do force password resets just to be on the safe side. If a security team discovers password combinations from previous data breaches of other companies, for example, they can compare those stolen passwords to ones on their site. If their customers have used the same email and password on this company’s website that they had on a site that has already been breached, that might trigger a forced password reset.

Never reuse a password. The hacker who made off with 6.8 million usernames and passwords in the StockX data breach is hoping that a lot of those people reused their email and password combination on their Amazon account, PayPal account, online banking account or email.

Watch for Phishing Emails

Scammers know that password reset emails are easy to fake. All a scammer has to do is steal the logo from a company’s website, make a fake email address and send it out to millions of people, telling them to click here to change their passwords. Instead, the scammers are gathering up the “old passwords” that the victims typed by following the link.

Customers who were suspicious are very smart. As a result of phishing tactics, it was incredibly savvy of the customers who reached out to the company and tech experts for advice. Never click a link you were not expecting or verify your account information for someone who contacts you.

Have Good Identity Hygiene

Change your passwords frequently, especially if you receive a notification like this one in the StockX data breach. It is simple and smart to change your passwords, just do not rely on an email with a link to do it. Go directly to the company’s website yourself and change your password in your profile settings. Ignore and delete the email, whether it was legitimate or not, and handle the password reset yourself.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Poshmark Data Breach Leads to Emails and Passwords Being Exposed 

10,000 Breaches Later: The Benchmark Breaches That Created Systemic Change 

Robocalls and What to do About Them 


The recent Choice Hotels data breach contains so many cybersecurity variables that it is difficult to process the entire breach. Three separate problems all came together to expose an estimated 5.6 million records, although the situation is not as dire as it might seem.

Problem #1 – An accidental data breach

The first issue in the Choice Hotels data breach was an exposed server. Accidental overexposure data breaches are becoming more common, and they are the result of a mishap on the part of the entity in charge of securing company information. These online storage options are basically remote servers housed somewhere else. A company logs into their account, stores all their sensitive information and pays a fee for this service. It is supposed to be more secure and allow businesses to access their data from anywhere. Too often, though, the server is left unprotected and without a password to secure it. That means literally anyone who stumbles upon it online can access all of the information.

Problem #2 – Someone found it

In many accidental overexposures, the company is alerted to the problem by an outside security researcher or helpful tech expert who discovered it. These events are still treated as serious matters since someone could have found and stolen the information quietly. In the case of the Choice Hotels data breach, someone did find it and stole the records, then left a note demanding Bitcoin payment as ransom in order to delete their copy and not tell anyone about the breach.

While this was not actually ransomware, software that infects your system until you pay the hacker’s fee, the tactic was the same. Pay up, or we sell your information and announce that you were breached.

Fortunately, Choice Hotels did not try to cover it up. They carried out a cybersecurity investigation and learned that the stolen information was far smaller than they had originally thought. It was around 700,000 records and may have only included names, email addresses and phone numbers, which is still serious, as scammers can use this information to target these customers with phishing attacks.

Problem #3 – It wasn’t Choice Hotels’ server

The third variable in the Choice Hotels data breach was an outside vendor who left their own server unprotected. While the information belonged to Choice Hotels and was, therefore, their responsibility, a third-party vendor was using the database to demonstrate a new tool that would help Choice Hotels with some aspect of service. Instead, the vendor left their server exposed and allowed the information to be accessed by a hacker.

This kind of third-party relationship has long been the weak link in cybersecurity. The now infamous Target data breach in 2013, for example, involved an HVAC company that serviced some Target stores. Hackers worked their way into the company’s computers due to lax security practices and used that connection to steal millions of payment card account credentials on Black Friday that year.

It is odd to see so many things go wrong in the same data breach, but it happens. The Choice Hotels data breach, while limited in size and potential damage, should serve as a wakeup call to businesses who are working diligently to protect their customers’ data. It is critical that businesses understand who can access information, what they can do with it, how vulnerable it might be and what harm can come about as a result.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Background Check Websites Offer Scammers Your Data 

10,000 Breaches Later: The Benchmark Breaches That Created Systemic Change 

Robocalls and What to do About Them 


The latest Poshmark data breach has led to personal identifying information (PII) being exposed for some users of the marketplace concept that lets people buy and sell clothing and beauty items.

Thanks to the abundance of websites and apps that let us buy, sell, and trade, it has never been easier to find what we love. That is the theory behind Poshmark. On the buyer side, you can look for just the right outfit from users’ virtual closets. On the seller side, you can make some money for items you have already got hanging at home.

Unfortunately, a platform like that will draw quite a few users, which can put it in a hacker’s crosshairs. The company announced it had discovered a data breach of its servers, and it has now helped to specify what types of information were compromised.

The information exposed in the Poshmark data breach appears to be limited to variables like email and username, as well as some shopping preferences like common sizes and encrypted passwords that are not supposed to be visible even if a hacker accesses them. However, to be on the safe side, Poshmark recommends changing your password if you discover that your information was affected by the Poshmark data breach.

Check Where Your Info May Have Been Compromised

There are a couple of handy tools that can help keep internet users safe. The first is a fairly comprehensive website known as You simply type in your email address and it will show you exactly which known data breaches have contained information related to your email. It is a good idea to try it with any email account you have, even ones that are outdated or you no longer use.

The other tool appeared as part of Mozilla Firefox’s latest browser update. By even visiting or its blog, Mozilla popped up a quick tab that explained user data had recently been stolen from that website. The option to enter your email address to check on your data was included in the popup. Other platforms offer similar tools, and they can help you keep tabs on where your information may have been compromised.

Change Your Password

Poshmark’s advice is sound. In the Poshmark data breach or any other data breach, changing your password should always be one of your first steps.

Never Reuse Passwords

Also, this serves as the most recent reminder of a crucial data security rule: Never reuse your email and password on multiple accounts. If any hackers gained this information from Poshmark, they can easily use it to cross-reference against other, more sensitive websites and apps. If any Poshmark account holders reused their passwords for their email, web retailers, social media, workplace computers, financial accounts or more, the hackers now control them. Change your passwords immediately if you are one of the many consumers who reuse your passwords, and do not forget to update them regularly just to be safe in case there is a data breach like the Poshmark data breach.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Background Check Websites Offer Scammers Your Data 

10,000 Breaches Later: The Benchmark Breaches That Created Systemic Change 

Robocalls and What to do About Them 


The internet is a great tool in many ways, but it is also filled with privacy pitfalls. Overexposed information from data breaches are now the third certainty but background check websites are a legal, affordable and easy way for someone to collect a lot of your personal information. With the right pieces of the puzzle, a criminal could even use background check information to steal your identity. One Michigan man used the large amount of information found publicly on these sites to open bank accounts in as many as 51 people’s names to which he collected nearly $200,000 in fraudulent loans.

Background check websites are perfectly legal ways for someone to find out information about you. Usually, there is a reason for an individual to pay for the data. Perhaps they are hiring a summer babysitter and want your criminal history. They might own a small business where you have applied for employment. Maybe the person is trying to serve court documents on you and they need to know key information in order to file the with the court. Again, background check websites serve a valuable purpose, even if they can be used for harm.

It is important to know that one of the safety nets that is supposed to protect the public from people who use background check websites for identity theft is nothing more than a statement on the website that the information is not to be used for identity theft.

The FBI has already uncovered multiple victims in cases where their information was purchased from a background check website then used for identity theft. As noted by Quartz, “Online identity thieves use services that provide personal information for sales leads, real estate transactions, and credit reports to steal millions, gathering details about their victims’ lives from federal, state, and local records sold by brokers like BeenVerified, Instant Checkmate, and TruthFinder.”

Until legislation is enacted that will offer stronger protection for consumers, it is up to you to protect yourself.

Watch what you share and what you sign up for

Remember, your identity is like a puzzle. The more pieces you put out there about yourself, the higher the chance a thief can connect the pieces.

Be on the lookout for phishing attempts

A background check website will not tell a buyer everything, but it can be enough to connect the dots. The rest of the filling in can occur by sifting through your social media accounts or sending you phishing emails. Practice good online safety to prevent this kind of thing.

Put a freeze on your credit report

This free option can stop identity thieves from achieving their goal, namely to open new bank accounts and take out loans in your name. By placing a freeze on your credit report with all three of the major credit reporting agencies, lenders are not supposed to be able to issue new lines of credit under your Social Security number. Remember that it takes time to thaw your credit report if you did need to take out a loan or make a large purchase.

Monitor your accounts carefully

Some of the victims of a background check identity theft had reported small amounts of money being withdrawn from their bank accounts or as fees associated with their accounts. By not ignoring those small transactions, they were able to put a stop to a much bigger crime. Look over all bank statements, credit card bills and your credit report routinely for anything unusual.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Robocalls and What to do About Them 

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

Airport Technology Risks Can Threaten Your Identity 



The unsecured Facebook server contained nearly 500 million users’ contact info including a treasure trove of usernames and phone numbers. More than 220 million of them, were found for sale online, leading to a Facebook server leak.

How much does it cost to buy access to hundreds of millions of people? Just $1,000.

According to CNET, Elliott Murray, CEO of UK-based cybersecurity company WebProtect, found the information for sale on the web forum in May. He believes it is the same list that TechCrunch reported Wednesday was found on an unsecured web server by cybersecurity researcher Sanyam Jain.

Where did this sensitive information come from in the Facebook server leak? Facebook thinks it might be related to an old feature the company has since shut down. For a while, users could locate each other by phone number rather than Facebook username. Executives realized that feature could be used to steal phone numbers and sell them for spam marketing purposes.

That is apparently what happened in the Facebook server leak. Databases of stolen information are for sale all over the Dark Web. When the database contains complete identities, thieves buy them for identity theft, fraud and even those robocalls you get on a daily basis. However, when it is just lists of email addresses or phone numbers, they still want these in order to send out spam, attempt to scam people or turn around and sell the list to someone else.

Facebook has used an important turn of phrase regarding the Facebook server leak: publicly available. That can mean that this is not “sensitive” information under data breach laws. It does mean, though, that someone did the hard work of compiling the info into an easy-to-use, easy-to-sell database.

There is no cause for concern regarding the security of your actual Facebook account from the Facebook server leak, but it is a good idea to pop into your profile settings and delete your phone number. It will not help if your number has already been posted online for sale, but it can prevent future data scrapes from nabbing your contact info.

There is another lesson to be learned from the Facebook server leak: do not overshare. If you are signing up for a new account and you see that some registration items are optional (like email address or phone number), skip them. If the company does not need it in order to establish your account and let you utilize their site, then it is just one more piece of data that can be compromised. Protect your data and only give it to those who really need it.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Robocalls and What to do About Them 

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

Airport Technology Risks Can Threaten Your Identity 



It is no secret that public Wi-Fi connections can leave you vulnerable to hacking and identity theft. However, the old wisdom of avoiding common sources of free public Wi-Fi connections is not enough. These threats are not limited to places like coffee shops, hotels, airports or even your doctor’s office. These days, more and more businesses are drawing customers with this kind of perk, and hackers have taken notice.

Passwords are also important. Some businesses reserve their free public Wi-Fi for their own customers, and as such, a password is required in order to connect. Other companies, though, do not bother with the hassle of maintaining, distributing and changing their passwords. Their guest connections are left wide open. That means your device could attempt to connect even without you taking steps to do so.

Here are a few more places where available public Wi-Fi connections might not be safe:

Retail shops

More and more businesses, especially those that encourage their customers to browse, offer free public Wi-Fi in-store. This is great for families with children, spouses or friends who need to wait on someone and even customers who want to download in-store specials and coupons. Remember, though, that connecting once intentionally can trigger that same connection any time you are near that store in the future, depending on the settings in your device.


Checking Facebook or catching up on emails while waiting in the school pickup line is a great way to multi-task, but it can also leave you at risk if you are able to connect over the school’s public Wi-Fi. Schools have long been a hot target for hackers due to the high volume of stored data, especially on younger students who have a clean credit report.

Jury lounge

Some courts have launched free public Wi-Fi in the jury duty lounge as a way to thank citizens for their service while also helping members of the jury pool be productive while they wait for their turn to serve. The connection in the jury lounge is password-protected but will be in use by a wide variety of people (including hackers).

Entertainment venues

Swimming pools, bowling alleys and arcades are providing free public Wi-Fi connections for their guests, especially parents who must wait with their kids. It is a way to make the day more enjoyable for everyone, but it can also mean hackers targeting families who are using portable devices to connect, take pictures and send updates to social media.

Common areas

Just because there are more places where your public Wi-Fi connection could lead to a hacker, that does not mean criminals have given up on their old haunts. Do not let your guard down in more common places like coffee shops and airports, and make sure your device settings prevent you from connecting automatically.

Consider using a VPN

A virtual private network is a digital tool that keeps outsiders, such as hackers, identity thieves, spammers and even advertisers from seeing your online activity. VPN is an installed piece of software on your laptop or desktop that is either stand-alone or bundled with your antivirus or security software.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Yahoo Breach Settlement Proposed for $117.5 Million

10,000 Breaches Later: The Benchmark Breaches That Created Systemic Change 

Robocalls and What to do About Them 


Thanks to a new settlement valued at $170 million, child privacy on the internet just got a little bit safer. The Federal Trade Commission (FTC) just announced the largest-ever settlement of a privacy claim against Google’s YouTube for illegally collecting data on children and using it to target young viewers with advertising. This is the largest agreement of its kind since the Children’s Online Privacy Protection Act (COPPA) was enacted in 1998.

YouTube’s stance on the child privacy matter was that the increase in the number of shared devices among family households and the availability of child-friendly content on its site means more kids might be viewing videos online. However, that does not mean the company is able to determine whether or not the viewer is a minor. If the video played on a screen, regardless of the age that content was tailored for, it may or may not have been viewed by a child.

The FTC stated that YouTube strategically positioned itself with toymakers and other companies to promote advertising on videos that target children, which violates the COPPA law.

As a result of the settlement, not only will Google pay the fine, they will also begin to take steps to prevent targeted advertising and data collection on content that is deemed to be for children. The FTC intends to conduct ongoing “sweeps” of YouTube content to ensure that this happens.

Not everyone with a say in the matter agrees with the YouTube child privacy settlement. There are some lawmakers and FTC officials who feel like this punishment is just slap on the wrist, and that there are no guarantees Google and YouTube will take appropriate action.

For many parents, targeted advertising might not seem like a major issue. After all, there are ads for children’s products and services scattered through the cable television programs that children watch. The difference here is in the intent. While YouTube may have taken steps to ensure that the ads were child-appropriate, they did so in violation of the law. That means other content could contain targeted ads aimed at children while not being kid-friendly if YouTube is not enabling stronger controls and protocols to prevent it.

For its part, YouTube’s statement on the child privacy settlement still encourages parents to limit their young children’s streaming time its kid-friendly dedicated app.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

Things to Consider When Using VPN

Should You Consider Credit Monitoring Services as Part of a Breach?

In 2013, Yahoo! Inc. announced what was at the time the largest data breach in history. Over 3 billion Yahoo accounts were exposed including security questions, emails and first and last names. Now, over 6 years later, a class action settlement has been proposed. The company will devote $117.5 million to services and reimbursements for those affected by the data breach.

The Yahoo settlement statement posted on their settlement claim website, stated that multiple breaches, starting in 2012 with “data security intrusions” and happening through 2016, occurred because “malicious actors” gained access to their systems and took personal information.

In addition to holding Yahoo accountable monetarily, the settlement statement says they will also, “enhance its business practices that will improve the security of its users’ personal information stored on its databases.”

What this Means for Victims

Residents of the United States who had a Yahoo account between 2012-2016 are eligible to receive benefits from the settlement. Understand that you will have to substantiate any real impact – financial or otherwise – in order to see any possible compensation from the settlement once it has been finalized by the court

The terms of the proposed settlement include offering all victims at minimum two years of credit monitoring, or reimbursement for those who can show proof they purchased these services out of pocket because of the data breach. Monetary reimbursement can vary in amount for each victim depending on the amount of claims filed, but is estimated to not exceed $100.

It will also pay victims back for expenses that include demonstrated losses, both in terms of dollars and time. For time spent trying to remediate the consequences of the data breach, victims will be offered $25 an hour for up to 15 hours of lost time. If victims cannot provide sufficient documentation for time lost, they will be compensated for only five hours. You will be required to provide documentation and may not be compensated for the entirety of what you are claiming.

Each breach victim can claim up to $25,000 for personal harm or reimbursement. Once again, you will have to provide proof with receipts or other listed documentation to substantiate your claim for the additional cash pay-out. Victims will not start receiving services or payments until the Yahoo settlement has been approved by the court, which may take longer than one year.

How to File a Claim for the Yahoo Settlement

Victims can file claims online or via mail before July 20, 2020. Claims can be filed to receive credit monitoring services or reimbursements for cost or time, paid user accounts and small business services. To file a claim, read the instructions Yahoo provides for each type here.

Opt-Out of the Yahoo Settlement

If victims choose, they can opt-out of the settlement by March 6, 2020. By excluding themselves from the settlement, victims retain their right to sue Yahoo on their own. If victims choose to neither file a claim nor opt out, after the settlement is finalized they will not be eligible for services or reimbursements and cannot sue Yahoo on their own.

What This Means for Victims of Data Breach

In the advent of the Equifax settlement process, the consumer is held responsible to bear the burden of proof that they were impacted by a data breach is clearly becoming the status quo.

“We counsel victims that they need to document everything that they do to remediate their cases, but now the onus is on each victim to prove that they were impacted,” said Eva Velasquez, ITRC’s president and CEO. “In a day and age when we know that our data is being used as a black-market commodity in perpetuity, holding the consumer responsible for proving that they were impacted between the time of the settlement and the breach just is short-sighted. ‘Malicious actors’ are watching all of the fall-out just as everyone else does and leveraging that intelligence just as any day-trader might leverage intel on a hot stock. These settlements don’t take into consideration the long term ramifications of every record that is compromised in a breach. The impact may not be truly realized for decades.”


About the Identity Theft Resource Center®

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nationally recognized non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft, data breaches, cybersecurity, scams/fraud, and privacy issues. Through public and private support, ITRC provides no-cost victim assistance and consumer education through its call center, website, social media channels, live chat feature and ID Theft Help app. For more information, visit:

Identity Theft Resource Center
Charity Lacey
VP of Communications
O: 858-634-6390

The Identity Theft Resource Center has been working to empower breach victims with the resources and tools to resolve their cases since 1999. That includes helping people proactively reduce their risk of becoming a victim of identity theft, especially after they were impacted by a data breach. Since 2005, the ITRC has recorded over 10,000 publicly notified breaches. Here is a look at five watershed moments that created systemic change for consumers.


In 2017, 148.8 million people were affected by this impactful data breach that through the Freedom from Equifax Exploitation Act led to credit freezes being free and regulation changes as noted in ITRC’s “Equifax One Year Later Aftermath Report.” On July 22, 2019, Equifax reached a $700 million settlement with the Federal Trade Commission (FTC) where Equifax agreed to spend up to $425 million to help victims of the breach. And it’s changing the standard of proof for settlements – shifting the onus from the entity that was breached to the consumer having to prove that they were impacted. Because of Equifax, we’re still seeing people push for data breach law reform.


During the busy holiday season in 2013, Target was hit by a data breach that exposed the credit card data of 40 million people and the personal information of 70 million, upsetting lawmakers. This breach made customers uneasy about using payment cards and was a catalyst for pushing forward the adoption of chip card technology. It also created a greater understanding of the need for authentication options. Consumers are now more acutely aware of their transactional engagements with retailers and how their financial information could be a gateway to other types of compromise.


In 2015, Anthem suffered a large consumer data breach that impacted nearly 80 million people. The information compromised included names, birthdates, Social Security numbers, addresses, phone numbers, email addresses and employment data that could have included income information. Minors who were on their parent’s health plans were affected, which is particularly troubling due to the long shelf-life of the static data (SSNs) that was compromised. In 2018, Anthem agreed to take corrective actions and pay the U.S. Department of Health and Human Services, Office for Civil Rights $16 million to settle violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. In order to place a claim for the settlement, victims needed to provide proper documentation for out-of-pocket costs. The Anthem breach is considered to be the largest health data breach and the largest HIPAA settlement in the United States.


Over 21 million people were affected by the second Office of Personal Management (OPM) impactful data breach, which occurred in 2016. Investigators determined that 19.7 million applicants for security clearances had their Social Security numbers and other personal information stolen – including biometric and protected health information. Not only did it impact those that were under OPM’s jurisdiction, but it also impacted those that were dependents as well. It was a sophisticated, large-scale hacking event that resulted in the creation of the National Background Investigations Bureau (NBIB).


ChoicePoint was part of a large impactful data breach in 2005 that led to the personal information of at least 163,000 Americans being sold to a crime ring. Fraudsters, posing as customers of the company, gained access to the company’s background check database – giving them the ability to mine sensitive personal information for nefarious purposes. In 2008, ChoicePoint agreed to pay $10 million to settle a class-action lawsuit. Since the breach, Senators have proposed a law to regulate the data broker industry called the “Data Broker Accountability and Transparency Act.”

Bonus Breach: U.S. Department of Veteran Affairs

This 2006 data breach affected 26.5 million veterans, spouses, active-duty military personnel and reserve military personnel. It led to the acknowledgment of many vulnerabilities in the VA. It also heightened awareness of the importance of protecting computer equipment containing personally identifiable information and responding to effectively to a breach that poses privacy risks. Lessons learned included rapid notification of key government officials being critical, a core group of senior officials being designated to make all decisions regarding an agency’s response and determining when to offer credit monitoring to affected individuals requires risk-based management solutions.

As we recap the last 10,000 breaches, the ITRC hopes that we can help those impacted – both as consumers and business – understand how to minimize their risk and mitigate their identity compromises. If you received a data breach notification letter, don’t just toss it aside. Call us at 888.400.5530 or LiveChat to talk with a live-advisor on what you should do. As part of this series, in our next 10,000 Breaches Later blog we will take a look at some of the top retail breaches since 2005. To stay up to date on the latest news in identity theft and data breaches, sign-up for our newsletters.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

Should You Consider Credit Monitoring Services as Part of a Breach? 

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches


Unsolicited phone calls with recorded messages, known as robocalls, have been a nuisance probably since the invention of the telephone. And they’re getting worse. In fact, in a single one-month period this year, there were more than 4.7 billion robocalls placed to U.S. phone numbers. While the telemarketers of yesteryear were certainly annoying, today’s threat is far more dangerous. Robocalls, which some consumers report can occur at all hours of the day and night, may actually be decreasing in number. However, the amount of money that victims lose to phone scammers is higher than ever.

“But I am on the Do Not Call List. Why am I still getting these phone calls?”

If you have put your phone number on the Federal Trade Commission’s Do Not Call registry and you still receive robocalls, that should be your sign that the call is not real. With that said, there are exceptions to the rule. Charities and political campaigns are still permitted to contact you, as are companies you do business with.

“But my caller ID said it was the Social Security Administration!”

It’s okay to be skeptical of your caller ID screen. It is easy for the scammer to change the appearance of the number they are calling from. They can put any phone number or name on your screen in order to entice you to pick up.

“But they said I was in trouble with the police and about to lose my healthcare coverage.”

No matter what story the robocaller gives, ignore it.

The IRS does not call you to inform you about your back taxes or penalties.

The police will not call you about a warrant for your arrest.

Your granddaughter was kidnapped? Try calling them first.

If you are ever in doubt about any situation like this, hang up and contact the company directly. Take down the caller’s information first, including their name, company or agency and employee or agent number they have, the phone number they are calling from and anything else that might be helpful. Then contact that organization directly using a verified phone number. You will quickly find out that no one by that name works there, your account is perfectly fine or your nephew is not in jail. If you do discover that something was legitimately wrong, you can handle it through the proper channels.

“But the caller said that I owe money!”

You will never receive a legitimate phone call in which you must make a payment immediately. It will always be a robocall. Even something like a call from your credit card company or utility company might be a courtesy reminder that you are past due. However, you will never be required to pay over the phone. The IRS and the Social Security Administration, two common scam targets, do not accept phone payments when someone calls you.

“I think I really do have to pay them. Where do I buy an iTunes gift card?”

Never make a payment of any kind with an iTunes gift card unless you own an Apple device and you are buying an app or song. iTunes gift cards, prepaid debit cards and wire transfers are all common tools for scammers, no matter who they claim to work for. They take the information from the card you bought, drain all the money and you cannot get it back no matter what you do. There is no such thing as a legitimate transaction that must be paid for with one of these methods.

“Okay, you have convinced me. So how do I make it stop?”

Fortunately, there are steps the government is working on to crack down on robocalls. Until the miracle cure for this dangerous nuisance appears, there is one thing you can do: ignore the call. Do not answer and hang up, either, since some of the software robocallers use is to track whether or not their potential victim has a working phone number. Answering the call and hanging up will only confirm that the number is good. Also, if you do answer and discover it is a robocall or possible scam, simply hang up. You might offend the caller, but the caller is breaking the law by contacting you in the first place. Do not put yourself at risk to avoid upsetting a criminal.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

Things to Consider When Using VPN

Should You Consider Credit Monitoring Services as Part of a Breach?