If you are traveling and plan to rent a car, there is a very specific privacy pitfall threatening you. Rental car companies have begun offering premium features in their fleets of vehicles, including things like Bluetooth sound systems, on-board GPS navigation and infotainment devices for everything from playing music to showing movies. The upgraded technologies can pose a threat to your identity.

Most rental car companies have no policy concerning deleting your Bluetooth-enabled activities from the vehicles once you return them. Some privacy organizations have even rented cars with the intention of seeing what past users are still stored in the device. It was a surprise to discover that many big-name rental car companies do not delete old user information, and that previous renters’ info was still easily visible.

Now, this might seem like a small concern in comparison other identity threats – like having your Social Security number stolen – but rental car risks exposing information like downloads, navigation and your phone’s identity. Your personal data should not be accessible to anyone else, especially the random individual who rents a car after you.

It is unfortunate that rental car companies are not concerned as they should be about your personal information. Sadly, this is a trend we see across many industries as misuse of personal data and data breaches are on the rise. Even if companies are not as worried about someone finding out your information via rental car technology, there are still steps consumers can take to minimize car rental risk.

Do not connect

The very first solution is to not connect your phone to the vehicle. This might not be ideal for integrated use, but it is the safest of precautions a consumer can take.

Delete the history

If you choose to connect, delete your own history from the Bluetooth system and the GPS navigator. If you do not know how, ask the service department when you return the car.

Block your name

Some Bluetooth-enabled devices will use a nickname for the device when connecting, such as “Lisa’s iPhone.” If your nickname is in your device and is picked up by the car’s system, it is possible that the next patron could piece together your nickname, your whereabouts (from the GPS) and your social media profiles in order to follow you. This could lead to other malicious activity.

Avoid having the GPS take you home

You already know where you live, so if you are using the GPS in a rental car, do not have it take you all the way to your house. It is enough to take you to your city or town, then shut it off and find your own way for the rest of the trip. This prevents others from finding your home location to plan a robbery or other malicious activity.

Do not skip the inspection

Do not skip the inspection when you return a vehicle. It is a good time to ask for help if you cannot delete your Bluetooth activity, and prevents any disputes later about damage to the vehicle. Some car rental places have started letting you place the keys in the car and leave without seeing an attendant, but avoid this and you will be happy in the long run.

Of course, the Identity Theft Resource Center is here to help. Speak to an identity theft advisor for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Imposter Scams Were the Most Reported Complaint in 2018

In New Scam, Criminals Pose as Government Pretending to Help With Identity Theft

Study Explores Non-Economic Negative Impacts Caused by ID Theft 

 

What is on your agenda for today? Go ahead and pencil in changing your Facebook passwords. This item does not need to be near the very top of the list, but it is certainly a good idea to put it on there and follow through.

According to a report by KrebsonSecurity and a follow-up announcement from the company, hundreds of millions of Facebook passwords were left accidently unencrypted. If you are not already aware of what that means for individual users, do not worry there is no evidence that anyone got your password. It just means that those passwords were “visible” in plain-text to anyone who was able to access the servers, which could include hackers—although there is no evidence of that—but certainly included numerous employees of the company.

In fact, Facebook seems to have traced the security issue back to project that centered on employee-created tools, apps, and features. Once the employees accessed the usernames and passwords for their work, those passwords were often stored in plain-text. Some of these employee-created copies of the login credentials—especially the passwords—go back as far as 2012.

Facebook has not released information on how many user accounts were visible or how many employees had access to the information, but KrebsonSecurity has details that put the number of employees at around 2,000—and those employees made approximately 9,000 separate data inquiries into millions of users’ login credentials.

This issue does not fall under data breach notification laws or protections, and Facebook is not recommending or forcing a password reset at this time. However, the social media site will inform users whose information was left potentially exposed, which is why it is important for the users themselves to be proactive about changing their Facebook passwords. There is no way of knowing if anyone other than the authorized employee accessed their information, and also no reason to assume that a company employee could not be the one to maliciously use or sell a large database of credentials.

“Password hygiene” has gotten a lot of attention in recent years, largely due to incidents like this one. If you secure all of your accounts with a strong password that you do not use anywhere else and that you change routinely, announcements like this one probably will not even be a cause for concern. However, if you use an easily guessed password, reuse your passwords on multiple accounts, and keep the same password for years, your risk of harm from a data breach is much greater.

Remember, to keep your online accounts protected:

  • Use a strong password that contains a long string of characters—eight to twelve letters, numbers, and symbols
  • Only use your password on one account
  • Update your passwords routinely, especially on sensitive accounts like email, social media, and financial sites

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Imposter Scams Were The Most Reported Consumer Complaint

Data Privacy Day is an international effort to empower individuals and business to respect privacy, safeguard data and enable trust.

Many of today’s tech users have never navigated an online world where they weren’t constantly asked to provide personal details about themselves for everything from booking a doctor’s appointment to buying a new shirt. Too many tech users don’t do enough to protect their online privacy and secure their data, while also thinking that it’s “other people” who don’t protect themselves.

This is a trend that Data Privacy Day works to address. The Identity Theft Resource Center is the non-profit partner for this event, hosted on January 28th, 2019, by StaySafeOnline. Powered by the National Cyber Security Alliance, the upcoming event will focus on the changing privacy landscape and what that means for consumers, businesses, policymakers, and more.

The change is so rapid, in fact, that StaySafeOnline is referring to this age as a new era in privacy, and as such, the event will feature a wide variety of instructional sessions led by some of the top names in the field. With events available for both in-person attendees and live stream participants, Data Privacy Day stands to be a source of vital information to kick off the new year with a focus on security.

Of course, there are actionable steps that every tech user can implement right now to help secure their personally identifiable information and protect their privacy:

1. Understand—and put in place—good password hygiene.

2. Establish a family or company policy on how to respond to suspicious messages and what steps to take in the event of a possible privacy incident.

3. Install strong, trustworthy security software that helps block or delete attempted privacy threats.

4. Think twice about oversharing, whether it’s posting too much information on social media, responding to emails asking for identifying details, or handing over your data to third-parties.

5. Seek out the vulnerabilities that may already be a threat, like third-party apps, unsecure privacy settings in your social media accounts, software and operating systems that haven’t been updated regularly, and more.

Can’t be there in person? Watch live from LinkedIn, SF! ITRC CEO, Eva Velasquez will be joining privacy experts on the panel, “The Future of Privacy and Breakthrough Technologies” to discuss advances in technology, such as artificial intelligence to the human body acting as the computer interface, how privacy will take on even greater significance. Panelists will highlight why our actions now will drive tomorrow’s outcomes.

Just released – Download the 2018 End-of-Year Data Breach Report


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Consumers at Risk: 126% Increase in Exposed Consumer Data, 1.68 Billion Email-Related Credentials

Social media has changed the way people interact with each other in both good ways and bad ways. It’s amazing to connect with people all around the world or to find a long-lost classmate from seventh grade. It’s something else altogether, though, to find yourself in a compromising situation because of something you posted online.

One of the more recent features of different social media sites like Facebook, Instagram or Twitter is the ability to broadcast live video to your followers. This feature can be fun and entertaining or even educational, but if you’re not sure how the platform works or what kind of surroundings you’re broadcasting from, you may be unhappy with the results.

1. How long is my video accessible, and who can see it? – Those questions depend on the platform you’re using. Twitter’s Periscope or the Meerkat platform, for example, are available to anyone who chooses to click on your name. Facebook Live can be limited, meaning you can broadcast to everyone or just to your friend’s list. Instagram Live, though, is by default set to allow anyone to see your video; you have to adjust that setting yourself if you want to keep it private.

As far as how long the video is available, there are key differences you should know before you press the button to go live. Instagram Live videos are gone the moment the camera turns off, but Facebook Live videos can repeatedly be viewed and at a later time.

2. What’s going on around you? – You’ve probably seen some viral videos with hilarious background images, such as an adorable wedding couple sharing the first kiss during their beach ceremony only to have a man in a tiny swimsuit standing behind them. It’s not so funny when the visible area behind your video contains anything incriminating, illegal or simply embarrassing.

Remember, depending on the platform and the settings, you might not control who can see your video. If anything behind you is a dead giveaway for your location, any of your identifying information or even the answers to typical security questions (i.e., posting a video on your birthday and mentioning it), you might be sharing far more than you intended.

3. Is this content allowed? – Each platform has regulations for what is and isn’t permitted, and it’s up to you as the user to know what they are. Obviously, behavior that violates copyright—like broadcasting live from a concert, movie, or other ticket-holder events—is a no-no; even if you don’t necessarily get in trouble, it’s still theft, and it’s wrong. Broadcasting live for anything other than journalistic reasons from a crime in progress can also land you in hot water with both the platform and law enforcement.

If you want to go live on social media, you need to be smart. Know how your platform works, understand your privacy settings and surroundings, and make sure it’s approved, beneficial content… then smile for the camera and enjoy!


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

April the Giraffe became an internet sensation in 2017, bigger perhaps than any pop-star-behaving-badly, for her adventure park’s YouTube live stream of her pregnancy and delivery. It took a little longer than expected, but she gained a following of millions of viewers for the birth of her first baby to be born at the park, Tajiri.

At that time, many people had a tongue-in-cheek criticism of the whole sensational affair: how would you feel if someone broadcasted your pregnancy and delivery to the entire internet?! In fact, in recent years, more and more hospitals have instituted policies against this very thing, banning video cameras, digital cameras and even cell phones from the delivery room to give the mom and baby both some privacy.

Obviously, April didn’t seem to mind either the jokes or the constant attention directed towards her medical condition. Hopefully, she’s just as calm about the April Cam going live once again for her next delivery. But that doesn’t mean we should be so laid back about our own privacy and oversharing of personal information.

Oversharing happens when we post more information or content online that might be safe. It could be sharing too many details in your social media profiles, entering information online without finding out where it will end up, even posting photographs that in hindsight probably shouldn’t have been made public. In any event, oversharing is a serious problem that can lead to consequences like identity theft, account takeover, repercussions at school or in the workplace and more.

In order to avoid oversharing, there are a few things to keep in mind:

  1. Social media settings – Who can see your posts? Do you know how to keep others’ prying eyes out? Depending on the platform, such as Facebook versus Twitter versus Instagram, you have options when it comes to keeping your content limited to people you personally know. To check up on your privacy settings, log into your account and go to your profile. Note: that’s not to say everyone must lock strangers out altogether, but it’s good to know how to set up your preferences and change them if you wish.
  2. Locations – If you have location settings turned on for your phone or other devices, you might be handing a criminal the exact location to where you’ve taken a photograph, even down to which room in your house. A concept called geotagging incorporates these coordinates into the digital file for the image, and when you upload that image, you can retrieve the coordinates by someone who accesses the picture. In order to keep your location under wraps, be sure to turn off the location settings for your device’s camera so, anyone with malicious intent doesn’t come looking for the flat-screen TV or MacBook in the background.
  3. Sensitive content – Finally, once you’re certain that the posts aren’t giving away too much, really think about what’s in the post, photo or video. Is this something that paints you in the best light? What will an employer say about it? Is it embarrassing to anyone in your family, including your kids?

Remember, April the Giraffe may not understand that millions of people around the world watched her every move—including an event that most people consider to be very, very private—but you and your friends or family might care a great deal. Protect your privacy and your dignity with safe, smart sharing behaviors.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

The era of the Internet of Things ushered in innovations, better convenience, and more personal safety, but it also brought with it a host of security flaws.

Wi-Fi routers were some of the first devices to be attacked on a large scale, giving hackers access to entire networks. Wireless medical implants have also been infiltrated, leading to terrifying speculation about what a nefarious operative could do with access to a patient’s pacemaker or an insulin pump. Now, even our homes can be a target… not just the devices in the home, but the building itself.

The Ring doorbell, an IoT gadget that replaces your existing doorbell, connects over your home Wi-Fi to your smartphone. It lets you “answer” the door with your phone, giving you the ability to see who is at the door, hear that person’s voice and even speak back. The range on Ring is virtually limitless since the home Wi-Fi is talking to the smartphone app, which receives its signal over Wi-Fi or cellular. You could answer the door while you’re at work or on vacation, theoretically thwarting an intrusion.

Ring even offers the ability to record what’s going on outside the house, turning your doorbell into a security camera. There have already been several instances where the homeowner’s Ring either prevented an attack or led to an arrest in a crime.

So what about the flaw? Ring has to connect to your smartphone via its app in order to offer you this convenience and peace of mind. The app is installed on every users’ phone in that household, or at least the people who should be answering the door. One Ring user found out the hard way that the app remains connected to the doorbell even if a particular smartphone owner no longer lives at the residence and even if there’s a password change.

The Ring owner in question made news recently after suffering a romantic breakup. Unbeknownst to the homeowner, the member of the relationship who’d moved out was still able to access the video footage from the doorbell and therefore was able to see who was coming over. This person was also able to ring the doorbell at any time, including in the middle of the night.

The problem was in the way the account and the app “spoke” to each other. Changing the password on the account didn’t block anyone or require the password to be re-entered on the app. Ring has now announced that they’ve fixed this flaw but also reports that it can take up to an hour to remove someone’s app access once the password is changed.

This issue might seem minor compared to other kinds of newsworthy security breaches, but it demonstrates a few key points about our technology. First, we might be a little too quick to adopt the latest connected device, especially if it doesn’t have all the bugs worked out. Also, what are we giving up when we download an app or connect a new gadget to our Wi-Fi? Finally, those permissions and passwords that we turn over to an app don’t work the same way in every app, so it’s up to consumers to understand how it functions.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

The very first selfie is believed to be a photograph of Robert Cornelius in October 1839.

He stood in his family’s backyard to snap the self-portrait, which in that day meant holding very still and facing the camera with a rigid posture for anywhere between three and fifteen minutes, depending on the available light. Even then, there was no guarantee that the photo would develop correctly, be framed around the subject in the right way, or even survive the test of time. (Spoiler alert: it did, and it’s a pretty neat photo!)

The technology behind photographs has come along way since then, but the fascination with taking our own pictures has only gotten stronger. Now, selfies even have their own holiday—National Selfie Day on June 21—in spite of the millions of people who celebrate the occasion on a daily basis.

The purpose in a selfie can range from harmless fun to serious work (like submitting a headshot when a potential employer emails you), but no matter why you do it, there are some important physical, emotional and privacy safety concerns to keep in mind:

1. Physical Danger – It might seem like a bit of funny satire, but there have literally been safety manuals written on how to take a “safe selfie.” The Russian government released its top ten safe selfie tips quite some time ago, including important hints like don’t take a selfie while leaning off a bridge or skyscraper and don’t walk out into traffic while taking a selfie. Before you scoff, remember that Yellowstone National Park has to remind visitors which places within the park are safe or unsafe for a selfie!

2. Emotional Safety – If social media has taught us anything, it’s that bullies and trolls can strike at any time. Some reports show that selfies can be addictive and can place too much emphasis on cultivating our outward appearance. It’s safe to assume that most selfies uploaded to sites like Facebook and Instagram probably get the same response: “soooo cute, luv u!” Unfortunately, selfies have also been known to lead to extreme cases of bullying. A simple celebratory post from your teen that says, “So excited to finally have my braces off!” can be met with derogatory comments like, “Yay, now lose 50lbs and you might look halfway decent.” While these comments are sadly not limited to callous teenagers, they are quite likely to be victims. It’s important to talk to your teens and tweens about what’s safe to post, what privacy settings to enable and what to do if someone engages in this way.

3. Privacy Control – Now we get to the real problem with selfies, namely, your privacy. There are quite a few privacy concerns you should be aware of before posting that image. Facial recognition from platforms where uploading photos area major issue, as is government data collection for “faceprint ID.” Some sites are finally giving users control over whether or not they can store and tag faces, but it’s not widespread for every platform. Reuse and altering of shared photos online is another key concern, as is geotagging of your photos with precise coordinates to the location of the photo.

Celebrate your confident, happy, best-face-forward self with a snapshot if you choose, but remember to keep all of your safety considerations at the forefront of anything you share or post online. Say cheese!


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Fourteen million Facebook users recently woke up to an email in their inboxes, informing them of another privacy issue with their accounts.

According to the message, between May 18 and May 27, a software bug within the company turned some users’ private posts into public shares. Even after they found the bug on May 22, it still affected some posts.

The privacy settings you choose for your Facebook posts are “semi-permanent,” meaning once you choose either “public” or “private,” all of your posts will fall under that setting unless you manually change it. The issue with the bug is this: Facebook’s software switched that setting to “public” for millions of users without their knowledge and without Facebook employees realizing it. All of the content that the affected users posted during that time (believing that their privacy settings were still active) were made public.

Facebook apologized for the error and instructed users to go back through all of their posts since that date and reset them to private. But as the latest in a long string of privacy blunders (both intentional and accidental), users may be becoming more and more frustrated with the platform.

Part of the frustration may come from the familiarity we have with social media and the internet. We’ve moved on from the days when this “newfangled” concept left us feeling cautious about where our information might end up and who could see it; now, too many of us are either unconvinced that anyone cares about stealing our data or unconcerned with how they are using it.

A survey about phone scams and similar crimes revealed our attitudes towards our personal privacy. While senior citizens are still more likely to lose a slightly larger amount of money to a scammer, millennials are more likely to fall for a scam in the first place. Experts who evaluated the findings attribute it to two things: first, younger people may mistakenly believe they are less of a target than older, more naïve consumers, and because millennials may put more trust in technology and their privacy. Another factor seemed to be an “oh well, my information is already ‘out there’” mentality in younger consumers who’ve already endured years of record-setting data breaches.

For users who are concerned about their privacy and data security on social media and other websites—and let’s face it, that should be everyuser—it’s important to take every precaution when it comes to what you share and how it gets spread. Whether purely by accident or as part of innovating their platforms, every website could change how it operates; that means users cannot sit back and trust that the account settings they enacted a few years ago are still adequate to protect them today.

The old advice still rings true: nothing is ever truly private on the internet, and nothing is ever really deleted. If you let that tongue-in-cheek advice guide your content posts, your privacy awareness, and your habits concerning monitoring your accounts, you can feel a little more confident with what you share online.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Standing in long lines, waiting to get into your favorite singer’s concert could soon be a thing of the past.

Ticketmaster has announced a new wave of technology that is already testing at certain venues in limited markets. Now, instead of handing over your ticket or scanning your phone’s screen at a concert, sensors can capture a peek at your face and compare it to your stored facial parameters. Just smile and wave as you breeze through the turnstile, right?

However, the process, which takes less than a second, is far from foolproof. Developed in conjunction with Blink Identity—a company that has developed this technology for military applications in the Middle East—Ticketmaster’s use of this kind of tool has already got security experts scratching their heads. What happens to your stored facial data? Who else can use it? How is it being protected?

More importantly, if Ticketmaster can use a nanosecond glimpse of your face to identify you in a crowd, then who else can do it, and how will it be used?

There are some less obvious concerns than the futuristic “what if” of using this technology for mass surveillance. First, there’s very little in the way of legislation concerning this kind of recognition and tracking, at least in the U.S. Only three states—Illinois, Texas, and Washington—have laws to protect the public from the unauthorized use of their faces or other biometric markers like iris scans or fingerprints and there are no federal laws in place at this time.

Another key issue is understanding who may already have this data and who can access it as a third-party to that company. Facebook, for example, rolled out facial recognition quite some time ago based on photographs that users uploaded and tagged with names. Any company that is entitled to use Facebook’s stored data could potentially use facial images and accompanying usernames. Currently, a class-action lawsuit over this practice is still underway.

Self-incrimination is another chief concern among advocates for stricter control over facial recognition. If merely walking down a street means surveillance cameras can spot you and put you near the scene of a crime at the correct time of day, the burden of proving the case shifts from investigators proving that you’re guilty to you having to prove you’re not.

Finally, a new report by The Independent demonstrates that facial recognition as a crime-fighting tool was ineffective in 98 percent of the cases. These findings, culled from freedom of information requests, found that only two out of 104 alerts were able to identify facial recognition from public surveillance cameras in the U.K. correctly.

As new technologies are developing and implemented, it’s important that lawmakers work to keep up with the potential uses—and abuses—of the innovation. While legal precedents remain, it will be up to consumers to determine for themselves what level of biometric use will make them comfortable.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Following the recent Facebook/Cambridge Analytica incident, the social media giant is taking steps to help users have a better understanding of their terms of service, as well as, allowing users to personalize their settings.

The Facebook terms and data policy have been updated to explain how they collect, use and share data from your profile. And it’s requiring you to review before going further with your social session.

Users can now remove information they no longer wish to share. This includes religious views, political views and dating preference. Facebook will allow users to adjust privacy settings to pick who gets to see this information. However, if users decide to provide this information, Facebook will use it to personalize features and products tailored to your preferences.

As far as the ads that appear on your Facebook page, you can now control whether or not they use your data to personalize them. Facebook can collect when you make online purchases, download apps, like a partner’s page and when you make an in-store purchase from one of their partners. So if you purchase a phone online, you might see ads for phone cases and phone chargers. If you decide to disallow Facebook from collecting your data you will still receive ads; they will just be randomized.

Facebook is also allowing users to turn off facial recognition. This technology helps Facebook recognize when you appear in photos, videos and the camera. It also helps protect you from strangers using your photo, find photos you’re in that you’re not tagged in and tell people with visual impairments who is and is not in a photo. However, you can still tag yourself in photos and report fake profiles if you do decide to turn off the face recognition option.

Users can go to their settings at any time to make these changes. All of this information is on Facebook’s updated terms, data policy and cookies policy. It also states that Facebook will clarify how they are using data so users can make decisions on whether or not they want that data collected.

The most important privacy setting isn’t in your account, though, it’s in your own behavior. Never post anything—a photograph, a viewpoint, or even an offhand reply to someone else’s post—that you would not want shared with others.


For toll-free, no-cost assistance, contact the Identity Theft Resource Center at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.