• Approximately 56 percent of California voters passed The California Privacy Rights Act (CPRA). The law will be the toughest privacy law in the U.S. once it goes into effect in 2023.
  • California residents will have more control over what happens to their personal information when businesses collect it. Consumers from the state can also have information corrected they think is inaccurate.
  • California businesses will be required to update agreements with contractors and sub-contractors that binds them to meet the provisions of the CPRA.
  • For more information on the privacy law, contact the ITRC at no-cost by calling 888.400.5530 or by live-chat on the company website.

California voters went to the polls to decide the fate of the strongest privacy law in the United States. After counting the ballots, Proposition 24 – The California Privacy Rights Act (CPRA) – passed and will go into effect in 2023.

Subscribe to the Weekly Breach Breakdown Podcast

Every week the Identity Theft Resource Center (ITRC) looks at some of the top data compromises from the previous week and other relevant privacy and cybersecurity news in our Weekly Breach Breakdown Podcast. This week, we look at CPRA and what it means for businesses and consumers.

How The California Privacy Rights Act Passed

Approximately 56 percent of California voters approved the privacy law. However, Big Tech and Big Privacy joined forces to oppose the proposal. The initiative was proposed to strengthen the existing state privacy law, The California Consumer Privacy Act (CCPA), in many different ways.

What Consumers Need to Know About The California Privacy Rights Act

There are a few different things for California residents to know about the CPRA:

  1. Since voters approved the CPRA and not the state legislature, it will be more difficult to amend the law in the future. The legislature must submit any proposed changes to the popularly approved law to the voters in a future election. That makes it very difficult to weaken the privacy provisions in the CPRA.
  2. The CPRA gives California residents even more control over what happens to their personal information when a business collects it. The CCPA gives residents the right to access the information companies collect about them and request it be deleted in certain circumstances. It also prohibits the sale of their information for marketing purposes. The CPRA will give consumers rights linked to sharing information – not just selling data to third parties – clarifying one of the most confusing parts of the current privacy law, the CCPA.
  3. The CPRA adds a right to correct any information that a consumer thinks is inaccurate. Californians will now have the right to opt-out of automated decision processes that use their personal information. Also, they will have the right to see how automated decision processes work.
  4. The CPRA creates a new category of personal information that California residents can access and control in certain circumstances, like sharing information with third parties. The new category is known as “sensitive personal information” and includes precise geolocation data, race, religion, sexual orientation, Social Security numbers and certain health information.
  5. Finally, the new privacy law gives consumers the right of data portability, which means someone can tell a company to share their information with another company. It is like when someone changes their mobile phone or insurance companies.

What Businesses Need to Know About The California Privacy Rights Act

Businesses will also have a host of new duties that apply to them:

  1. Companies will have to create data silos, meaning they will have to keep personal information used in marketing separate from other consumer information. Companies, especially smaller ones, are already struggling to meet the existing consumer rights of access, review, deletion and opt-out. The new provision could compound the compliance issues.
  2. The most significant change for businesses will be the requirement that companies update agreements with contractors and sub-contractors that bind them to meet the provisions of the CPRA. In past podcast episodes, the ITRC has talked about data breaches resulting from “supply chain attacks.” That is where a company has good cybersecurity. Still, a third-party vendor ends up breached, and the company’s customer data is exposed. The requirement to update agreements with contractors and sub-contractors is designed to address supply chain attacks and clarify that everyone in the supply chain is responsible for protecting consumer information.
  3. Businesses do get some benefits in the CPRA. Employee and B2B data are exempt from the law until at least 2023, and businesses may be charged fees if consumers opt-out of data collection and sharing. That provision is the reason privacy advocates joined Big Tech companies to oppose the CPRA.

Toughest Privacy Law in the United States

The CPRA will be the toughest privacy law in the U.S. when it goes into full effect in 2023. In the meantime, state officials will propose the regulations needed to implement the new law. In the case of the CPRA, there will also be a new state agency created to enforce the new privacy law. For now, the California Attorney General will continue to enforce the existing law, CCPA.

Privacy Law Passed in Massachusetts

There was another state privacy law recently approved by a vote in Massachusetts. Car owners now have the right to see the information their car is wirelessly sharing with automakers. Approximately 75 percent of voters approved the proposal; carmakers have until 2022 to comply.


For information about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notifiedTM. It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.  

Contact the ITRC

If you have a question about The California Privacy Rights Act, data privacy, or if you receive a breach notice and you’d like to know how to protect yourself, contact the ITRC. You can speak with an expert advisor toll-free at 888.400.5530 or by live-chat on the company website. Also, download the free ID Theft Help App to access resources, a case log and much more. 

Join us on our weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.  

  • Two new research papers from OpSec Security and Consumer Reports shows how consumer privacy and cybersecurity views are evolving across the U.S. 
  • Findings in the OpSec Security report show that cyberattacks and data breaches are pervasive, and consumers are concerned and desensitized by the volume of information compromises. 
  • The Consumer Reports report concludes that consumers believe companies are primarily responsible for protecting the personal information businesses collect, store and use. 
  • For more information on the latest data breaches, visit the Identity Theft Resource Center’s (ITRC) data breach tracking tool, notifiedTM. It is updated daily and free to consumers.  
  • For cybersecurity, privacy or data breach advice, contact the ITRC toll-free at 888.400.5530 or by live-chat on the company website. 

Privacy and cybersecurity impact consumers. Two new research papers show how consumer privacy and cybersecurity views are evolving across the U.S. The reports validate a central concern among consumers that there is not enough done to protect their most precious possession; their name. 

Subscribe to the Weekly Breach Breakdown Podcast 

Every week the Identity Theft Resource Center (ITRC) looks at some of the top data compromises from the previous week and other relevant privacy and cybersecurity news in our Weekly Breach Breakdown Podcast. This week, we will look at two new research reports. The first focuses on recent changes in consumer attitudes. The second takes a longer-term look at how consumer privacy and cybersecurity views are different now compared to 25 years ago when the modern commercial internet was born.

The Importance of Reputation 

Reputations are important to individuals, companies and organizations. That’s why OpSec Security, a global cybersecurity firm, recently surveyed 2,600 consumers throughout the U.S. and four European countries. Researchers asked consumers whether they have been affected by cybercrime, their perceptions of brands, and if their role – or the role they should play – in keeping consumers safe has changed over time. 

The findings show that cyberattacks and data breaches are pervasive and consumers are both concerned and desensitized by the volume of information compromises. Some of the key findings in the last year include the following: 

  • 40 percent of respondents were a victim of an email or phishing scam
  • 51 percent of respondents say they receive more phishing attempts now than before the COVID-19 pandemic. 
  • 35 percent of respondents experienced credit or debit card fraud. 
  • 21 percent of respondents were a victim of identity theft at some point.  

Meanwhile, 30 percent of respondents were impacted by a data compromise, which did not surprise nearly one-third of the people who received a data breach notice. Of those who had their data compromised, 46 percent were contacted more than five times. Almost half of those who haven’t received a data breach notice, 48 percent, are worried they will soon.  

Those 30 percent of consumers in the OpSec survey who say they had their data compromised in a data breach equal the same percentage of people who responded to a similar question from Consumer Reports.  

Consumers Think Businesses are Responsible for Protecting Personal Information 

Both surveys came to a similar conclusion: consumers believe companies are primarily responsible for protecting the personal information businesses collect, store and use. Consumer Reports surveyed more than 5,000 U.S. residents about privacy and security. They also reviewed past research to show how consumer attitudes changed over time. 

  • In 1995, 44 percent of consumers were worried “a lot” or “some” about losing privacy due to the internet. 
  • By 2002, 76 percent of survey respondents were uncomfortable about companies collecting data about them. However, 94 percent thought they had a legal right to see what data the company collected about them from a website. 
  • Fast forward to 2019; 65 percent of consumers said they do not believe their personal information is kept private. 

In the Consumer Reports research published in October, 96 percent of consumers surveyed agreed that more could be done to ensure companies protect consumer information. Other findings include the following: 

  • 68 percent of consumers surveyed believe companies should be required to delete the data they have about someone upon the consumer’s request. 
  • 67 percent of respondents think there should be tougher penalties, like high fines, for companies that don’t protect someone’s privacy. 
  • 63 percent say companies should be required to give consumers access to the data companies have about them. 
  • 63 percent also believe there should be a national law that says companies must get a person’s permission before sharing their information. 

There are now laws, passed in multiple states, that include one or more of the items from the consumers’ privacy wish list above, but a national privacy law remains elusive. 

Built-In Privacy Features 

One finding that did not emerge from either survey on consumer privacy and cybersecurity views was a consensus around what consumers want to happen next to protect their information. Consumer Reports notes that companies are beginning to build products with built-in privacy features. More than 40 percent of consumers say they may be willing to pay companies to stop collecting, sharing and selling their personal information. Right now, that practice is prohibited in California, the state with the toughest privacy law in the U.S.  


For more information about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notifiedTM. It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.   

Contact the ITRC 

If you receive a breach notice and would like to know how to protect yourself, contact the ITRC at no-cost by calling 888.400.5530 to speak with an expert advisor. You can also live-chat with an advisor on the company website. Also, download the free ID Theft Help App to access advisors, data breach resources, a case log and much more.  

Join us on our weekly data breach podcastto get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.   

Read more of our latest information & educational resources below

Unsubscribe Email Scam Looks to Trick Consumers

Social Media Scams are on the Rise as More People Use the Platforms to Connect

Phishing Attack Report Reveals Microsoft is the Top Spoofed Brand and Other Data Breach News

There are many unanswered questions about the coronavirus impacts in the United States, some of which center around how schools will reopen for the fall term. K-12 school districts in many areas are scheduled to resume classes in a matter of weeks. However, what the learning environment will look like has yet to be determined in many cases. With that said, there are a lot of concerns about how schools might implement distance learning on a large scale.

One concern that parents, teachers, administrators and technology leaders face is how to protect students’ personally identifiable information (PII) in an online environment. Child identity theft is a serious problem and educational institutions have been a target for hacking due to the vast amount of personal student data their servers store. A child’s identity credentials are seen as extremely valuable to identity thieves, primarily because of the long period of time where their use by the thieves can go undetected.

Parents are considering the option of continuing to keep their students distance learning, but internet safety tips for kids using online platforms will become even more important as more students (especially K-12) utilize digital education for a longer period of time. However, with so many different online platforms being used by schools of different sizes and needs, there could still be an increased risk of student data being exposed or stolen in a data compromise and then used to create synthetic identities or sold for marketing purposes.

In one example from 2019, an online education provider in the U.S. suffered an accidental overexposure when a database of possibly more than 19,000 students’ information was left unsecured. Anyone with an internet connection was able to see the data for more than a week before it was taken down and password protected. It is still not known if anyone accessed the information while it was exposed.

As the new school year takes shape, it will be vital that administrators and IT professionals put safeguards in place to prevent unauthorized access to student records, employee files and other sensitive materials. Understanding the laws that are already in place is important in helping schools avoid costly mistakes. In California, the state’s privacy and cybersecurity law (CCPA) requires businesses and organizations to safeguard consumer data against data breaches and accidental events. Companies are also required to obtain parents’ authorization when collecting data on any child under 13 years of age, as well as have permission from the parents and student if the child is between 13 and 16 years old. The U.S. government’s Children’s Online Privacy Protection Act (COPPA) also gives parents some control over what personal information companies can collect on their children under the age of 13.

The next step may be in limiting the type of information that schools gather, such as Social Security numbers or health insurance and Medicaid identification numbers. Another important child privacy step will be ensuring that all personnel who have access to stored data know how to secure it. As some educators switch to wearing multiple hats this fall, they must be well-trained on how to use the platforms their school systems have adopted.

For parents, there are many internet safety tips for kids they can teach their students when it comes to online security:

  • Parents should be mindful of what websites their kids visit and teach them about what types of information are okay to enter online
  • Parents are encouraged to help their kids be aware of the dangers of clicking links or downloading files, as these can contain viruses and malware
  • Parents should make sure all of their kids’ online interactions occur with a known and trusted individual to lessen the opportunity for social engineering
  • Parents can enact the strictest privacy control settings available on both their child’s computer, mobile devices and browsers they use

Anyone with questions about child identity theft, distance learning security or internet safety tips for kids can live-chat with an Identity Theft Resource Center expert advisor. They can also call toll-free at 888.400.5530.

You might also like…

Stalker Data Breach Leads to Sale of Users’ Credentials

Non-Traditional Data Compromises Make Up the Latest Week of Breaches

Mystery Shopper Scams Surface During COVID-19

It is more important than ever that consumers use strong security questions with strong security answers on their online accounts. With most people home due to the COVID-19 pandemic, more consumers are required to shop online to do their food and household purchasing. That means a lot of online accounts have been and will continue to be created. One common step in creating an online account is picking a security question in case the creator of the account cannot remember their password. It is meant to be another layer of security for the authentication process.

While this alternative way of identifying customers can be very useful, it could also put more personal information at risk of compromise should the company fall victim to a data breach. For example, if someone selected “What are the last four digits of your Social Security number?” as their security question and provided that credential as the answer and the company’s online user database was breached, hackers could have that piece of personal information to use to flesh out more details of the person’s identity credentials.

However, there are things people can do to keep themselves safe while using strong security questions as another form of authentication.

When creating an answer to a security question, the response doesn’t have to be the exact answer. In fact, the Identity Theft Resource Center would encourage people that are signing up for online shopping, and other non-sensitive online accounts, to provide alternative answers. Doing so creates a strong security answer because it would be nearly impossible for anyone to research or guess. For example, if “What is my mother’s maiden name?” was selected as a security question, using an alternative like their mother’s nickname or some other name doesn’t give away a very valuable component of your security question. The answer should be stored in a password manager or on a piece of paper that is securely locked away.

With that said, creating alternative answers to security questions should only apply when someone is creating an account for a business or institution that doesn’t require highly sensitive information to verify their identity. If someone was creating security questions and answers for an account with a bank, lending institution or medical provider that uses that information to authenticate the user’s identity, they would want to provide accurate answers because the answers could be used to verify identity.

Some other tips to keep in mind while trying to pick strong security questions include:

  • Select a security question that cannot be guessed or researched over the internet, social media profiles, etc.
  • Select a security question that will not have to be changed over time
  • Select a security question that is easy to answer, but not obvious to others or easily researched
  • Select a security question with a precise answer that does not create confusion

Users should make sure they are selecting strong security questions that will keep them safe. They should not be afraid to use alternatives for the answer if it will protect identity credentials. People should also make sure their answers are as strong as their passwords. People can do their part to protect themselves and shop online for all the things they need to get through the COVID-19 pandemic, and beyond.

For more information about protecting your online accounts, contact the Identity Theft Resource Center to live chat with an expert advisor or call toll-free at 888.400.5530.

You might also like…


Schools, businesses and individuals are making drastic changes right now due to concerns surrounding COVID-19. Some of the protective measures, such as social distancing and self-isolation, translate to technology picking up the slack to keep businesses and education moving forward. However, that is leading to privacy issues particularly around kids using technology not originally intended to be utilized in the new manner many have taken to using some platforms.

One platform stepping in to fill the need is Zoom, a videoconferencing tool that allows users to talk, video chat, instant message and even screen-share in real-time. This long-time business tool is now being used for everything from online classes to social get-togethers, but malicious users have already figured out how to crash virtual meetings.

A new practice, known as “zoom-bombing,” happens when an uninvited user works their way into a user’s Zoom session and causes a disruption. Reports so far have included “bombers” dropping in and writing racial slurs across the screen, posting pornographic images for all the viewers to see and more.

Zoom was created to allow businesses to communicate quickly, effectively and on-the-go. Because of that, creating an account was set up to be very simple and does not require much authentication. Now that more people are using the platform, including teachers for grades K-12, and finding creative uses for this tool, the concern about privacy, and especially that of children, is even more real.

In fact, some Zoom conferences hosting children have already been compromised. Recently a Zoom conference with students from the Orange County Public School System in Florida was disrupted after an uninvited guest exploited himself to the class. In Boston, a group of students shared inappropriate content.

Zoom is working on a fix that will help stop intrusions and increase security, particularly child privacy, making it important that users download any updates issued by Zoom. Before using the platform, users can also take precautions by changing the default security settings. That includes updating the use of a password to enter the conference, using the “waiting room” feature to screen participants and only allowing authenticated users to join the meeting.

Users can also be more aware of how they are engaging with other people with their Zoom accounts. Ultimately, the platform relies on each user making smart decisions about how they are sharing their meeting rooms. Some child privacy aspects to consider:

  • Making sure to not share meeting invites with others on public profiles, such as inviting others to attend on social media
  • Teachers hosting Zoom meetings are encouraged to change the platform’s default settings before each session

This is an important reminder that this type of technology, especially platforms that function online and are accessible by other users, can have serious privacy ramifications. As many public schools and activity groups are now using Zoom to interact with children, it is even more important that users understand how to protect themselves. Parents should make it a habit to remain nearby while their children are on Zoom in order to end the session immediately if something unexpected takes place.

To increase child privacy, parents are encouraged to talk to their kids about proper online conduct before any virtual meeting. It is also recommended that if someone’s child is going to interact with other children on Zoom, parents should remind their kids that the same rules that apply in the classroom – or other in-person meetings – apply on Zoom.

If people have questions regarding their privacy on social media or accounts, they can live chat with an expert ITRC advisor at no-cost.

You might also like…

Financial Database Leak Leads to Over 500,000 Documents Exposed Online

Canon Data Breach Leads to General Electric (GE) Employee Information Being Exposed

COVID-19 Romance Scams Begin to Make the Rounds

Unbeknownst to many consumers, the country’s most advanced consumer privacy act just went into effect on January 1, 2020. The California Consumer Privacy Act (CCPA) outlines some of the strongest protections for individual consumers and the companies they choose to do business with. However, some early reporting shows that a lot of people are still not aware of the new legislation.


CCPA provides new protections in the event of a data breach, new tools for consumers to find out exactly what information a company has collected and sold or shared and more. Under the CCPA, consumers also have the right to delete some personal information and opt-in for children. In the CCPA personal information is defined as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information under the CCPA does not include publicly available information.

 Companies doing business in California — whether they are located there or not, or simply have customers or users who reside in the state — must provide more than just the proof of information they have collected. If an individual consumer does not want their information sold to third parties, the CCPA states they have the right to opt-out and the companies must comply. Failure to comply could result in significant fines, penalties and damage awards of up to $7,500 per consumer.

Image of business with notice of CCPA

That has been a sticking point for a number of businesses, though.

There are questions about how businesses will comply with the do not sell requirements. Some companies are claiming that if they “share” their users’ data with an outside company, they are in compliance. The supporters of the CCPA have said selling or sharing is the same thing, though companies like Facebook, CVS, Indeed and others argue their methods of providing users’ information to outsiders does not violate the CCPA.

Image of Conde Nast disclosure of CCPA

Some of the other responsibilities of businesses include a child opt-in requirement, a website notice requirement, a duty to educate, vendor agreements, third-party transfers and cybersecurity protections to prevent a data breach. In the event of a data breach, consumers can now sue to recover up to $750 in costs per data breach. For more information about consumer rights in the event of a data breach or other CCPA rights, click here.

Image of business disclosure of CCPA

Though the California Consumer Privacy Act went into effect on January 1, businesses have until July 1 to comply before enforcement—and presumably, punitive action—begins. It will be interesting to see both how this plays out for businesses that make a lot of money by selling their customers’ information, and how many other states follow suit with legislation of their own.

Sign Up For Identity Theft and Data Breach News

Sign up for the TMI Weekly to stay in the know about potential threats to your identity/privacy and tips to keep you safe. Our monthly breach alert keeps you posted on the latest trends and activity in the world of breaches.

Free Identity Theft Assistance

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

This news is currently evolving and we will update as announcements are made available.  

You might also like…

Save the date for this year’s Data Privacy Day! In the current always-connected digital age, it can be easy to take privacy for granted. Apps, websites, social media and even games want everything from permission to access our contacts list to invasive amounts of personal information. Even signing up for a new account can mean turning over your name, email address or birth date.

Too often, though, consumers do not stop to think about why an app wants to use your friend’s list or why a game needs access to your device’s photos. We simply click through the terms of use and are wondering later on how hackers stole our data in a data breach or why a company sold our information to third-parties.

StaySafeOnline, which is powered by the National Cyber Security Alliance, will be hosting its annual Data Privacy Day on Tuesday, January 28. This live-streamed event will begin at 1:00 p.m. EST/10:00 a.m. PST and will feature industry experts speaking on a variety of privacy-related topics.

One session of the event will be important to a lot of different stakeholders, that being the discussion of the new California Consumer Privacy Act, which is set to take effect this month. There will also be panels on the effects of the GDPR regulations that have already gone into effect in Europe, as well as discussions on how privacy affects both businesses and individuals in a worldwide-connectivity landscape.

More importantly, one of the goals of Data Privacy Day is to look ahead to what the future of the privacy and cybersecurity landscape might look like. A few years ago we might have never envisioned mobile games that could leak your personal information online or social media apps that buy and sell users’ data as a commodity. Now, with the first days of 2020 already behind us, it is both exciting and a little unnerving to imagine what privacy will really mean in the coming decade. To participate in the online live stream of Data Privacy Day 2020, visit StaySafeOnline.org and click on the Data Privacy Day tab.

You might also like…

2020 Trends for Identity Theft, Data Privacy, and Cybersecurity

Begin Your 2019 Tax Filing to Thwart Tax Return Fraud

Don’t Get Grinched by the Ellen Facebook Scam

As this year winds down, it is important to spend a little time reflecting on the 2019 identity crimes, some of the things that went right in 2019 and the things that did not go as well. This is true for so many subjects, especially identity crime – which includes scams, fraud, data breaches, cybercrime and all of the other types of crimes that go with it.

Fallout from 2018

As in previous years, this past year has been a big one for these kinds of crimes. Tech users are still feeling the aftermath of things like the Facebook/Cambridge Analytica privacy debacle that was uncovered last year; Congress is still at work on what to do about consumer privacy in the social media age. Also, the news that phishing attacks more than doubled last year over the year before had researchers, businesses, lawmakers and consumers alike paying closer attention to the messages they receive.

What Went Right in 2019

Fortunately, new legislation has come along to make our privacy lives a little safer. The General Data Protection Regulation (GDPR) regulations went into effect in Europe last year, for example, and they inflict strict penalties on businesses that gather and store data but let it fall into the wrong hands. New laws in California and Colorado will be taking effect soon, intent on strengthening privacy and consumer choice. Best of all, the awareness of what constitutes these kinds of crimes and how to recognize them is increasing.

Top Security Incidents of 2019

However, this welcome news does not mean that consumers are safe or that hackers are finally giving up. With every new platform, tool or technology, there is even greater potential for new avenues of attack. Healthcare providers and insurance companies continued to be one of the hardest-hit targets this year, thanks to the overwhelming amount of personally identifiable information (PII) they gather. “Accidental exposure” breaches were a common 2019 identity crime for major-name companies, which happens when businesses store huge databases of private information – in an online server then fail to password protect it as an example. Even our entertainment was not safe, as many apps and online gaming portals suffered data breaches that were traced back to reusing passwords on multiple sites.

2019 did not just see a lot of large data breaches, but settlements as well.

Equifax Settlement

In July, Equifax reached a $700 million settlement for harms caused by their data breach. Equifax agreed to spend $425 million to help victims of the breach, leading to lots of discussion on how to file a claim.

Facebook Settlement

While the Equifax settlement was the largest in data breach history to date, Facebook blew it out of the water just two days later, as they were ordered to pay $5 billion. After the settlement, Facebook said it required a “fundamental shift” in Facebook’s approach at every level of the company in terms of their privacy.

Yahoo Settlement

A month and a half later a Yahoo data breach settlement was proposed for $117.5 million after over three billion Yahoo accounts were exposed. Identity Theft Resource Center CEO, Eva Velasquez, stated in a media alert that the settlement trend is moving the needle in the right direction for both consumers and victims. However, that was not without its challenges, including putting the onus on the consumer to tell the settlement administrators how they were harmed and provide proof of it.

10,000 Breaches Reported

This past year the Identity Theft Resouce Center also recorded 10,000 publicly-notified data breaches since 2005. As part of the milestone, the ITRC took a look back at some of the top breaches the last 15 years as part of our 10,000 Breaches Later blog series.

Minimizing Future Risks

While data breach fatigue is a recognized phenomenon, one that can occur when consumers are bombarded with constant news about their data being compromised, the flip side is the kind of paranoia that makes you want to unplug and go live off the grid. However, neither of those is the solution. What does work is an awareness of the threat and some good privacy habits to prevent crimes like the 2019 identity crimes:

We’re Here to Help

Remember, you are not responsible for the criminal behaviors of a hacker. However, you can take steps that reduce your risk of becoming a victim and help minimize the damage if the worst does occur. The Identity Theft Resource Center is always here to help. Call us toll-free at 888.400.5530 or live-chat with one of our advisors.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Exercise Car Safety to Avoid Leaving Your Identity Behind

Holiday Phishing Scams Target Small Business

Social Security Phone Scam

If you are a fan of the Facebook ten-year challenge, you are probably excited about its recent comeback. As more people come to terms with the uncertainty surrounding social media use and privacy, many users are starting to take a more cautious approach to how and what they share. From changing their privacy settings to safeguarding the names and images of their children, a lot of users have become more knowledgeable—and therefore more concerned—about what happens to their content once it is posted. If issues like Facebook’s relationship with Cambridge Analytica taught us anything, it is that someone is always willing to pay for information about us.

For example, the Facebook ten-year challenge that swept through Facebook in the early part of 2019 is back, and it has left a lot of people asking what the social media giant is really doing with the images. If you have not seen it yet, users are encouraging one another to post a photo from 2009 and another one from 2019, presumably in recognition of the end of this decade. What is really behind the Facebook ten-year challenge?

A growing number of people have speculated that it is an attempt by Facebook to educate its facial recognition algorithms in the area of age-progression by looking at a ten-year age difference among users. That does not sit well with some privacy-minded people. There has been a lot of outcry over companies like Facebook, Amazon and others who have produced software that has stronger-than-ever capabilities for recognizing faces in a crowd. Amazon has even sold its software, Rekognition, to law enforcement agencies and has just announced brand-new features.

Even some tech industry insiders have been alarmed by the potential for grabbing up social media posts and using them to develop software that some see as an invasion of privacy. However, the Facebook ten-year challenge has led others to try to put a damper on the runaway conspiracy. After all, doesn’t Facebook already own countless photos of its users? What would be the benefit of having users simply post those same images again? Plenty, according to Wired magazine writer Kate O’Neill. Facebook can much more easily “mine” data when they have a fresh set of content that was taken a precise number of years apart.

In this case, it is not about what social media platforms already have access to or doing their legwork for them. Instead, the cause for alarm is more about what users are willing to post without really thinking through the potential for harm. Whether it is an endless stream of food pictures or the GPS coordinates to our children’s schools, we all need to be more aware of what it is that we are posting and how someone else could use it for their own purposes.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Hacked Disney+ Accounts Are Being Sold Online

Our Holiday Shopping Tips to Keep You Cybersafe

E-Skimming is a New Cybercrime That is Just in Time for the Holidays