Home Page Featured 1

The number of data breach victims dramatically increased in Q3 2021 due to a series of data exposures during the quarter 

SAN DIEGO, October 6, 2021 – Today, the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, released its U.S. data breach findings for the third quarter (Q3) of 2021. According to the data breach analysis, the number of data breaches publicly-reported in the U.S. decreased nine (9) percent in Q3 2021 (446 breaches) compared to Q2 2021 (491 breaches). However, the number of data breaches through September 30, 2021 has exceeded the total number of events in Full-Year (FY) 2020 by 17 percent (1,291 breaches in 2021 compared to 1,108 breaches in 2020). The trendline continues to point to a record-breaking year for data compromises (the all-time high of 1,529 breaches was set in 2017). 

For Q3 2021, the number of data compromise victims (160 million) is higher than Q1 and Q2 2021 combined (121 million). The dramatic rise in victims is primarily due to a series of unsecured cloud databases, not data breaches. Also, the total number of cyberattack-related data compromises year-to-date (YTD) is up 27 percent compared to FY 2020. Phishing and Ransomware continue to be, far and away, the primary attack vectors. 

Download the ITRC’s 2021 Q3 Data Breach Analysis and Key Takeaways 

“While the total number of data breaches dropped slightly in Q3, we are only 238 data breaches away from tying the all-time record for data compromises in a single year,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “It’s also interesting to note that the 1,111 data breaches from cyberattacks so far this year exceeds the total number of data compromises from all causes in 2020. Everyone needs to continue to practice good cyber-hygiene to protect themselves and their loved ones as these crimes continue to increase.” 

Other findings in the analysis include: 

  • There have been no publicly-reported data breaches to date in 2021 attributed to payment card skimming services.  
  • Some organizations and state agencies are not including specifics about data compromises or reporting them on a timely basis. One state has not posted a data breach notice since September 2020. 

Enhancing Data Security – U.S. Senate Committee Hearing – Oct. 6, 2021

The ITRC will testify before the U.S. Senate Committee on Commerce, Science & Transportation today to present the findings from our Q3 Data Breach Analysis. Watch the hearing on enhancing data security live at 10 a.m. EST/7 a.m. PST.  ITRC COO, James E. Lee, issued a written statement for the record as part of a hearing with the U.S. Senate Committee. 

For more information about recent data breaches, or the increase in the number of data breaches discussed in the latest trend analysis, consumers and businesses should visit the ITRC’s data breach tracking tool, notified.    

Anyone can receive free support and guidance from a knowledgeable live-advisor by calling 888.400.5530 or visiting  www.idtheftcenter.org to live-chat.   

About the Identity Theft Resource Center  

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a national nonprofit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org and toll-free phone number 888.400.5530. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified. The ITRC offers help to specific populations, including the deaf/hard of hearing and blind/low vision communities.  

Media Contact     

Identity Theft Resource Center     
Alex Achten     
Head of Earned & Owned Media Relations      
888.400.5530 Ext. 3611     
media@idtheftcenter.org    

  • T-Mobile recently suffered its third data breach since December of 2020. The T-Mobile data compromise has affected over 40 million people and led to information like Social Security numbers (SSNs) and driver’s license information being hacked.  
  • Cybersecurity researchers claim the T-Mobile data compromise may impact as many as 100 million current, past and prospective customers. 
  • To protect yourself from the T-Mobile data compromise, consider freezing your credit, changing your passwords and PIN numbers to long and unique passphrases, using multi-factor authentication and not ignoring breach notices.  
  • To learn about recent data breaches, like the T-Mobile data compromise, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC’s) data breach tracking tool, notified
  • For more information on the T-Mobile data compromise, or if someone believes they are the victim of identity theft, consumers can contact the ITRC toll-free at 888.400.5530 or via live-chat on the company website www.idtheftcenter.org.  

Facts Are Stubborn, But Statistics Are Pliable 

Welcome to the Identity Theft Resource Center’s (ITRC)Weekly Breach Breakdownfor August 20, 2021. Our podcast is possible thanks to support from Abine and Experian. Each week we look at the most recent events and trends related to data security and privacy. This week, we talk about the T-Mobile data compromise, which is one of the most significant data breaches so far this year. We also talk about what you should do in response, even if you are not impacted by it. 

Mark Twain once wrote that “Facts are stubborn things, but statistics are pliable.” Apply that same principle to data breaches and you get the natural pattern that emerges when personal information is suddenly stolen or exposed by a cybercriminal. The typical response goes something like this:  

  • “We don’t have any evidence there has been a breach, but we will investigate.” 
  • Followed by “We have investigated and found that a small number of customers information has been compromised, but we do not believe any sensitive or personal data is at risk.” 
  • That statement is often followed by an update that sounds like this: “We have now determined that more than X million of our valued customers are directly impacted by unauthorized access by cybercriminals of our systems, and the data involved does include Social Security numbers (SSNs) and other personal information.”  

T-Mobile Suffers its Second Data Breach Since February 2021 

We don’t “name and shame” companies at the ITRC. Cyberattacks and data breaches are an unfortunate consequence of our digital society. It’s only logical that the more you investigate, the more you know, meaning numbers change. We have laws, regulations and courts to handle the blame game. We do, though, use anecdotes to help educate consumers and businesses on how to protect themselves.  

What Happened? 

This week, T-Mobile finds itself in the unenviable position of providing a teaching moment thanks to its third data breach since December 2020 and its second data breach since February 2021. The nation’s third-largest mobile telecom provider did not know it had been breached until a cybercriminal posted customer information stolen from T-Mobile in an identity marketplace used by identity thieves. 

Cybersecurity researchers claim as many as 100 million current, past and prospective customers may be impacted by the T-Mobile data compromise. T-Mobile has confirmed the personal information of 47 million people has been compromised, including customers’ first and last names, dates of birth, SSNs and driver’s license/identity information in some instances. 

T-Mobile customers can visit the carrier’s website t-mobile.com to learn more about the company’s actions to help victims of the breach. 

What Should You Do to Protect Yourself After the T-Mobile Data Compromise? 

What should you do if you are a T-Mobile customer? Actually, it doesn’t matter if you are a T-Mobile customer or not. Here are some actions that everyone should take to help protect their personal information today and after a data breach:  

  1. Do not ignore data breach notices. There are a lot of them. However, there are usually important action steps in the notices, like how to activate free identity protection services. 
  1. Freeze your creditCredit monitoring is helpful, but it offers no protection. It tells you what happened, but it doesn’t stop anything from happening. To protect yourself, freeze your credit. It’s free, easy and doesn’t impact your credit. 
  1. Change your passwords and PIN numbers to make sure you do not use the same passwords or PINs on more than one account. Make sure the password is long, at least 12 characters, and is something you can remember. You can also use a password manager to generate and keep track of your credentials. Cybercriminals love it when we reuse passwords on more than one account. 
  1. Use multi-factor authentication (MFA or 2FA) on all your accounts that offer it. If possible, use an authentication app rather than have a code sent by text to your phone. Authentication apps are available for free from Microsoft, Google and other software providers. 
  1. If you are a business, make sure you don’t collect more personal information than you need. Don’t keep it longer than you need to complete the transaction. Also, keep what data you do collect and maintain safe and secure by encrypting it. Make sure you offer MFA for your customers’ and prospects’ protection, too. 

Contact the ITRC 

You can always call us at the ITRC if you have questions about what you should do if you receive a data breach notice or hear about a breach in the media, like the T-Mobile data compromise. Just visit www.idtheftcenter.org, where you’ll find helpful tips. You can speak with an expert advisor on the phone (888.400.5530), chat live on the web or exchange emails during our normal business hours (6 a.m.-5 p.m. PST).  

Thanks again to Experian and Abine for supporting the ITRC and this podcast. We’ll be back next week with another episode of the Weekly Breach Breakdown

The ITRC’s three-year study shows nearly 30 percent of victims have been the victim of a previous identity crime; an all-time high number of victims say they have contemplated suicide

SAN DIEGO, May 26, 2021- The Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, has published research that shows nearly 30 percent of people who contact the ITRC are victims of more than one identity crime. The study – the 2021 Consumer Aftermath Report – released today covers the 36 months from 2018-2020 and goes beyond the known financial implications of identity crimes and explores the emotional, physical and psychological impacts experienced by victims.

For the report, 427 identity crime victims who contacted the organization between January 2018 and December 2020 responded to questions about the impact of identity compromises. The survey, which the ITRC has conducted since 2003, discovered that many of the respondents experienced impacts that resulted in definable emotional impacts, physical consequences and lost opportunities. For example, the report shows the highest level of victims who say they have considered suicide – 10 percent – in the 18-year history of the Consumer Aftermath Report.

The ITRC study includes a special focus on victims of pandemic-related identity fraud, including:

  • Thirty-three (33) percent who did not have enough money to buy food or pay for utilities.
  • Forty (40) percent who were unable to pay their routine bills.
  • Fourteen (14) percent who were evicted for non-payment of rent or mortgage.
  • Fifty-four (54) percent who said they felt violated as a result of their identity being misused

Download the ITRC’s 2021 Consumer Aftermath Report

“The 2021 Consumer Aftermath Report shows that the effects of identity theft, particularly during COVID-19, are far-reaching and accelerating,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center. “Even pre-pandemic, for roughly 30 percent of these individuals, this is the second identity crime committed against them. Generally, these victims cannot pay their rent or mortgage, put food on the table, gas in their cars or afford to pay for internet access or childcare needed to look for new employment. In the report, you see the range of emotions – anger, frustration, fear, hopelessness – in their own words. It is crucial we share these findings so others can better understand the ramifications of identity crimes, as well as help force change to better support these victims.”

“While we have all adjusted to masks and social distancing during the COVID-19 pandemic, for victims of identity fraud, the pandemic has created an entirely new set of risks,” said John Breyault, National Consumers League Vice President of Public Policy, Telecommunications and Fraud and an ITRC Board Member. “It might be tempting to focus only on the considerable harm that identity fraud does to consumers. However, we shouldn’t lose sight of the costs to businesses due to lost productivity and lower morale as employees manage their recovery and to taxpayers as fraudsters raid unemployment insurance funds.”

Another critical finding discovered in the 2021 Consumer Aftermath Report is pre-pandemic, identity crime victims struggled with the financial, emotional and physical impacts of having their identities misused. Eighty-three (83) percent of victims could not rent an apartment or find housing and 67 percent incurred debt to meet financial obligations. Also, 84 percent reported being anxious or worried and 76 percent feeling violated.

“The risk of having one’s identity stolen and used to perpetuate fraud may be the least studied, most common, criminal experience that individuals can encounter,” said Brandn Green, Research Scientist at Development Services Group. “The work done by the ITRC in their report to quantify and demonstrate the experiences of victims is invaluable.”

Consumers and victims can receive free support and guidance from a knowledgeable live advisor by calling 888.400.5530 or visiting www.idtheftcenter.org to live-chat. 

About the Identity Theft Resource Center   

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nonprofit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org, toll-free phone number 888.400.5530 and ID Theft Help app. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified.    

Media Contact  

Identity Theft Resource Center  
Alex Achten  
Earned & Owned Media Specialist  
888.400.5530 Ext. 3611  
media@idtheftcenter.org   

  • The third round of stimulus payments is on the way. Scammers are aware, too, which means another round of scams as well.
  • Remember, the Internal Revenue Service (IRS) will not text, email or call anyone about a stimulus payment. If someone receives an unsolicited message from someone claiming to be with the IRS, it is probably a stimulus payment scam. Consumers should contact the IRS directly to verify before they respond. 
  • Offers that require people to pay to receive a stimulus benefit or to use a service to get a payment faster are also signs of a stimulus payment scam. 
  • Consumers can track their new stimulus checks once they are sent. Then can visit the IRS “Get My Payment” page to follow their payments.  
  •  To learn more about stimulus payment scams, the new stimulus payment or if someone suspects they are the victim of a stimulus scam, they can contact the Identity Theft Resource Center toll-free at 888.400.5530 or by live-chat on the company website.  

New Stimulus Payments Approved by Lawmakers 

Lawmakers voted to approve the third stimulus package since the coronavirus pandemic. The package includes a $1,400 stimulus payment for anyone who earns $75,000 or less (the payments start to phase out at $75,000), extends jobless aid supplement and programs making more people eligible for unemployment insurance, and much more. However, it could mean more stimulus payment scams.

Late in 2020, lawmakers agreed on a new stimulus package, which included a $600 stimulus payment for anyone who earned $75,000 or less. There was also a reduced payment for anyone who made $75,000-$99,000.

In the spring of 2020, the first batch of stimulus payments assisted Americans in need of financial relief due to the economic impacts of COVID-19. Criminals took advantage of the situation by offering to help benefit recipients speed access to their stimulus funds. Criminals stole checks from nursing home residents, out of people’s mailboxes, and even from postal trucks. The Identity Theft Resource Center (ITRC) saw some of those methods used to steal identity information and stimulus payments the second time around, and expect to see it again. The ITRC has also had a sharp rise in reported stolen stimulus payments and stimulus payment scams cases.

As of March 10, 2021, the Federal Trade Commission (FTC) had logged more than 382,000 consumer complaints related to COVID-19 and stimulus payments totaling more than $366 million in losses. Two-thirds of the complaints involved fraud or identity theft. The median fraud loss per person is $325.

New stimulus checks mean more scams are on the way. With more stimulus payment fraud expected, consumers should know how to spot a scam and what to do if an identity criminal contacts them.

Possible Stimulus Payment Scams 

According to the Washington Post, researchers recently discovered a campaign of thousands of emails that sought to trick Americans into filling out a phony form to “apply” for American Rescue Plan checks from the IRS before the third stimulus package was even passed by congress. The emails encouraged recipients to download an Excel sheet that launched malicious software that steals personal banking information and other login credentials once downloaded.

Criminals use different schemes to trick people, and they can be expected to do the same this time, as seen above. Here are a few things for people to watch for that indicate that someone might be the target of a stimulus payment scam:

  • Text messages and emails about stimulus payments – Criminals use text messages and emails to send malicious links in hopes that people will click on them to divulge personal information or insert malware onto someone’s device. If anyone receives a text message or email about a stimulus check or direct deposit with a link to click or a file to open, they should ignore it. It’s a scam because the IRS will not contact anyone unsolicited by text, email or phone to discuss a stimulus payment. 
  • Asked to verify financial information – The IRS will not call, text or email anyone to verify their information. If information needs to be confirmed, people will be directed to an IRS web page. This includes retirees who might not typically file a tax return.  
  • A fake check in the mail – Anyone who earns $75,000 or less will get $1,400. People who make between $75,000-$80,000 will receive a reduced amount. Anyone who gets a check and has questions about the amount, or thinks the check seems suspicious, should contact the IRS.
  • Offers for faster payments – Any claim offering payment faster through a third-party is a scam. All new stimulus checks will come from the IRS, and the IRS says there is no way to expedite a payment.  
  • Pay to get a check – No one has to pay to receive a stimulus check. New stimulus checks will be deposited directly into the same banking account used for previous stimulus payments or the most recent tax refund. If the IRS does not have someone’s direct deposit information, a check or prepaid card will be mailed to the last known address on file at the IRS.
  • Stolen checks – The ITRC has received numerous complaints from consumers about their stimulus checks being stolen. If anyone believes their payment is stolen, they should visit IDTheft.gov, where they can report, “Someone filed a Federal tax return – or claimed an economic stimulus payment – using my information.”

What to Do If You’re a Victim of Stimulus Payment Scams 

 If anyone believes their information may have been compromised or their stimulus payment was stolen, the IRS suggests people report it to the IRS and FTC simultaneously through IdentityTheft.gov. If anyone wants to learn more about stimulus payment scams or if someone believes they are the victim of a stimulus payment scam, they may also contact the Identity Theft Resource Center toll-free. Consumers can call (888.400.5530) or live-chat on the website. People can go to www.idtheftcenter.org to get started.

The post was originally published on 12/22/20 and was updated on 3/10/21

Free credit reports are now available to access every week to help minimize the long-term economic impacts of COVID-19. The continuing crisis surrounding the virus has affected people’s lives in many ways. However, fear of the economic impact is also at the top of many people’s minds. Across the U.S., more than 40 million people have filed for unemployment benefits since the first wave of the coronavirus closures and many business owners have had to shut their doors. Some employees wonder if their jobs will be waiting for them and business owners question whether they will be able to reopen once it is safe to do so.

Fortunately, there is some good news for consumers who are concerned about their financial security. The three major credit reporting agencies are offering free credit reports every week through April 2021.

While the economic impacts can be far-reaching, there are other harmful effects as well. Data breaches continue to happen. At least six states who have established public-facing websites for filing unemployment claims have exposed tens of thousands of users’ identity credentials online. There have already been reports of scammers targeting those seeking assistance with phishing attempts.

Consumers have been entitled to a free copy of their credit reports, up to one copy per year from each of the three major credit reporting agencies—TransUnion, Equifax and Experian. Those reports are readily available from AnnualCreditReport.com and are easy to download. However, requesting further reports after the initial free request (in a twelve-month period) could incur a fee. Now, consumers will be able to access each of their free credit reports every week through next spring with no additional cost.

For consumers, checking and understanding their credit report is vital in order to maintain some control over their financial health. It gives them a clearer picture of their current debt and spending potential, as well as help uncover whether or not malicious actors have been using their identities. Any fraudulent charges, purchases and lines of credit would appear on the credit report, making it helpful for monitoring one’s identity. To request a free credit report, users need to visit AnnualCreditReport.com and enter their information. The report will be available for download almost immediately. For more information on how to request a report and why it is a useful tool, click here. If there are any signs of suspicious activity on the report—such as purchases, new credit cards or too many inquiries from lenders—consumers can contact the Identity Theft Resource Center via live-chat or toll-free at 888.400.5530.


You might also like…

DARK WEB DATA BREACH LEADS TO THIEVES STEALING FROM THIEVES

AERIES DATA BREACH AFFECTS SCHOOL DISTRICTS ACROSS CALIFORNIA

PURPORTED LIVEJOURNAL DATA BREACH LEADS TO 26 MILLION USER RECORDS BEING STOLEN

In 2017, criminals accessed Equifax’s database of consumers exposing the personal identifying information of over 148 million Americans. Equifax, one of the three main credit reporting agencies (CRAs), noted that Social Security numbers, addresses, birth dates and credit card information were all apart of the information exposed. This data breach created an increased risk of identity theft for millions of Americans. Now over two years after the breach was reported, a settlement has been reached. Details are still emerging but it’s important to understand the basics of what we know today.

The Equifax settlement agreed to pay up to $700 million dollars for harms caused by the data breach – the largest monetary settlement in data breach history. In the settlement, filed on July 22, 2019, Equifax agreed to spend up to $425 million to help the victims of its 2017 data breach. An additional $275 million will be spent to pay civil penalties. Also included in the Equifax settlement is the requirement to update security protocol and increase measures to protect consumer information.

If your information was exposed in the data breach, Equifax should have notified you directly via mail. A part of the settlement, a new breach claim site will also have a tool for consumers to check if their information was exposed. If you were affected by the breach, the Equifax settlement is offering certain benefits to minimize your risk of identity theft.

Settlement Benefits for Victims

First, Equifax will provide a total of up to 10 years in free credit monitoring services. The first 4 years will be provided for all three major CRAs – Equifax, TransUnion and Experian. Then Equifax will provide the services for monitoring their report for an additional 6 years. If you were a victim of the breach and a minor, even more services are available at no cost. If victims choose to opt-out of the free credit monitoring option, they may be eligible for a $125 cash payment.

Second, victims who have already dedicated resources to protecting their identity because of the Equifax breach could be reimbursed up to $20,000. This includes time spent protecting your identity or efforts to recover it. It also includes any money spent like the cost of lawyers or fraudulent financial charges. It’s unclear what the specifics behind how to obtain this reimbursement, but consumers will most likely bear the burden to prove the impact in order to receive compensation.

Finally, if you did fall victim to identity theft because of the breach Equifax is providing free restoration services. These services are offered for up to seven years and can be used if someone steals your identity or if you are a victim of fraud. Again, it’s unclear how consumers will have to prove that they were directly victimized as a result of the breach, but as details emerge we will share information.

As of July 24, 2019, the settlement administrator is now accepting claims. The deadline to file a claim is January 22, 2020. Find the full details here: https://www.equifaxbreachsettlement.com/

Read our guide on How to File an Equifax Claim for Data Breach Settlement

Beyond the financial impacts of the breach, nearly 90 percent of respondents said they experienced adverse feelings or emotions within one year of the initial event as reported in The Aftermath: Equifax One Year Later study by Identity Theft Resource Center.

Stay Updated with Alerts

The Federal Trade Commission (FTC) says the settlement is still in process and claims can be made after court approval. The FTC is regularly updating information as it becomes available at ftc.gov/Equifax.

Steps to Reduce Your Risk

Being a victim of the data breach does not automatically make you a victim of identity theft; however, it does greatly increase your risk. There are some steps ITRC recommends that can reduce your risk of identity theft. You can also call to speak with one of our expert advisors at no-cost at 888.400.5530 or livechat to learn more about your risk and preventative measures.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

How to File an Equifax Claim for Data Breach Settlement

How To: Place a Free Credit Freeze

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

United States Customs and Border Protection (CBP) announced that it was victim of a data breach at the hands of a third-party partner. The information exposed included photos of license plates and travelers. CBP released a statement about the breach saying,

“In violation of CBP policies and without CBP’s authorization or knowledge, [a subcontractor] transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network,” CBP added. “The subcontractor’s network was subsequently compromised by a malicious cyberattack.”

The hack happened by accessing a database on the third-party’s server that was unauthorized by CBP to exist. Although the third-party who caused the breach was not directly named, The Washington Post reported that the subject line of the emailed statement included “Perceptics.” Perceptics is a company based in Tennessee whose website boast they have been “securing our nation’s boarders for more than 30 years.” They design technology for identifying vehicles and license plates for federal and commercial use.

CBP claims they have conducted a thorough search and have not found any of the stolen information on the dark web. This does not however mean the data is impossible to use for malicious acts. President and CEO of ITRC, Eva Velazquez, sums it up in her NBC7 interview saying, “These things, they stay in perpetuity. It is not going to disintegrate. So even in this moment, if there is not a way to monetize, that does not mean 10 years from now that (stolen information) might not be more valuable.”

While CBP noted their own databases were not affected by this attack, this is not the first data breach under the Department of Homeland Security. Early last year it was reported more than 240 thousand employee records were exposed by a former employee.

ITRC continues to monitor the trend of cybercriminals targeting large third-party versus smaller first party databases. Four million records were exposed in 2018 because of focused cybercrime efforts on vendor security. By targeting popular third-party vendors that work with multiple companies, criminals can collect even more personal identifying information in one attack.


You might also like…

Imposter Scams Were the Most Reported Complaint in 2018

In New Scam, Criminals Pose as Government Pretending to Help With Identity Theft

Study Explores Non-Economic Negative Impacts Caused by ID Theft 

 

When news of yet another data breach comes out, the reaction can range from panic to “blah.” At the one of end of the spectrum, consumers can be left with documented feelings of stress, fear and even paranoia about further attacks to their identity. At the same time, a very real phenomenon known as “data breach fatigue” occurs when there are so many attacks that consumers stop taking them seriously.

Fortunately, a new tool can help consumers make sense of a data breach; while neither overreaction nor inaction is an appropriate response, this tool can help people who are affected by the breach understand their options and take corrective action.

The Identity Theft Resource Center and Futurion have partnered and launched a tool called Breach Clarity, which takes publicly-available data breach information and breaks down both the threat and that actionable steps for consumers.

Watch Our New Free Webinar: Deciphering the Code of Data Breach Notifications

Unfortunately, far too many consumers do not check up on these kinds of attacks until it is too late. Even then, many victims of data breaches do not follow up on the support that notification letters offer, including things like identity theft protection or credit monitoring.

Breach Clarity lets users type in a general search term for a known breach and see a graphic representation of the threat level based on a number of factors. These include things like understanding whether or not financial information was exposed or if Social Security numbers (or other sensitive PII) were accessed. From there, a one-to-ten risk score is provided so consumers understand just how seriously this could affect them. The Home Depot breach in 2014 only receives a 3 out of 10 because of the nature of the information that was stolen; the 2015 attack on the US government’s Office of Personnel Management was far more serious and received a 10 out of 10 risk score as a result.

Breach Clarity was unveiled at the 2019 KNOW Conference in Las Vegas where it won first place in the third annual Identity Startup Pitch Competition. The criteria for selecting a grand prize winner included factors like the degree to which the entrant meets the customer’s needs and expectations, innovation, originality, and more.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Your Passport and Your Identity

A recently-discovered data breach of the Starwood brands of Marriott International’s hotels has left consumers and security advocates alike scratching their heads. At the heart of this confusion surrounding the theft of data for around 25 million guests is passport security, or more accurately, the need to safeguard both your physical document and its number. So assuming that your passport was affected, what do you do?

As noted in the newest release published on January 4th, 2019, “Marriott now believes that approximately 5.25 million unencrypted passport numbers were included in the information accessed by an unauthorized third party. The information accessed also includes approximately 20.3 million encrypted passport numbers.” According to numerous sources including the US State Department, your passport number on its own is not a highly valuable piece of information for a hacker. However, when combined with some of the other data points that were compromised in this breach, your number could possibly be used to craft a more complete profile for identity theft – or allow for an identity thief to generate a synthetic identity with more validity.

First, if the physical document is lost or stolen, that is absolutely an urgent matter. You should report it to the proper authorities—namely the State Department who issues them—so that there is a record of the missing document. If it is used for identity theft or fraud, you will have already filed it as missing.

Read: What To Do If Your Passport is Lost or Stolen

But in the case of this data breach where only the number was compromised, your recourse is a little different:

1. If only the number and not the actual document is stolen, don’t be too quick to replace it. Since the number by itself does not directly result in identity theft, you may not be given a new passport free of charge. That means you’ll pay for the new document out-of-pocket.

In the case of the Marriott breach, if you can show proof that your passport was the cause of fraud or identity theft, they are offering to replace it. Read the specifics very carefully to understand what your recourse is in this particular case.

2. If the document was set to expire in the near future AND you were planning to replace it, there’s no need to wait if you can demonstrate that it was compromised. However, you may need to provide the notification letter or email from Marriott International to show why you’re requesting a new passport early.

3. When you decide to replace your passport, it will contain a new number (unlike driver’s licenses that retain their issue number, for example), but that doesn’t mean someone couldn’t still use your old number to piece together your identifying information. You will still need to monitor your accounts—especially travel-related accounts—carefully.

Read: What Can a Thief Do With Your Driver’s License?

This breach also serves as a cautionary tale about oversharing: unless you are required to turn over a piece of identifying information, think twice about submitting it. Many consumers take domestic flights and stay in hotels without even owning a passport; just because you have one doesn’t mean you have to provide the number every time it’s an option.

Finally, as if this wasn’t worrisome enough, there’s another potential threat that could be looming: scams associated with passports. With any high-profile event, scammers crawl out from under their rocks to take advantage of the public. Be wary of any email, text, social media post or other communication that plays off of fears surrounding compromised passport numbers.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read: The Real People Behind Identity Theft Statistics

For years, security experts and advocates have warned consumers about suspicious websites, specifically ones that take your sensitive information or payments. The best course of action? To look for the HTTPS designation in the web address at the top of the screen and the little padlock icon, both of which indicate a site can be trusted.

Unfortunately, scammers continue to evolve their ways to continue victimizing the public through technology. A new report has found that about 49% of known phishing websites—websites that steal your information after tricking you into submitting it—contain a secure designation and a little green padlock. The “look for the lock” advice that was once a sound way to protect yourself is a little less reliable than before.

Just as scammers have evolved, now it’s up to consumers to make some changes in order to protect themselves from the latest threats:

1. Install a security suite that offers anti-phishing and website security

A basic antivirus isn’t enough to keep you safe anymore, and a number of well-known security software developers have incorporated a lot of extra features. Some can alert you to a fake website or known scammer before you compromise your information. Even better, many security programs offer a wide range of subscription prices—even free plans—so there’s something to meet every budget.

2. Establish a throwaway email address

Some sites want nothing more than your email address so they can sell it to spammers. Generate a free email address that is separate from your everyday, commonly used one. Then, whenever you’re visiting websites that want your email address, you have the option to trust the site with your contact information or use your backup email address.

3. Designate a payment card for internet purchases

The last thing you need is for a phishing website to steal your money, but it happens. By intentionally having an “internet only” credit card that is not connected to your bank account and that has a very low credit limit, you may have an easier time protecting yourself from someone who steals your information.

The most important thing you can do is to remember that what was once considered top-notch security advice can change as new technology and new developments occur. It’s not enough to develop a good habit and never deviate from it. Instead, you need to stay informed by following ongoing coverage of the latest scams and frauds.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert