The Identity Theft Resource Center (ITRC), a nationally recognized non-profit focusing on identity theft and related issues, has just published a whitepaper containing the results of its Public WiFi Usage Survey, which aimed to measure the level of knowledge and usage of public WiFi. The ITRC conducted this survey in order to better understand how consumers perceive and use public WiFi.

This information would then be used to heighten consumer awareness about safe usage of public WiFi.

“While technology seems to be making all of our lives easier, it can also leave us open to unsafe practices in exchange. Many people do not realize that using the Internet at your local café can lead to identity theft,” said Nikki Junker, Social Media Manager for the ITRC.

Some highlights of the study, which was done in conjunction with PRIVATE WiFi, include:

  • ¾ of the respondents had used Public WiFi in coffee shops/restaurants within the last 12 months.
  • 79% of respondents believed that using a free Public WiFi connection can lead to identity theft.
  • Nearly 40% of survey respondents did not know there are ways to protect sensitive data when using Public WiFi.

Click here to view the full whitepaper on the ITRC website. In connection with the release of the survey findings, PRIVATE WiFi created an infographic containing a great deal of information from the study. Click here to view the infographic on PRIVATE WiFi’s website.

About the ITRC

The Identity Theft Resource Center® (ITRC) is a nationally recognized non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft. Visit Victims may contact the ITRC at 888-400-5530.

About Private Communications Corporation

Private Communications Corporation is a security technology company that protects personal data and information online. PRIVATE WiFi, the company’s flagship software product, encrypts all computer data across unencrypted WiFi networks, ensuring online privacy for those without access to virtual private networks (VPNs).

San Diego, CA (July 11, 2012):  The Identity Theft Resource Center® recorded 213 breaches for the first six months of 2012, with an astonishing 63.4% of them having no reported attributes.  This represents a doubling in the number of data breaches which did not have any type of attributes identified for the incident, giving the public little or no insight into what happened.This trend makes it obvious that with few exceptions, there is minimal transparency when it comes to reporting breaches. From 2005 through 2011, the ITRC Breach List tracked five categories of breach attributes: insider theft, hacking, data on the move, accidental web/Internet exposure, and subcontractor.  In 2012, employee error/negligence was added as a new attribute to more clearly recognize those data breaches that were not the result of malicious intent.  This is good information for the public to know, both for understanding trends in breach exploits, and to understand what the probable consequences of a particular breach might be for those affected.

However other than breaches reported by the media and a few progressive state websites, there continues to be little or no information available on many data breach events.  The public has no way of knowing just how minor or serious the data exposure was for any given incident.  The media has helped by reporting more details for some breach events, but in general there appears to be ever less transparency about breach events than in previous years.

It is clear that without a mandatory national reporting requirement, that many data breaches will continue to be unreported, or under-reported, and it would appear that the situation is growing worse.

ITRC Breach Report Key Findings

  •  Paper breaches for the first half of 2012 account for nearly 15% of known breaches, down from 17.7% for the same period in 2011.  These types of breaches typically go unnoticed until a consumer reports the problem to local media, as most paper breaches are not required to be reported.  If you want to really understand the threat of these low-tech breaches, contact the US Postal Inspection Service and ask if they consider mail theft a serious problem.
  •  Breaches in the medical/healthcare industry are on pace to hit an 8 year high, and currently represent 27% of the total breach incidents reported so far in 2012.  This number is a drastic increase over the 17% reported for the same period in 2011 and exceeds the previous high of 24% for calendar year 2010.
  •  The banking industry continues to show improvement as that category currently represents only 4% of the total breaches reported on the ITRC Breach List.  This is down significantly from the 8% reported during the first half of 2011, and represents an 8 year low should it continue.
  •  Breaches involving third parties, or subcontractors, doubled over the same period last year, with 14% of identified data breach incidents reporting third party involvement.  These events make the case that although your company may have taken adequate measures to protect information, the contractor you hire may not be as careful.
  •  Malicious attacks involving “hacking”  continue to represent an ever increasing growth, with 30.5% of the breaches so far this year identifying hacking as the root cause, up from the 27.7% reported for the same period in 2011. If this rate increase continues, 2012 will be on pace to have another record high year in this category.   Insider theft, which is also identified as a malicious attack, was down in the first half of 2012, 7.5% compared to 17.3% for the same period in 2011.  This could indicate that companies are getting better with internal controls and vetting of employees.  When combined, these categories represent nearly 40% of all reported breaches.
  •  Breaches involving “Data on the move”  are being recorded at an all-time low.  To date, only 7.5% of the breaches in 2012 have been identified in this category.  This represents a tremendous drop from the 15.6% reported in the first half of 2011.  Hopefully, this indicates a new awareness of companies and employees about the data carried on laptops and mobile devices.  “Accidental” causes are identified in 11.7% of the breach incidents reported; up somewhat from the 9.1% reported during the first half of 2011.  The newly identified employee error/negligence category is identified in 6.1% of the breach incidents reported.
  •  44.4% of publicly reported breaches indicated the number of records exposed, totaling 8.5 million records.  It should be noted that the ITRC Breach Report does not include breach records due to exposure of non-sensitive information, such as email account records in its total number of records.  These 8.5 million records are all related to exposure of sensitive Personal Identifying Information (PII) or other sensitive account information. As such, breach incidents which involve passwords, user names and email addresses may be included on the list but the number of records exposed is not counted as part of the annual total record exposure.  So the records that are totaled consist of those that might contain Social Security numbers, credit/debit credit numbers, financial account numbers or other pieces of information such as driver’s license numbers or medical insurance numbers.
  •  96 breaches (45.1%) reported in the first half of 2012 included the exposure of Social Security Numbers.  This is a significant drop from the 64.5% of the breaches which exposed SSNs during the first half of 2011.
  •  41 breaches (19.2%) involved credit or debit cards, dropping considerably from the 34.6% of the breaches involving credit/debit cards in the same time period during 2011.

The ITRC has long recognized the fact that breaches are being not reported, or under-reported.  Any efforts to accurately quantify the actual number of breaches and resulting number of compromised records are stymied in the absence of mandatory reporting on a national level.  Unfortunately, in the absence of national requirements for breach reporting, this situation is getting worse.

Another challenge continues to be how to define the threat to consumers when the compromised information is not “sensitive” personal information but “non-personal” in nature.   It is well known that this type of information still poses a threat to consumers through spearphishing and social engineering.

For the reports and statistics used for this release, go to .

About the ITRC

The Identity Theft Resource Center® (ITRC) is a non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft. It is the on-going mission of the ITRC to assist victims, educate consumers, research identity theft and increase public and corporate awareness about this problem.  Victim Hotline: 888-400-5530,


Click to download the attached file(s):

The Identity Theft Resource Center (ITRC) recently conducted a brief Facebook Social Media Survey to measure interaction trends between internet users and Facebook. The ITRC conducted this survey in order to better help victims with Facebook-related identity theft concerns and issues and received 446 responses.

“As our world transforms more and more into a cyber environment, social networking becomes a larger part of our lives. Because of this, it is important to understand how social networking users comprehend the safety risks while engaging on such sites. This can help in efforts to protect consumers by defining problem areas.” says Nikki Junker, Social Media Coordinator for the ITRC.

“The survey results will help the ITRC in developing informative materials and documents. These publications aim to educate consumers in order to help minimize their risk of becoming victims of identity theft and mitigate the losses of those who have already become victims.”

Click here for White Paper

The Identity Theft Resource Center has been made aware of a group operating in California under the name ‘Californians Against Identity Theft’.  The group is claiming that there is a link between the gathering of signatures for ballot initiatives and identity theft.

Using this correlation, the group is pushing to outlaw paid signature gathering for ballot initiatives. The Identity Theft Resource center does not agree with this statement considering that an individual’s name and registered address does not qualify as sensitive personal information.  It is also concerning that many organizations, ourselves included, who have built strong reputations as advocates for consumers against identity theft have no knowledge of this group, or of any work they have done in the field of identity theft.  Along with other organizations, the Identity Theft Resource Center has reached out to Californians Against Identity Theft requesting that they remove the misleading information regarding the threat of identity theft from their campaign.  We have also requested that they make transparent their organization and funding sources.

The Identity Theft Resource Center will continue to monitor this situation with the best intention of the consumer in mind.

(San Diego, CA  April 19, 2011):  The Identity Theft Resource Center® has found that hacking accounted for the largest number of breaches in 2011 year-to-date.  Almost 37% of breaches between January 1st and April 5th were due to malicious attacks on computer systems.   This is more than double the amount of targeted attacks reflected in the 2010 ITRC Breach List (17.1%).


Note that these numbers do not include the recent hackings of enormous quantities of email addresses from companies.  Email addresses alone do not pose a direct threat as long as consumers realize that they are more susceptible to phishing scams.  Phishing scams try to trick readers into providing personal information that can be used for identity theft.

Paralleling the ITRC breach report finding is the recently released Symantec Internet Security Threat Report. This report discloses that over 286 million new threats were identified during 2010. Additionally, the Symantec report said they witnessed more frequent and sophisticated targeted attacks in 2010.  This may partially explain why the ITRC observation of increased hacking has occurred so quickly.

Additionally, a new survey by McAfee found that the most significant threat to businesses was data leaked accidentally or intentionally by employees.   ITRC views these as two different types of breaches.  Accidental breaches are those that happen by employee mistakes, and while they cause harm, the people who made a mistake never intended to injure the company.   However, the insider who intentionally steals or allows others access to personal information is considered a malicious attacker.

“At first it may be difficult to know if a hacking was perpetrated by an insider or outsider,” says Linda Foley, founder of the ITRC and data breach report manager.  “ITRC does not have access to the Secret Service’s forensic information has so we can only report on situations when information is released.  As of April 5, 11.6% of 2011 breaches with known forms of leakage were insider theft.  When these events are added to known hacking attacks, ITRC’s breach database report indicates that 48.2% of published breaches are some form of targeted attack.”

The business community seems to be taking the brunt of hacking attacks, according to published reports of breaches.   In fact, 53.6% of all breaches on the ITRC report were business related.   The other categories, “Banking/Credit/Financial,” “Educational,” “Government/Military,”, and “Medical/Healthcare” all dropped in their respective percentage of reported breaches.

Unfortunately, it is still difficult to ascertain the true cause of many breaches due to entities publicly stating “the information was stolen” or “due to theft.”  Additionally, nearly half of breached entities did not publicly report the number of potentially exposed records.  Several medical breaches ranging up to 1.9 million records caused a spike in the total records for the health services field.  This was probably due to mandatory reporting by HHS.  Since other entities do not have that type of requirement, it is likely that entities in other categories also had breach events with large record exposure numbers that went publicly unreported.

No conclusions can be drawn yet about how this year will compare to prior years.  The one thing that is consistent, year after year, is that data breaches will occur.  These events are outside the realm of consumer control.  Due to our individually broad electronic “footprints”, our Social Security numbers and financial account numbers are in a vast pool of information that can be breached.  The responsibility for protecting this personal identifying information is fully on those who request and store it.  All entities that collect personal information need to understand and embrace the concept that only they can safeguard our information and that this safeguarding must be an urgent priority.

Not only are hackers winning, but so are the thieves who steal unattended laptops and dig into dumpsters behind companies for paper data.  Breaches just don’t happen, they are allowed to happen.  ITRC will continue to track, analyze and report on the situation of breaches of personal information.

About the ITRC

The Identity Theft Resource Center® (ITRC) is a nationally recognized non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft.  Visit  Victims may contact the ITRC at 888-400-5530.

Click to download the attached file(s):

(San Diego, CA: April 19, 2011)  According to the “Weather Channel”, tornado season in the U.S. lasts from April through July, with May and June being the peak months.   The Identity Theft Resource Center (ITRC) wishes to alert the public to several potential identity theft-related situations that might arise from such a natural disaster. This information is based on previously observed criminal behavior in disaster situations.

If your information is missing after a tornado, don’t panic.  The information could be so badly destroyed that no one could use the information.  However, that being said, here are some valuable tips to help prevent the loss or exposure of your personal information.

  • Individuals:  Keep your tax and insurance papers, financial records, medical identification cards and items with Social Security numbers in a portable locked box that can easily be taken with you if you must evacuate or move into an underground shelter.  Prepare your computer for transport, or remove the hard drive and put it in your locked box.
  • Individuals:  If you find you will be housed in a community shelter, do not leave the items in your locked box unwatched under any circumstances.  The good news is you have a cache of important information to help you recover.  The bad news is this is a tempting target for an identity thief.
  • Companies:  Keep locked files with personal identifying information in the safest place of your building space.  Should you return and find this information missing for whatever reason, immediately contact law enforcement. Then contact, if possible, the affected parties so that they can place fraud alerts on their credit reports.
  • Be aware and wary of scams.  Fraudsters will often use a disaster situation to exploit victims.  They may contact disaster victims stating that company databases were damaged, and that they need critical information to reconstruct the accounts that were affected.  This is a “phishing” scam, whether by phone, text, or email.  No creditable companies or government agency will contact consumers in this manner.  Often scammers pretend to be a relief group collecting money.  Only send money to relief groups after you have validated the group as well as the address/account that is to be used to collect donations for relief.  Well established groups, such as the Red Cross, are the best bet.
  • Should you find documents belonging to others that contain sensitive personal information, immediately turn them over to a law enforcement agency, be it local or federal.  Remember use of personal identifying information belonging to others is a criminal act.  Help prevent that crime by doing the right thing.

The ITRC remains committed to stopping identity thieves from adding to the human tragedy of any disaster.

About the ITRC

The Identity Theft Resource Center® (ITRC) is a nationally recognized non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft.  Victims may contact the ITRC toll-free at 888-400-5530 or visit us online at .