Unbeknownst to many consumers, the country’s most advanced consumer privacy act just went into effect on January 1, 2020. The California Consumer Privacy Act (CCPA) outlines some of the strongest protections for individual consumers and the companies they choose to do business with. However, some early reporting shows that a lot of people are still not aware of the new legislation.

CCPA provides new protections in the event of a data breach, new tools for consumers to find out exactly what information a company has collected and sold or shared and more. Under the CCPA, consumers also have the right to delete some personal information and opt-in for children. In the CCPA personal information is defined as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information under the CCPA does not include publicly available information.

 Companies doing business in California — whether they are located there or not, or simply have customers or users who reside in the state — must provide more than just the proof of information they have collected. If an individual consumer does not want their information sold to third parties, the CCPA states they have the right to opt-out and the companies must comply. Failure to comply could result in significant fines, penalties and damage awards of up to $7,500 per consumer.

Image of business with notice of CCPA

That has been a sticking point for a number of businesses, though.

There are questions about how businesses will comply with the do not sell requirements. Some companies are claiming that if they “share” their users’ data with an outside company, they are in compliance. The supporters of the CCPA have said selling or sharing is the same thing, though companies like Facebook, CVS, Indeed and others argue their methods of providing users’ information to outsiders does not violate the CCPA.

Image of Conde Nast disclosure of CCPA

Some of the other responsibilities of businesses include a child opt-in requirement, a website notice requirement, a duty to educate, vendor agreements, third-party transfers and cybersecurity protections to prevent a data breach. In the event of a data breach, consumers can now sue to recover up to $750 in costs per data breach. For more information about consumer rights in the event of a data breach or other CCPA rights, click here.

Image of business disclosure of CCPA

Though the California Consumer Privacy Act went into effect on January 1, businesses have until July 1 to comply before enforcement—and presumably, punitive action—begins. It will be interesting to see both how this plays out for businesses that make a lot of money by selling their customers’ information, and how many other states follow suit with legislation of their own.

Sign Up For Identity Theft and Data Breach News

Sign up for the TMI Weekly to stay in the know about potential threats to your identity/privacy and tips to keep you safe. Our monthly breach alert keeps you posted on the latest trends and activity in the world of breaches.

Free Identity Theft Assistance

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

This news is currently evolving and we will update as announcements are made available.  

You might also like…

The holidays have past and a new year is upon us. With that, New Year’s resolutions are beginning to surface. Some resolutions might include going to the gym every day, spending less time on social media or creating a budget you can actually stick to next year. While some of those resolutions might be more realistic than others, there are some practical resolutions you can make that will be even more beneficial. And it’s all based on protecting your identity… In 2019, the Identity Theft Resource Center saw the number of data breaches reported continue to rise. In fact, the ITRC has now recorded over 10,000 data breaches since 2005, hitting the mark this past calendar year. 2019 also saw the announcement of large-scale data breaches like Capital One and healthcare providers and insurance companies continue to be one of the hardest-hit targets, thanks to the overwhelming amount of personally identifiable information (PII) they gather. So what is your New Year’s resolution heading into 2020? If you do not have one, or even if you do, consider making some 2020 identity theft New Year’s resolutions to make your personal data as safe as you can. You can protect your privacy through your simple, everyday habits.

Resolution One: Be Aware of What You Post on Social Media and What You Share

If you are connected online through any of the several social media platforms, you need to know how they work and how to keep your information private.

  • Enact practices that include not oversharing information and change your settings to private.
  • Use different passwords for each social media account.
  • Create strong and unique passwords that include two-factor authentication.

Resolution Two: Guard Your Data

One of your 2020 identity theft New Year’s resolutions should include keeping better tabs on your PII. Do not just turn over your Social Security number without asking why they need it and verifying their plans to protect it. A lot of organizations still ask for it simply out of habit. However, your SSN was designed as a tax identification number, and by law is not to be used for everyday identification purposes.

Resolution Three: Know the Latest Scams and Help Others Stay Alert Too

Fraudsters are always trying to find new ways to attack. That is why it is so important for consumers to stay up-to-date on all of the latest scams, fraud attempts and identity theft information. You can check in with the ITRC for the latest information by signing up for the TMI (Too Much Information) Weekly and following the ITRC on Facebook and Twitter. Once you know about the latest threats, you can help spread the word with friends and family.

Resolution Four: Adopt Good Cyber Hygiene Habits

While 2019 was the year of data, 2020 will be the year of privacy. That is one reason why your 2020 identity theft New Year’s resolutions should include good privacy habits. While data breach fatigue is a recognized phenomenon, the flip side is paranoia that makes you want to unplug and go off the grid. Neither is a solution. Rather, the solution is good privacy habits:

Resolution Five: Watch Out Account Hacks from Credential Stuffing

In 2019 we saw numerous data breaches and account hacks from credential stuffing. Disney+ users saw their accounts sold online after hackers were able to infiltrate their accounts and change the passwords to lock users out. Earlier in the year, TurboTax announced a data breach that was caused by credential stuffing. Consumers need to be sure they are consistently changing their usernames and passwords to reduce the risk of credential stuffing and having any accounts hacked. The unfortunate truth is that some identity theft crimes are unpreventable. However, these 2020 identity theft New Year’s resolutions are steps you can take that will reduce your risk of falling victim to identity theft and increase the likelihood of you spotting a problem quickly. The ITRC is always here to help. Call us toll-free at 888.400.5530 or live-chat with one of our advisors.

You might also like…

2020 Trends for Identity Theft, Data Privacy, and Cybersecurity

Wawa Data Breach Caused by Card-Stealing Malware Don’t Get Grinched by the Ellen Facebook Scam

Being able to celebrate 20 years gives us an opportunity to reflect on the past, connect with our supporters and envision the future. Over the Identity Theft Resource Center’s twenty-year history, we have grown. From the vision of a single person, a victim, who wanted to provide support and help to others, to a collaborative movement engaged with consumers, victims, business and government stakeholders to make changes for victims. From using a single telephone in a home office, to a nationally recognized organization that has assisted hundreds of thousands of people through a variety of platforms on which they can engage with our team of expert advisors. And we will continue that upward moment of helping victims in their time of need.

As we celebrate 20 years, it is important for us to reflect upon the highs and lows (that all organizations face), together, in order to learn from our mistakes and celebrate our progress. In the victim assistance and consumer protection ecosystem, there has always been a struggle to prioritize resources and acknowledge the impact and trauma victims of economic crime experience. I feel an extraordinary sense of pride and accomplishment when I look in the rearview mirror at the progress the ITRC has made in changing that struggle. More policy- and decision-makers acknowledge the economic and social importance of serving the vastly underserved population of identity crime and cybercrime victims as a result of our efforts.

It’s also important while we celebrate 20 years to not only look at where we have been but also where we are headed. We live in a world where fraud losses are in excess of hundreds of millions of dollars per year and it shows no signs of decreasing. Margaret Thatcher famously said, “You may have to fight the battle more than once to win it.” We embrace that sentiment every day. Each and every victim that we help – every consumer that we educate – is victory over the larger fraud battle. Every organization that embraces cybersecurity best practices and acknowledges the need for protecting consumer data through our guidance, is a victory. Every policymaker in the country who makes reducing the impact and risk of identity crimes a priority, is a victory. The ITRC will continue to fight the battle every day until we win it.

While fraudsters are weaponizing our cyber infrastructure, the ITRC will continue to assist the weary soldiers and townsfolks caught up in the fray. We will empower you and hold your hand when you are too tired, scared, or simply don’t know what to do next. We will continue to leverage technology to assist victims and consumers. We will continue to be the sage voice in an ecosystem of conflicting and confusing information. We will continue to fight the battle every day until we win it.

Looking at both our past progress and the challenges that have yet to be overcome helps us to balance the feelings of impotence or discouragement when we face the Sisyphean task before us. Yes, there is much more work to be done, but we have come such a long way in the last 20 years. Celebrate 20 years with me in our tremendous progress and join me in the continued crusade for the rights of victims of economic crimes.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

There were a handful of 2019 scams that affected many consumers. It is the best time of the year. No, not because of the holidays, shopping, travel or food. It is time for the end-of-the-year “best of” lists. Unfortunately, not all of the lists are fun or encouraging. Take a look at the Identity Theft Resource Center’s top scams of the year list, compiled in no certain order:

Venmo Scams

Popular peer-to-peer payment app Venmo is a common tool for scammers due to the instant payment feature. Some scams involve a person asking to use your phone, opening your payment app and sending themselves a large amount of money from your bank account or credit card before you realize it. Other 2019 scams involved a twisted mode of attack in which a scammer would “accidentally” send you the money and then ask for you to send it back, potentially causing additional payments or charges.

Costco Coupon Scam

Coupon scams are not new, but the names of the retailers who supposedly send out high-dollar discounts changes frequently. This year, Costco was a common name associated with these bogus coupons. Scammers typically post the coupon links on social media, offering $100-$250 coupons if you take a short survey. First, the survey is not short. Also, you have to supply your email address on multiple screens and it will then be used to send you spam. Finally, the coupon is not real and you got nothing for your trouble.

Dating App Scams

Romance scams were prevalent enough before apps made online dating and social media connections even easier. This kind of scam works too well but sadly, losing money to a romance scammer or dating app scam is not the worst part of this kind of fraud.

Stripe Email Scam

Stripe is the latest company to become a popular disguise for scammers. This year, the ITRC saw a lot of phishing attempts and Stripe, which processes online payments, was an easy mask. After all, telling someone their funds are not coming their way can trick even the most tech-savvy user into clicking on the link or handing over their information.

Online Advertisement Scams

It is great to go online and find an ad for an incredibly-priced product. Unfortunately, clicking that ad can have disastrous results if it is a scam. Too often, there is no way to tell it was a scam until you have fallen for it. Instead, users need to remember to look for the item themselves by going to the retailer’s website and bypassing any possible attack from this 2019 scam.

Flipping Scams

Much like the old pyramid schemes, a flipping scam shows up as a photo of a pile of cash alongside a bogus statement. “I got this money for doing nothing and I want you to get yours, too!” However, in a flipping scam, there is not even a pyramid setup. You just send money to the scammer and that is the end of it.

Equifax Scams

Scammers wait with bated breath for major disasters so they can take advantage of the confusion. That has certainly been the case with the Equifax data breach in which hundreds of millions of consumers’ complete identities were stolen by hackers. As if that 2019 scam was not bad enough, scammers then unleashed their own fraud attempts by claiming to offer support services to people who submitted all of their identifying information.

Tech Support Scams

Fake calls and emails from “tech support” companies are nothing new, but there were still more than 140,000 reports of this 2019 scam to the Federal Trade Commission. Unsuspecting users receive a message that claims to be from Microsoft, Apple, their device manufacturer or some other plausible company. The criminal takes down all of the victim’s identifying information and possibly installs a virus on the user’s computer, all while demanding a clean-up fee to remove a virus that was never there to begin with.

Job Site Scams

One of the many cruel 2019 scams out there is the job scam. Fake job postings are nothing new, but in an economy in which many people are looking for additional work or higher-paying jobs, scammers have found a way to attack. They post fake jobs on popular sites and then use those listings to steal identities and even money from hopeful candidates.

With the new year lurking just a few weeks away, now is the time to prepare. Sign up for emails and alerts from the ITRC and other sources in order to stay on top of the latest scams and fraud attempts. That way, you can try to avoid any of the attacks like the 2019 scams that will undoubtedly be listed at this time next year.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Holiday Phishing Scams Target Small Businesses

Social Security Phone Scam

E-Skimming is a New Cybercrime That is Just in Time for the Holidays

The holidays are almost here, and for many people that means shopping. Unfortunately, scammers and hackers are already standing by to take advantage of consumers through data breaches and fraudulent activity, increasing the importance of holiday shopping safety. Before getting involved in this year’s estimated $1.1 trillion spending frenzy and the too good to be true online offers that go with it, it is important to understand what you can do to protect yourself and exercise holiday shopping safety.

Shop Online

A lot of people choose to skip the crowds and the chaos (and possible loss or theft of their wallets) by shopping online. However, in order to protect yourself from cyberthieves, you need to be prepared. If you are going to be establishing new accounts to make your purchases, do so before the big shopping holidays like Cyber Monday. Remember to use a strong, unique password, and enable two-factor authentication if it is offered.

Know Your Retailer

If you are already planning to shop online, exercise holiday shopping safety by choosing your retailers and making sure you are only using reputable websites. Look for the HTTPS designation at the beginning of the URL that indicates a secure website, and be sure that you are not redirecting to a website that has been made to look like the real thing. If you have received emails from companies that offer great deals, avoid clicking the links in the emails. Instead, go directly to the retailer’s website yourself and search for the item you are interested in.

Credit vs. Debit

Depending on which financial institution you use, your credit card may be more secure than your debit card. This is especially true if mysterious charges appear on your statement and you need to dispute those charges. Keep in mind that if you establish one credit card for all of your holiday shopping, it will be easier to reconcile any receipts and purchases later on. It may even help you stay on budget.

Computer Security

Before making any purchases online, exercise holiday shopping safety and make sure your computer itself is secure. Update your antivirus software and run a scan before starting your shopping in order to root out any harmful software that may be stealing your information.


If you are venturing out into brick-and-mortar stores for your holiday shopping, remember that public Wi-Fi can be problematic. A lot of retailers and restaurants offer free connectivity as an incentive to their customers. However, you cannot know who else is on the same connection. It could easily be a hacker who steals your information. Save your sensitive internet activity for your home connection.

Enable Alerts on Your Cards

If you have not already done so, contact your financial institution and enable alerts on your account. This is a very important holiday shopping safety tip. These alerts will arrive as a text message or email and will let you know immediately if your credit card number was used without the card being present, such as online. While you are enabling this feature, you might inform your credit card company if you plan to travel over the holidays so that your card is not declined for security reasons at your destination.

The Real Work Begins After the Holidays

Once the presents are shared and the decorations are put away, your work is not done. Monitor your accounts carefully for any signs of suspicious activity and take immediate action if you see any charges that should not be there.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Are the Wrong Toys on Your Holiday Shopping List?

Hacked Disney+ Accounts Are Being Sold Online

E-Skimming is a New Cybercrime That is Just in Time for the Holidays

Every year, consumers are cautioned to be extra careful when selecting toys on their holiday shopping list. There was a time when shoppers mostly worried about broken, damaged or otherwise physically unsafe toys. Perhaps there was even some concern about age-appropriateness or difficult assembly instructions. However, with more kids now using a wide array of technology-based presents, there are safety and privacy considerations to keep in mind while purchasing toys on your holiday shopping list for your nieces, nephews and children.

Over the past few years, various children’s gifts have later revealed privacy pitfalls that did not sit well with security experts, parents or child safety advocates. Everything from the potential for hacking and data breaches to establishing accounts using the children’s identifying information has become a red flag.

One very popular piece of kids’ tech, for example, has the possibility of being a parent’s worst nightmare. A smartwatch that is supposed to allow parents to pair the device to their own phones in order to keep up with their children sounds like a good idea on paper. However, the backend API for both the smartwatch and the mobile app that the parents downloaded to their smartphones turned out to be a wide-open space where anyone could access the children’s devices. Not only could someone physically locate the kids via their watches’ GPS, they could also initiate voice calls with the children. This was a perfect example of purchasing the wrong toys on your holiday shopping list.

As if that was not frightening enough, they could also change the parents’ passwords without having to go through their email accounts, lock the parents out of the account and then continue talking to the children. Someone could locate a nearby child, start up a conversation, prevent the parents from ever knowing about it and then tell the child where to meet them.

When shopping for toys on your holiday shopping list, it is important to know how any kind of children’s technology works before you buy it. Do you need to connect it to the internet for it to work, or just for it to download content? Does it require a parents’ account and children’s information as users? Is the child supposed to maintain the account? Does it incorporate password protection and two-factor authentication, or can anyone pick it up and look through its contents?

If you have the option to leave the internet connection and location settings turned off while in use, that may be safer. Of course, some items need both of those things in order to work properly. Be careful about giving a gift if the recipient is not ready for the responsibility of internet connectivity. Make sure you are communicating frequently about privacy and safety issues before purchasing any kids’ technology.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Our Holiday Shopping Tips to Keep You Cybersafe

Hacked Disney+ Accounts Are Being Sold Online

E-Skimming is a New Cybercrime That is Just in Time for the Holidays

The Force Has Awakened this #StarWarsDay! May the Fourth Be With You as you break out your lightsabers and prepare to do battle against the Dark Side of our cyber world with tips from the Identity Theft Resource Center and National Cyber Security Alliance.

To celebrate this #MayTheFourthBeWithYou, use the messages below on Twitter, Facebook and LinkedIn to join the cyber force on May 4th, 2019. Don’t forget to use the #MayTheFourthBeWithYou hashtag!

Download all images and messages here.


Tweet: It’s #StarWars Day and the cyber force has awakened! Use our tips for protecting your identity from the dark side. #MayTheFourthBeWithYou @IDTheftCenter @StaySafeOnline https://idtheft.center/MayTheFourth

More resources: Identity theft impacts 17 million individuals every year and unfortunately, can impact you at anytime. Learn about the different types of identity theft and how you can protect yourself with help from ITRC.

Tweet: “Do. Or do not. There is no try.” Taking steps to protect your digital identity & privacy every day is a must. #MayTheFourthBeWithYou @IDTheftCenter @StaySafeOnline https://idtheft.center/MayTheFourth


More resources: The National Cyber Security Alliance’s (NCSA’s) CyberSecure My Business™ is a national program helping small and medium-sized businesses (SMBs) learn to be safer and more secure online.


Tweet: You don’t have to go Solo. Get help from the cyber force with tips from @IDTheftCenter & @StaySafeOnline #MayTheFourthBeWithYou https://idtheft.center/MayTheFourth

More resources: Learn how to protect yourself, your family and devices with these Online Safety Basics


Tweet: A new hope for your digital identity is here. We have a plan to help you recover from identity theft. @IDTheftCenter & @StaySafeOnline #MayTheFourthBeWithYou https://idtheft.center/MayTheFourth


More resources: For free one-on-one assistance with identity theft, scams, fraud, cybersecurity, privacy and more, contact the Identity Theft Resource Center toll-free 888-400-5530 or LiveChat


Tweet: Think you have what it takes to be a digital jedi? Train with steps to empower your privacy & identity. #MayTheFourthBeWithYou #RiseOfSkywalker @IDTheftCenter & @StaySafeOnline https://idtheft.center/MayTheFourth

More resources: Take privacy into your own hands with a privacy quiz. Then learn how to update your privacy settings on popular devices and online services.


Even after May The Fourth, you can safeguard your information from the Empire all year-long by staying up to date with the latest threats to your identity and tips by signing up for our newsletters:

Stay Safe Online Email Sign-up: https://staysafeonline.org/email-signup 

Identity Theft Resource Center Email Sign-up: https://www.idtheftcenter.org/newsletter-signup/ 

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.

Info Sheet – Child Identity Theft 

This information sheet is for parents and legal guardians of someone under the age of 18 who may be experiencing identity theft.

What is Child Identity Theft?

Child identity theft occurs when the personal identifying information (most commonly a Social Security number) of someone under the age of 18 is used by an imposter for financial gain or to avoid criminal prosecution. The imposter could be a stranger, someone who knows the family or even a family member.

Minors can’t legally acquire credit, take out loans, or have a bank account without a parent or guardian co-signing.  What this effectively means for an identity thief is if they are able to acquire a child’s personal identifying information, they’re far more likely to have an extended period of time where they can use the information without it being noticed.

Identity thieves use minor children’s information in the same ways an adult’s information can be used.  Creditors, the credit reporting agencies, and government agencies do not know how old someone is just by their Social Security number. All they can see is the number, the credit history, and a name.

Indicators of possible child identity theft are:

  • Calls from collection agencies regarding bills or credit cards in your child’s name.
  • Your child’s name appearing on caller ID (indicating that someone may be using your child’s information to establish an account).
  • Your child’s personal documents (Social Security Card, birth certificate, etc.) are stolen or missing.
  • Your child gets a notice about a warrant for a traffic violation or for taxes owed.
  • Your child is denied government assistance or medical insurance because income or benefits have already been assigned to the child’s Social Security number. You might also be told they want to verify employment for a job where the child has never worked.
  • A notice from the IRS that your child’s name and/or Social Security number is already listed on another tax return (if the person claiming your child is NOT a parent or legal guardian).
  • Receiving a pre-approved credit card offer in your child’s name.


  • Do not carry your child’s Social Security Card or papers with this number unless necessary.
  • Think twice before providing your child’s Social Security number. You do not need to provide your child’s SSN to enroll your child in school or for your child to attend school nor do you need to provide your child’s Social Security number at a doctor’s office.
  • Shred all papers that contain your child’s personal information with a cross-cut shredder.
  • Consider obtaining a state identification card for your child at your state’s licensing office and/or consider obtaining a passport for your child. A verified form of identification is not only useful, and sometimes necessary, for travel, it can also prevent a thief from falsifying a state ID or passport using your child’s stolen information.  Keep in mind there will be fees associated with obtaining these documents and you’ll have to safeguard the documents to prevent them from being stolen or misused.
  • Parents/legal guardians should strongly consider freezing their children’s credit with the three major credit reporting agencies (Equifax, Experian, TransUnion) because it’s one of the best proactive measures they can take to protect them. It’s important that parents/legal guardians check and make sure there is no credit file already associated with their child’s information. Children shouldn’t have a credit report, and if one is discovered, parents/legal guardians should immediately contact us for assistance in reclaiming their children’s identity. If there is no file associated with their child, parents can have one created by the CRA and then immediately frozen. It’s also worth noting that parents or legal guardians need to safeguard the PIN that each credit reporting agency assigns to them.

Shared Custody and Claiming Children on Taxes

In most cases, a parent or legal guardian fraudulently claiming a child on a tax return is a civil matter to be handled by the courts and/or with the assistance of an attorney and is not considered identity theft. You can review the IRS Publication 501, Exemptions for Dependents for more information.

This info sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to itrc@idtheftcenter.org. Copyright, Identity Theft Resource Center®, all rights reserved.