The Identity Theft Resource Center, a national non-profit based in San Diego that assists victims of identity and cybercrimes, submitted the following letter to members of the House Financial Services and Senate Small Business Committees on April 8, 2020. The letter from the Center’s CEO Eva Casey Velasquez focuses on the challenges faced by non-profits in applying for the Paycheck Protection Program created by Congress in the CARES Act.

Download a PDF copy of this letter

Dear Congressional Committee Member,

Thank you for the recent passage of the CARES Act in response to the COVID-19 national emergency, especially the decision to make resources available to the Nation’s smaller non-profit organizations providing direct assistance to people in need of support. However, I want to bring to your attention a critical issue with the implementation of the Paycheck Protection Program (PPP) of the Small Business Administration (SBA). I believe the current course, if continued, will have significant negative impacts in the coming months. 

The Identity Theft Resource Center is a 20-year old national non-profit based in San Diego that provides identity-related remediation and support services to the public free of charge. In 2019 we handled more than 10,000 requests for service through our contact center and provided web-based services to an additional 548,333 people. In March 2020 alone, demand for web-based services increased 851 percent or ~413,000 first time visitors compared to the same month in 2019. That’s not a typo, and it reflects nine months of visitors in only three weeks.

Non-profit organizations provide essential services during a time of national emergency. Yet, the PPP appears to be unavailable to the ITRC at this time based on our financial institution’s criteria, not the SBA’s or Congress’ intent. And it’s not just us. I’m concerned that many non-profits will be unable to obtain assistance through PPP since it appears lenders are only taking applications from existing customers with existing loans. First-time loans and new customer applications are being denied.

When there is a decrease in funding in the ordinary course of business, a well-run non-profit doesn’t seek a loan; it scales back services until additional funding (donations, grants, etc.) is secured. Being denied access to the funds Congress has appropriated to prevent job and service reductions will inevitably lead to the very circumstance you sought to prevent.

How many non-profits will be able to jump the hurdles placed in front of them simply to apply for the PPP?  Close to zero, I suspect. The ITRC staff is working remotely and we are able to continue to provide victims with the assistance they need at a time of increased risk from cyberattacks and fraud scams. But, many other non-profits are not able to continue to provide support or will soon be unable to continue to operate without the help of PPP funds.

I want to make sure that our leaders are fully informed of these issues that aren’t top of mind during this crisis, but nonetheless remain important. Thank you for your time, attention, and interest.

Sincerely,

Eva Casey Velasquez
President & CEO
Identity Theft Resource Center


ITRC is Available for Questions & Assistance

The Identity Theft Resource Center, based in San Diego, is operating at limited-capacity during the COVID-19 outbreak to ensure the health and safety of our staff, their families and the community. The ITRC will continue to assist individuals across the country who are victims of identity crime, data breaches and identity-based scams, including COVID-19-related scams.

We are here for individuals and businesses who may have questions or need assistance with identity crime or related issues. You can reach one of our expert advisors via our website Live Chat, toll-free phone number (888.400.5530) and email (itrc@idtheftcenter.org).

The University of Utah Health announced that it discovered two different data breaches that impacted patients’ personal data and medical records. The first University of Utah Health data breach gave hackers access to some employees’ email accounts, while a second one is believed to be linked to malware that was discovered on an employee’s computer.

In regards to the first University of Utah Health data breach, investigators believe phishing emails were the culprit. Phishing emails are nothing new—if someone has an email account, they have probably received one before—but the methods that hackers are using are constantly evolving. In the case of a professional setting, the phishing email could look like it comes from a trusted source, such as a third-party that the company does business with or even someone from within the company itself. These hacking attempts often instruct the recipient to enter their username and password to confirm their identity and re-establish their login.

Malware typically happens when someone installs the software on their computer. Opening a harmful attachment in an email, downloading a suspicious file or clicking on a link that takes someone to a malicious website are just a few of the ways hackers can get consumers to fall into one of their traps. Once the malware is installed, the hacker can deploy it on the computer and use it to steal information.

The health center has begun notifying affected patients of the University of Utah Health data breach, but that process is still ongoing. If someone believes they might have been affected, they can reach out to the Identity Theft Resource Center (ITRC) for assistance and information. They can also take some of the following steps if they believe their information may have been compromised in this or any other data breach:

  1. Change your passwords on any sensitive accounts immediately.
  2. Place a freeze on your credit reports with the three major credit reporting agencies.
  3. Monitor your insurance statements carefully for the coming months to make sure no one has used your identity to seek medical treatment or prescriptions.

Victims can reach the ITRC toll-free at 888.400.5530. They can also live chat with an expert advisor that will help them create a customized plan that is tailored to their needs.


You might also like…

The holidays have past and a new year is upon us. With that, New Year’s resolutions are beginning to surface. Some resolutions might include going to the gym every day, spending less time on social media or creating a budget you can actually stick to next year. While some of those resolutions might be more realistic than others, there are some practical resolutions you can make that will be even more beneficial. And it’s all based on protecting your identity… In 2019, the Identity Theft Resource Center saw the number of data breaches reported continue to rise. In fact, the ITRC has now recorded over 10,000 data breaches since 2005, hitting the mark this past calendar year. 2019 also saw the announcement of large-scale data breaches like Capital One and healthcare providers and insurance companies continue to be one of the hardest-hit targets, thanks to the overwhelming amount of personally identifiable information (PII) they gather. So what is your New Year’s resolution heading into 2020? If you do not have one, or even if you do, consider making some 2020 identity theft New Year’s resolutions to make your personal data as safe as you can. You can protect your privacy through your simple, everyday habits.

Resolution One: Be Aware of What You Post on Social Media and What You Share

If you are connected online through any of the several social media platforms, you need to know how they work and how to keep your information private.

  • Enact practices that include not oversharing information and change your settings to private.
  • Use different passwords for each social media account.
  • Create strong and unique passwords that include two-factor authentication.

Resolution Two: Guard Your Data

One of your 2020 identity theft New Year’s resolutions should include keeping better tabs on your PII. Do not just turn over your Social Security number without asking why they need it and verifying their plans to protect it. A lot of organizations still ask for it simply out of habit. However, your SSN was designed as a tax identification number, and by law is not to be used for everyday identification purposes.

Resolution Three: Know the Latest Scams and Help Others Stay Alert Too

Fraudsters are always trying to find new ways to attack. That is why it is so important for consumers to stay up-to-date on all of the latest scams, fraud attempts and identity theft information. You can check in with the ITRC for the latest information by signing up for the TMI (Too Much Information) Weekly and following the ITRC on Facebook and Twitter. Once you know about the latest threats, you can help spread the word with friends and family.

Resolution Four: Adopt Good Cyber Hygiene Habits

While 2019 was the year of data, 2020 will be the year of privacy. That is one reason why your 2020 identity theft New Year’s resolutions should include good privacy habits. While data breach fatigue is a recognized phenomenon, the flip side is paranoia that makes you want to unplug and go off the grid. Neither is a solution. Rather, the solution is good privacy habits:

Resolution Five: Watch Out Account Hacks from Credential Stuffing

In 2019 we saw numerous data breaches and account hacks from credential stuffing. Disney+ users saw their accounts sold online after hackers were able to infiltrate their accounts and change the passwords to lock users out. Earlier in the year, TurboTax announced a data breach that was caused by credential stuffing. Consumers need to be sure they are consistently changing their usernames and passwords to reduce the risk of credential stuffing and having any accounts hacked. The unfortunate truth is that some identity theft crimes are unpreventable. However, these 2020 identity theft New Year’s resolutions are steps you can take that will reduce your risk of falling victim to identity theft and increase the likelihood of you spotting a problem quickly. The ITRC is always here to help. Call us toll-free at 888.400.5530 or live-chat with one of our advisors.

You might also like…

2020 Trends for Identity Theft, Data Privacy, and Cybersecurity

Wawa Data Breach Caused by Card-Stealing Malware Don’t Get Grinched by the Ellen Facebook Scam

Being able to celebrate 20 years gives us an opportunity to reflect on the past, connect with our supporters and envision the future. Over the Identity Theft Resource Center’s twenty-year history, we have grown. From the vision of a single person, a victim, who wanted to provide support and help to others, to a collaborative movement engaged with consumers, victims, business and government stakeholders to make changes for victims. From using a single telephone in a home office, to a nationally recognized organization that has assisted hundreds of thousands of people through a variety of platforms on which they can engage with our team of expert advisors. And we will continue that upward moment of helping victims in their time of need.

As we celebrate 20 years, it is important for us to reflect upon the highs and lows (that all organizations face), together, in order to learn from our mistakes and celebrate our progress. In the victim assistance and consumer protection ecosystem, there has always been a struggle to prioritize resources and acknowledge the impact and trauma victims of economic crime experience. I feel an extraordinary sense of pride and accomplishment when I look in the rearview mirror at the progress the ITRC has made in changing that struggle. More policy- and decision-makers acknowledge the economic and social importance of serving the vastly underserved population of identity crime and cybercrime victims as a result of our efforts.

It’s also important while we celebrate 20 years to not only look at where we have been but also where we are headed. We live in a world where fraud losses are in excess of hundreds of millions of dollars per year and it shows no signs of decreasing. Margaret Thatcher famously said, “You may have to fight the battle more than once to win it.” We embrace that sentiment every day. Each and every victim that we help – every consumer that we educate – is victory over the larger fraud battle. Every organization that embraces cybersecurity best practices and acknowledges the need for protecting consumer data through our guidance, is a victory. Every policymaker in the country who makes reducing the impact and risk of identity crimes a priority, is a victory. The ITRC will continue to fight the battle every day until we win it.

While fraudsters are weaponizing our cyber infrastructure, the ITRC will continue to assist the weary soldiers and townsfolks caught up in the fray. We will empower you and hold your hand when you are too tired, scared, or simply don’t know what to do next. We will continue to leverage technology to assist victims and consumers. We will continue to be the sage voice in an ecosystem of conflicting and confusing information. We will continue to fight the battle every day until we win it.

Looking at both our past progress and the challenges that have yet to be overcome helps us to balance the feelings of impotence or discouragement when we face the Sisyphean task before us. Yes, there is much more work to be done, but we have come such a long way in the last 20 years. Celebrate 20 years with me in our tremendous progress and join me in the continued crusade for the rights of victims of economic crimes.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

The holidays are almost here, and for many people that means shopping. Unfortunately, scammers and hackers are already standing by to take advantage of consumers through data breaches and fraudulent activity, increasing the importance of holiday shopping safety. Before getting involved in this year’s estimated $1.1 trillion spending frenzy and the too good to be true online offers that go with it, it is important to understand what you can do to protect yourself and exercise holiday shopping safety.

Shop Online

A lot of people choose to skip the crowds and the chaos (and possible loss or theft of their wallets) by shopping online. However, in order to protect yourself from cyberthieves, you need to be prepared. If you are going to be establishing new accounts to make your purchases, do so before the big shopping holidays like Cyber Monday. Remember to use a strong, unique password, and enable two-factor authentication if it is offered.

Know Your Retailer

If you are already planning to shop online, exercise holiday shopping safety by choosing your retailers and making sure you are only using reputable websites. Look for the HTTPS designation at the beginning of the URL that indicates a secure website, and be sure that you are not redirecting to a website that has been made to look like the real thing. If you have received emails from companies that offer great deals, avoid clicking the links in the emails. Instead, go directly to the retailer’s website yourself and search for the item you are interested in.

Credit vs. Debit

Depending on which financial institution you use, your credit card may be more secure than your debit card. This is especially true if mysterious charges appear on your statement and you need to dispute those charges. Keep in mind that if you establish one credit card for all of your holiday shopping, it will be easier to reconcile any receipts and purchases later on. It may even help you stay on budget.

Computer Security

Before making any purchases online, exercise holiday shopping safety and make sure your computer itself is secure. Update your antivirus software and run a scan before starting your shopping in order to root out any harmful software that may be stealing your information.

Wi-Fi

If you are venturing out into brick-and-mortar stores for your holiday shopping, remember that public Wi-Fi can be problematic. A lot of retailers and restaurants offer free connectivity as an incentive to their customers. However, you cannot know who else is on the same connection. It could easily be a hacker who steals your information. Save your sensitive internet activity for your home connection.

Enable Alerts on Your Cards

If you have not already done so, contact your financial institution and enable alerts on your account. This is a very important holiday shopping safety tip. These alerts will arrive as a text message or email and will let you know immediately if your credit card number was used without the card being present, such as online. While you are enabling this feature, you might inform your credit card company if you plan to travel over the holidays so that your card is not declined for security reasons at your destination.

The Real Work Begins After the Holidays

Once the presents are shared and the decorations are put away, your work is not done. Monitor your accounts carefully for any signs of suspicious activity and take immediate action if you see any charges that should not be there.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Are the Wrong Toys on Your Holiday Shopping List?

Hacked Disney+ Accounts Are Being Sold Online

E-Skimming is a New Cybercrime That is Just in Time for the Holidays

Every year, consumers are cautioned to be extra careful when selecting toys on their holiday shopping list. There was a time when shoppers mostly worried about broken, damaged or otherwise physically unsafe toys. Perhaps there was even some concern about age-appropriateness or difficult assembly instructions. However, with more kids now using a wide array of technology-based presents, there are safety and privacy considerations to keep in mind while purchasing toys on your holiday shopping list for your nieces, nephews and children.

Over the past few years, various children’s gifts have later revealed privacy pitfalls that did not sit well with security experts, parents or child safety advocates. Everything from the potential for hacking and data breaches to establishing accounts using the children’s identifying information has become a red flag.

One very popular piece of kids’ tech, for example, has the possibility of being a parent’s worst nightmare. A smartwatch that is supposed to allow parents to pair the device to their own phones in order to keep up with their children sounds like a good idea on paper. However, the backend API for both the smartwatch and the mobile app that the parents downloaded to their smartphones turned out to be a wide-open space where anyone could access the children’s devices. Not only could someone physically locate the kids via their watches’ GPS, they could also initiate voice calls with the children. This was a perfect example of purchasing the wrong toys on your holiday shopping list.

As if that was not frightening enough, they could also change the parents’ passwords without having to go through their email accounts, lock the parents out of the account and then continue talking to the children. Someone could locate a nearby child, start up a conversation, prevent the parents from ever knowing about it and then tell the child where to meet them.

When shopping for toys on your holiday shopping list, it is important to know how any kind of children’s technology works before you buy it. Do you need to connect it to the internet for it to work, or just for it to download content? Does it require a parents’ account and children’s information as users? Is the child supposed to maintain the account? Does it incorporate password protection and two-factor authentication, or can anyone pick it up and look through its contents?

If you have the option to leave the internet connection and location settings turned off while in use, that may be safer. Of course, some items need both of those things in order to work properly. Be careful about giving a gift if the recipient is not ready for the responsibility of internet connectivity. Make sure you are communicating frequently about privacy and safety issues before purchasing any kids’ technology.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Our Holiday Shopping Tips to Keep You Cybersafe

Hacked Disney+ Accounts Are Being Sold Online

E-Skimming is a New Cybercrime That is Just in Time for the Holidays

New advancements in how we file have made the process a little less painful, but have also left the door wide open for hackers, scammers, and identity thieves.

Filing your taxes is probably pretty low on your list of favorite activities, wedged somewhere between dentist appointments and changing a tire on the side of the road. But it’s not really the arduous chore it used to be.

There are a number of tips to keep in mind as you file your state and federal taxes. These suggestions are meant to protect your data when you file, but can also work to secure your refund if your information has been compromised in the past.

1. Filing early

Complete your tax return and off your to-do list as soon as you can. Not only will you sleep a little better knowing it is finished, but you stand a better chance of beating a thief to your refund. Tax return fraud has grown exponentially in the past few years, in part due to the abundance of stolen identities available for sale online, so the best way to prevent it is to get your return filed before a thief can do it for you.

2. Knowing your preparer

Whether you use a walk-in tax preparer or have an accountant who handles your returns, ask questions about who can see your data and where it ends up. Keep in mind that a number of identity theft rings that have been broken up over the years were using tax prep services as a “front” for their real business. If you let someone else handle your sensitive documents, make sure they have a solid, long-standing reputation, and make sure you ask serious questions about where your information will be stored.

3. Filing yourself

If you handle your own taxes, you still have to watch out and secure your information. How? By making sure that the return itself is safe. If you prefer paper-and-pen forms that you’ll send through the mail, do NOT mail it from your curbside home mailbox. Drop it in a blue postal service box, or even better, take it to the counter of your local post office. If you file online, make sure you’re only doing so over secured wifi—as in, not your local coffee shop’s public wifi connection—and look for the HTTPS designation at the front of the IRS’ web address.

4. Remembering that your state taxes are under attack, too

If you’ve been a victim of identity theft or tax return fraud, or if you’re just concerned that it could happen to you, don’t overlook state return fraud. We tend to think of the IRS refund as the major payout and it usually is, but the potential for fraud at the state level is just as likely. In fact, since scammers can file returns using your information in multiple states, it may be an even bigger problem than people realize. Get your state return filed as soon as you can, and be on the lookout for notifications that there’s an issue with your return in a state you’ve never even visited, let alone worked in.

5. Destroying it!

With all of the new advancements, it’s easy to overlook the good old-fashioned tools of the identity theft trade. Shred any documents or receipts that you will no longer need in connection with your tax return, and keep a close eye on your mailbox so your necessary tax forms don’t wander off. If you don’t receive your forms in a timely way, it’s possible they were stolen, so check with the sender to confirm that they had been sent.

 

Watch the Free Webinar hosted by the ITRC & FTC 

Hosted by the Identity Theft Resource Center and the Federal Trade Commission, this webinar will discuss the warning signs of tax identity theft, how tax identity theft happens, common scams related to taxes, and what to do if you become a victim.

Click here to download a copy of the Tax Identity Theft Webinar presentation.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

As part of our mission as a non-profit service organization, the Identity Theft Resource Center maintains a website and toll-free call center that allows individuals to reach out for help 24-hours a day, seven days a week. By keeping accurate records of the types of issues consumers contact the ITRC about, our organization can present a clearer picture of the types of identity theft that are most common and most harmful.

While still only a small portion of the calls to the ITRC—at around ten percent of the call volume in November—involve child identity theft, 2014 was particularly alarming due to the 300% increase in inquiries and reports over
the course of the year. In fact, child identity theft reports nearly doubled from January to February, and almost tripled from January to November.

What is child identity theft?

A child’s identity is stolen when someone uses their personally identifiable information to open accounts or make purchases under that identity. Long-term lines of credit are especially problematic since most parents don’t think to check their children’s credit reports until they’re applying for financial aid. This oversight—which stems from not thinking their children’s identities are in danger, and not any kind of negligence—is what makes child identity theft especially alluring to a thief.

There are two fairly common approaches a thief takes when stealing a child’s identity.

  1. A stranger accesses information on your child, such as through school records or a medical office. It’s a good idea to make sure no one has your child’s Social Security number unless it’s absolutely necessary. School forms and doctor’s office paperwork will request it, but you are not required to share it as it’s a violation of Social Security regulations to use the number as an identification number. In this type of situation, a thief is usually after a large block of identities, such as when employees at a school system in Florida stole the Social Security numbers and information on approximately four hundred students. They could use the data themselves, or make a profit by selling it.
  2. The other—and sadly, more common type of child identity theft occurs when a family member, sometimes even a parent, fraudulently uses a child’s data to open accounts, take out a loan, apply for benefits, or more. This type of child identity theft is especially upsetting because it means having to involve the authorities against a family member, someone who was close enough to the family to have access to the child’s documentation. It’s fairly typical that family members who steal a child’s identity are doing so because they’re already in dire financial straits, and have had to resort to obtaining money or credit through fraud. No one likes to think of calling the police against a family member who’s already struggling.

Unfortunately, just as with all forms of identity theft, that police report is the first vital step. Without it, it’s nearly impossible to claim there was a crime. Some families may be tempted to “work out a solution” and let the relative pay off the credit that was opened in the child’s name, but if someone has used the child’s identity to gain government benefits, to commit medical fraud, or to engage in some other kind of criminal activity, that cannot be swept under the rug. A car purchased in your child’s name can be paid off, but fraud can scar your child’s credit permanently and result in an inability for your child to apply for college financial aid, government benefits, or healthcare down the road.

How do you know if your child’s identity has been stolen? First, if you’re alerted to a data breach such as the one that took place in Florida, you’ll need to begin monitoring your child’s credit report. Second, if you have reason to believe someone close to you accessed the records, or if you begin receiving collections notices, bills you’re not familiar with, or if your child receives claims benefits statements, that should be a huge red flag that something’s not right with your child’s identity. You can even place a freeze on your child’s credit report if you suspect a problem, but keep in mind that unfreezing it is a mildly time consuming process that will need to be done well before applying for loans.

 

If you suspect that your child’s identity has been compromised, or you just want more information about this type of identity theft, please call our 24/7 toll-free call center at 888-400-5530, or review our solutions and fact sheets on the ITRC website.

ITRC is proud to announce the launch of its AnyOnenationwide fundraising campaign. Due to a recent increase in consumer demand for ITRC services, the ITRC is requesting support from the public so that it may continue to provide its free services. This increase seems to be a result of heightened awareness and concern over data breaches and tax identity fraud as well as a heightened need for understanding identity theft and related issues.

“In the beginning of 2014, we read about tens of millions of Americans whose identities and personal information had been put at risk because of the malicious actions of people who committed crimes against large retailers and the individuals who shopped there.  It is a story we’ve heard all too often. But, there is hope,” said James Lee, ITRC Chairman of the Board. “The people who make up the Identity Theft Resource Center are passionate about helping individuals who find their trust has been violated by identity thieves.  Their confidence in commerce has been shaken and often their lives interrupted because their most precious possessions – their identity and reputation – have been damaged” Lee added.

Since 1999, the ITRC has been providing victim assistance and consumer education all at no cost to the general public.  With identity theft identified as the number one consumer complaint reported to the Federal Trade Commission for the last 14 years, it is obvious that the problem of identity theft is far from being resolved and is, in fact, growing.

While there are many paid services available to consumers, the ITRC is the only organization which offers one-on-one victim and consumer advice and information for free. The AnyOne3 campaign is a chance for the public to be sure these services do not disappear. The campaign will launch on April 3rd 2014 and run until June 13th, 2014.  The goal of the campaign is to raise $100,000.00 for the organization to continue its services to the public. Anyone can spread the word and donate by visiting http://www.idtheftcenter.org/anyone-3.html.

“Identity theft, privacy issues, data breaches and cyber security cannot be considered fringe issues that only affect a limited number of people,” said Eva Velasquez, CEO of the ITRC.  “With one new victim of identity theft every three seconds, and more than 600 data breaches reported last year, it is critical that the ITRC continues to be available to assist victims and inform consumers.  We need financial support in order to ensure we are here to help future identity theft victims.” Velasquez added.

About the ITRC

The Identity Theft Resource Center® (ITRC) is a nationally recognized 501(c)3 charity established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft.  Visit www.idtheftcenter.org.  Victims may contact the ITRC at 888-400-5530.

Contact

Nikki Junker, Communications Manager
Nikki@idtheftcenter.org  858-444-3287