Posts

  • With data breaches on the rise last 30 days to 45 days, it has been one of the most intense periods seen in a while because of the pace, scope and impact of the crimes.
  • GEICO suffered a data breach impacting 132,000 people and could lead to unemployment fraud; the Pennsylvania Department of Health and ParkMobile both had data incidents due to third-party providers; and Peloton had a problem with third-party software, allowing other users to see people’s personal information.
  • Researchers guessed up to 80 percent of iPhone and iPad users would take advantage of Apple’s new anti-tracking privacy feature. However, based on early downloads of the iOS update, 96 percent of users are using the new feature to opt-out of app-tracking.
  • To learn about recent data breaches, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC) new data breach tracking tool, notified
  • For more information, or if someone believes they are the victim of identity theft, consumers can contact the ITRC toll-free at 888.400.5530 or via live-chat on the company website www.idtheftcenter.org.

Too Fast, Too Furious

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for May 14, 2021. Each week, we look at the most recent and interesting events and trends related to data security and privacy. This week we’re highlighting data breaches on the rise the past 30 days in one of the most intense periods of cyberattacks and data breaches we’ve seen in a while.

With all due respect to Vin Diesel and the rest of the cast of the Fast and Furious movie franchise, we’re calling this week’s episode “Too Fast, Too Furious” because of the pace, scope and impact of identity compromising events over the past 45 days – some of which are still ongoing. We also have a quick update on the impact of the recent privacy tools added to iPhones and iPads.

ITRC’s Notable Breaches for April

In the ITRC’s most recent monthly report of data breaches, we highlighted three major events:

  • GEICO’s breach of driver’s license data that impacted 132,000 customers;
  • The contact tracing service hired by the Pennsylvania Department of Health failing to secure the COVID-related personal health information of Keystone state residents; and,
  • Twenty-one (21) million users of the ParkMobile app having their information exposed thanks to a vulnerability in third-party software.

Each of these is unique in some ways but also reflective of broader trends.

GEICO

In the case of GEICO, when announcing the data breach at the nation’s second-largest auto insurance company, officials said the stolen data was being used as part of unemployment insurance fraud schemes. Pandemic-related benefits fraud is estimated to be closing in on $100 billion. The ITRC is on pace to surpass the total number of unemployment identity fraud victims we helped in 2020 by the end of May 2021.

Pennsylvania Dept. of Health & ParkMobile

The events involving the Pennsylvania Department of Health and the ParkMobile parking app are two variations of the same issue: problems with third-party suppliers. In the case of the Pennsylvania Department of Health, the vendor supplying COVID-19 contact tracing services didn’t secure the personal information of 72,000 people. With ParkMoble, a third-party software issue exposed user’s personal information. Issues with supply chains are an escalating trend when it comes to data compromises, especially cyberattacks where threat actors can steal the data of multiple companies in a single attack.

Peloton

More recently, an issue with third-party software also allowed users of the popular Peloton exercise bikes to see the personal information of other users. The flaw was found by an independent cybersecurity researcher who reported the issue to Peloton, which did not initially respond to his information. Ultimately, Peloton fixed the issue early this month, but not before opening three million subscribers to having their information exposed. Peloton has since acknowledged they have fixed the problem, and there is no evidence of anyone stealing the user information.

Update on the New Apple Privacy Feature

Finally, an update on how many people are taking up Apple’s offer to block mobile app owners from collecting and selling user data without first getting consent. Researchers guessed before the launch of the new anti-tracking privacy feature that as many as 80 percent of iPhone and iPad users would take advantage of the blocking technology.

The actual numbers based on early downloads of the iOS update is 96 percent of users are saying no to app-tracking. That’s a giant obscene gesture to companies that rely on third-party data for marketing and advertising and the platforms that collect and sell user information. Now here is the next question: Who will follow Apple’s lead in addressing the privacy and cybersecurity concerns of consumers?

Contact the ITRC

If anyone has questions about keeping their personal information private and how to protect it, data breaches on the rise or on the new Apple privacy update, they can visit www.idtheftcenter.org. They will find helpful tips on these and many other topics. People can also sign-up to receive our regular email updates on identity scams and compromises.

If someone thinks they have been the victim of an identity crime or a data breach and needs help figuring out what to do next, they should contact us. Victims can speak with an expert advisor on the phone, chat live on the web or exchange emails during our normal business hours (6 a.m.-5 p.m. PST). Visit www.idtheftcenter.org to get started. 

Be sure to listen next week to our sister podcast – The Fraudian Slip – when we’ll talk to the Chief Privacy Officer of Synchrony, a leading financial services company. We will be back in two weeks with another episode of the Weekly Breach Breakdown.

  • A new Apple privacy update, iOS 14.5, lets consumers stop Apple apps from tracking them.
  • Unless someone gives permission to an app, it cannot use their data for targeted ads, share their location data with advertisers, or share their advertising identity or any other identifiers with third parties.
  • If you do not want to be tracked by your Apple device, download Apple’s latest update (14.5), and select Settings > Privacy > Tracking, and toggle off Allow Apps to Request to Track. You can also decide on an app-by-app basis by selecting “Ask App Not to Track” or “Allow” once you download a new app.
  • To learn about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notified. 
  • For more information, or if someone believes they are the victim of identity theft, consumers can contact the ITRC toll-free at 888.400.5530 or via live-chat on the company website www.idtheftcenter.org.

He Loves Me Not

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for April 30, 2021. Each week, we look at the most recent and interesting events and trends related to data security and privacy. This week we’re going to focus on the seismic event in the data privacy world.

In Henry IV, Shakespeare’s play about taking action while others fail to act, Lady Percy says, “Some heavy business hath my lord in hand, And I must know it, else he loves me not.”

In this case, she’s referring to plans for a rebellion. However, in the context of this week’s episode, we’re talking about the new Apple privacy update, which gives consumers more control over their data as a substitute for privacy legislation. Later in the article, we will tell people how to take advantage of a new feature from the makers of the iPhone and iPad.

New Apple Privacy Update Feature

In an earlier episode, we talked about Apple’s controversial decision to add a built-in privacy feature that would block the ability of applications to track users. That data is used to serve ads to people either by the app owner, or if it’s sold to a third party that uses the information to target people with ads as they travel around the digital world.

Consumers Can Opt-Out of Being Tracked By their Apple Apps

Apple announced the new App Tracking Transparency feature in June 2020 to give app developers plenty of time to prepare for the change. And a big change it is. Unless someone gives permission to an app – including those made by Apple – it can’t use one’s data for targeted ads, share their location data with advertisers, or share their advertising identity or any other identifiers with third parties.

Many Privacy Experts & Consumer Advocates Favor the Change

Privacy experts and consumer advocates think the new Apple privacy update is a great step forward in giving people more direct control over their data, who has access to it, and how it is used. Advocates have long sought a shift in the U.S. to a more European privacy model where consumers must give their permission before personal information is collected and used.

From the beginning of the digital economy, the U.S. has built business models on a no-option basis. That means people have no choice but to surrender their personal information, which then becomes the property of the business, not them.

Thanks to a strong European privacy law that went into effect in 2018 – and several state laws and regulations in California, New York and Virginia – we are beginning to see the ability of consumers to “opt-out” of certain types of data collection and sales. That is to say consumers can tell a company to stop collecting, selling or sharing their information.

However, that approach is not universal since the U.S. has no national privacy law, and 48 of the 50 states have not passed specific data privacy laws. Enter the Apple privacy update that allows customers to block data collection.

What You Should Do If You Don’t Want to Be Tracked by Your Apple Device

If you don’t want to be tracked by your Apple devices, here’s what do you need to do:

  • Download and install the new iOS version 14.5 on your iPhone or iPad.
  • Once you do that, you can block access on an a la cart basis. When you download a new app, you will be asked if you want to let the app track your activity. You can select “Ask App Not to Track” or “Allow” if you are okay with that application collecting and using your data.
  • You can also opt-out of app tracking across every app you download by going to Settings > Privacy > Tracking, and toggling off Allow Apps to Request to Track. That way, any new app will be automatically informed you have requested not to be tracked. Also, all apps (unless you’ve already permitted them to track you) will be blocked from accessing your device’s information used for advertising. 
  • For apps that you have already downloaded and agreed to allow tracking, you can still turn those permissions on or off on a per-app basis in your device settings. 

The Lasting Effects Are Still Unknown

Predictions on how the Apple privacy update will affect consumer behavior, data sales, and ad revenues range from “meh” to Chicken Little-level “the sky is falling.” We will revisit this topic once we know if we can go about our business or need a hard hat.

Contact the ITRC

If anyone has questions about keeping their personal information private and how to protect it, or on the new Apple privacy update, they can visit www.idtheftcenter.org, where they will find helpful tips on these and many other topics. 

If someone thinks they have been the victim of an identity crime or a data breach and needs help figuring out what to do next, they should contact us. People can speak with an expert advisor on the phone, chat live on the web or exchange emails during our normal business hours (6 a.m.-5 p.m. PST). Visit www.idtheftcenter.org to get started. 

Be sure to check out the most recent episode of our sister podcast, The Fraudian Slip. We will be back next week with another episode of the Weekly Breach Breakdown.