Posts

Identity Theft Resource Center and Futurion unveil a new tool Breach Clarity for consumers impacted by data breaches 

LAS VEGAS, Mar 24, 2019 ­­– Today, the Identity Theft Resource Center® (ITRC), a national non-profit organization established to support victims of identity crime, and Futurion announced during the KNOW 2019 conference the launch of a new tool to empower victims of data breaches in decoding what breach notification means to them and how they can minimize the risk of identity theft and fraud. The ITRC, along with the tool’s creator Jim Van Dyke, announced Breach ClarityTM. Breach Clarity is the secret decoder that will allow consumers to decipher data breach risks, prioritize the right minimization actions and access ITRC advisors for additional help. Breach Clarity is a no-cost, online tool for consumers, meant to crack the often muddled and incomplete information that follows breach notification.

Consumers can utilize the tool at www.idtheftcenter.org/BreachClarity and begin decoding the effect of any data breach on their identity safety. Breach Clarity uses a proprietary algorithm to give a data breach a risk score based on unique variables, like amount and type of information exposed. The higher the risk score for a specific breach, the more negative consequences that breach can potentially have for an individual. Breach Clarity also unlocks the top potential harms and recommended action steps for a victim of each breach, eliminating confusion in a time-is-of-the-essence period for victims. Finally, the tool provides resources for consumers like risk minimization plans from ITRC for data breach and next steps toward remediation.

The most frequently asked question ITRC receives when assisting victims of data breach is, “But what does this actually mean to me?” The national non-profit strives to better assist and educate victims in determining if they should be worried and how the breach can affect them. Breach Clarity gives consumers the power to decode the harms of a data breach. After receiving a notification letter or getting information from a credible third-party like media sources, websites that provide security

information and other sources, a victim can enter the name of the breach they were affected by to decode what that breach means to his or her safety.

“Victims deserve answers, not vague language that covers up the true meaning of data breaches,” says president and CEO of ITRC Eva Velasquez. “We are thankful to have partners, like Jim Van Dyke, who are working to change the industry and bring clarity to victims. Breach Clarity is the first step toward empowering data breach victims and changing the scope of the industry.”

The Breach Clarity algorithm runs on the backbone of ITRC’s proprietary database of publicly available and notified breaches. Since data breaches – and fraud methods around them – often change quickly, Breach Clarity is a dynamic, evolving tool that updates as new information becomes available regarding breaches and fraud mechanisms.

“I’m delighted to work with the ITRC because we share a passion for protecting consumers,” says Jim Van Dyke, inventor of Breach Clarity. “In contrast with some who blame victims as being ‘apathetic’ or even ‘dumb’ when it comes to security, Breach Clarity is designed to empower every identity holder with the facts and help they need to minimize the risk of a data compromise leading to identity theft.”

Shortly following the launch of Breach Clarity, ITRC and Van Dyke will jointly offer webinars on how to use the tool and address questions from the public. Sign up for the first webinar about Breach Clarity at idtheft.center/BreachClarity. For financial institutions and employers, a premium version of Breach Clarity will be created to provide advanced capabilities such as an expanded list of risks and action steps for the consumer, integrated results from multiple breaches and methods for integrating to digital finance systems that further empower the consumer after a breach.

Attendees of the KNOW 2019 conference can join Eva Velasquez, president and CEO of ITRC (booth #121), Jim Van Dyke, founder of Futurion and creator of Breach Clarity, and James Ruotolo, director of product management and product marketing for the Fraud and Security Intelligence division at SAS, for a covert event Monday March 25th, 7-9pm. Register here or visit ITRC’s booth (#121) for more information, space is limited as this is a first come, first serve event. Thanks to SAS for their support of ITRC and underwriting the KNOW 2019 networking event.

###

About the Identity Theft Resource Center®

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nationally recognized non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft, data breaches, cybersecurity, scams/fraud, and privacy issues. Through public and private support, ITRC provides no-cost victim assistance and consumer education through its call center, website, social media channels, live chat feature and ID Theft Help app. For more information, visit: http://www.idtheftcenter.org

About Futurion and Breach ClarityTM

Futurion is a research-based consultancy focused on consumer identity, digital commerce and financial services. Futurion’s CEO Jim Van Dyke formerly founded and led Javelin Strategy & Research and has also held various product management and board positions. Breach Clarity was created based on research of consumer identity crime victims and interviews with experts on the front line of fraud prevention at financial institutions, government agencies, payments networks and more. Breach Clarity’s basic outputs are free to all consumers at www.BreachClarity.com, with an upcoming premium version being designed for consumers who log into their secure personal account at licensing financial institutions and employers.

###

Identity Theft Resource Center
Charity Lacey
VP of Communications
O: 858-634-6390
C: 619-368-4373
clacey@idtheftcenter.org

The term “data breach” serves as a catch-all word for any kind of event in which someone entrusted with information—usually for large groups of people, like one’s customers or patients—allows that information to be exposed. While some data breaches are the work of highly-skilled hackers who can access a billion email accounts at once, others could be something as simple as an electrician leaving his work phone behind on a job site, possibly exposing customers’ info.

However, no matter how it happened, who was at fault, or what information was exposed, all data breaches are serious. They carry the potential for someone to misuse information or harm others.

A recently reported data breach of the United States Postal System’s website appears to be accidental, but since about 60 million users’ information were exposed for at least a year, there’s no telling what damage could have occurred…or has already occurred.

This breach involves the website’s API, or “application program interface.” API is computer lingo for the set of parameters that help legitimate users interact with a website. The API was connected to the USPS “Informed Visibility Mail Tracking & Reporting” service, a mail tracking preview program, where the weakness was found. Unfortunately, by exploiting any security holes found in the tracking service, hackers can interact with the API, too.

Here’s what security researchers found: the USPS website was accidentally left “unlocked,” meaning anyone with an account could change the search parameters and find other users’ accounts and information. They could even make changes to those accounts in some cases.

Think of it like this example: pretend you went to a major retailer’s website to look up a pair of socks you ordered two years ago. You go to your order history, type in your name and zip code, and then your order history appears. Now pretend that you could simply change the zip code or the last name, or your city or street address. What would you do if all of the information for every person in your zip code, last name, city, or street address appeared? What if it showed you every single item those people had ever ordered?

That’s similar to what happened here, and there are a few unfortunate issues with this breach. First, the information was never secured in the first place. It was only a matter of time before someone decided to test out different data points. Also, the USPS was supposedly informed of this website problem a year ago. Recently, the person who informed them then contacted Krebs on Security to report that the matter had still not been resolved, and Brian Krebs reached out to the postal service. After he contacted them, the USPS patched the problem and made it stop.

This certainly isn’t the first time a government agency has suffered a data breach. The Office of Personnel Management, reported in June 2015, and the US State Department, reported in September 2018, for example, have both endured exposures of users’ sensitive information. However, that doesn’t make the issue any easier for the consumers who now need to monitor their USPS accounts and make sure that nothing out of the ordinary has taken place.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert