Posts

  • Approximately 56 percent of California voters passed The California Privacy Rights Act (CPRA). The law will be the toughest privacy law in the U.S. once it goes into effect in 2023.
  • California residents will have more control over what happens to their personal information when businesses collect it. Consumers from the state can also have information corrected they think is inaccurate.
  • California businesses will be required to update agreements with contractors and sub-contractors that binds them to meet the provisions of the CPRA.
  • For more information on the privacy law, contact the ITRC at no-cost by calling 888.400.5530 or by live-chat on the company website.

California voters went to the polls to decide the fate of the strongest privacy law in the United States. After counting the ballots, Proposition 24 – The California Privacy Rights Act (CPRA) – passed and will go into effect in 2023.

Subscribe to the Weekly Breach Breakdown Podcast

Every week the Identity Theft Resource Center (ITRC) looks at some of the top data compromises from the previous week and other relevant privacy and cybersecurity news in our Weekly Breach Breakdown Podcast. This week, we look at CPRA and what it means for businesses and consumers.

How The California Privacy Rights Act Passed

Approximately 56 percent of California voters approved the privacy law. However, Big Tech and Big Privacy joined forces to oppose the proposal. The initiative was proposed to strengthen the existing state privacy law, The California Consumer Privacy Act (CCPA), in many different ways.

What Consumers Need to Know About The California Privacy Rights Act

There are a few different things for California residents to know about the CPRA:

  1. Since voters approved the CPRA and not the state legislature, it will be more difficult to amend the law in the future. The legislature must submit any proposed changes to the popularly approved law to the voters in a future election. That makes it very difficult to weaken the privacy provisions in the CPRA.
  2. The CPRA gives California residents even more control over what happens to their personal information when a business collects it. The CCPA gives residents the right to access the information companies collect about them and request it be deleted in certain circumstances. It also prohibits the sale of their information for marketing purposes. The CPRA will give consumers rights linked to sharing information – not just selling data to third parties – clarifying one of the most confusing parts of the current privacy law, the CCPA.
  3. The CPRA adds a right to correct any information that a consumer thinks is inaccurate. Californians will now have the right to opt-out of automated decision processes that use their personal information. Also, they will have the right to see how automated decision processes work.
  4. The CPRA creates a new category of personal information that California residents can access and control in certain circumstances, like sharing information with third parties. The new category is known as “sensitive personal information” and includes precise geolocation data, race, religion, sexual orientation, Social Security numbers and certain health information.
  5. Finally, the new privacy law gives consumers the right of data portability, which means someone can tell a company to share their information with another company. It is like when someone changes their mobile phone or insurance companies.

What Businesses Need to Know About The California Privacy Rights Act

Businesses will also have a host of new duties that apply to them:

  1. Companies will have to create data silos, meaning they will have to keep personal information used in marketing separate from other consumer information. Companies, especially smaller ones, are already struggling to meet the existing consumer rights of access, review, deletion and opt-out. The new provision could compound the compliance issues.
  2. The most significant change for businesses will be the requirement that companies update agreements with contractors and sub-contractors that bind them to meet the provisions of the CPRA. In past podcast episodes, the ITRC has talked about data breaches resulting from “supply chain attacks.” That is where a company has good cybersecurity. Still, a third-party vendor ends up breached, and the company’s customer data is exposed. The requirement to update agreements with contractors and sub-contractors is designed to address supply chain attacks and clarify that everyone in the supply chain is responsible for protecting consumer information.
  3. Businesses do get some benefits in the CPRA. Employee and B2B data are exempt from the law until at least 2023, and businesses may be charged fees if consumers opt-out of data collection and sharing. That provision is the reason privacy advocates joined Big Tech companies to oppose the CPRA.

Toughest Privacy Law in the United States

The CPRA will be the toughest privacy law in the U.S. when it goes into full effect in 2023. In the meantime, state officials will propose the regulations needed to implement the new law. In the case of the CPRA, there will also be a new state agency created to enforce the new privacy law. For now, the California Attorney General will continue to enforce the existing law, CCPA.

Privacy Law Passed in Massachusetts

There was another state privacy law recently approved by a vote in Massachusetts. Car owners now have the right to see the information their car is wirelessly sharing with automakers. Approximately 75 percent of voters approved the proposal; carmakers have until 2022 to comply.

notifiedTM 

For information about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notifiedTM. It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.  

Contact the ITRC

If you have a question about The California Privacy Rights Act, data privacy, or if you receive a breach notice and you’d like to know how to protect yourself, contact the ITRC. You can speak with an expert advisor toll-free at 888.400.5530 or by live-chat on the company website. Also, download the free ID Theft Help App to access resources, a case log and much more. 

Join us on our weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.  

  • The Identity Theft Resource Center (ITRC) discovered multiple social media posts encouraging people to leave their Social Security numbers in the comment section of popular social media sites. It is known as the “Social Security number challenge.” 
  • While many people will not fall for the challenge, it is a reminder that there are fake social media profiles that ask for personal information.  
  • No one should ever give out any personal information publically or to someone they do not know, especially on social media. 
  • For more information, contact the ITRC for no-cost assistance by phone at 888.400.5530 or by live-chat via the company website.  

Have you ever heard of the Social Security number challenge? Someone posts a call to action on social media for people to “drop their Social Security number” in the comments. The Identity Theft Resource Center (ITRC) recently was notified of the trending Social Security number challenge on Facebook. 

Image from Facebook

While the challenge seems far-fetched, it is a good reminder that there are fake social media profiles that ask for personal information like “your mother’s maiden name” or “the answer to your security question.”  

Who It Is Targeting 

Facebook and social media users 

What It Is 

A social media challenge where someone posts on social media asking others to place their Social Security number in the comments. It is known as the “Social Security number challenge.”  

What They Are After 

In this particular case, people’s Social Security numbers. However, there are fake social media profiles that ask for other personal information like account security answers (your mother’s maiden name or dog’s name) that could lead to lots of damage if used in your password or other.

What You Can Do 

Never give out personal information to anyone you do not know. It’s impossible to know whose hands the information will end up in and what they might do with it. Personal information can be used to commit many different forms of identity theft. 

If you want to learn more about social media safety or have questions about the use of your Social Security number, contact the ITRC toll-free at 888.400.5530 to speak with an expert advisor. You can also live-chat with an advisor on the company website.  


Read more of our latest information & educational resources below

QR Code Security Threats Begin to Grow as Digital Barcode Popularity Rises

Unsubscribe Email Scam Looks to Trick Consumers

Social Media Scams are on the Rise as More People Use the Platforms to Connect

  • Quick Response Codes, or QR Codes, continue to generally grow in popularity, especially due to COVID-19. Hackers are aware and are looking to possibly attack consumers with the digital barcodes. 
  • There have been attacks in India and Brussels in 2020. Malwarebytes reports the U.S. saw QR Code scams and attacks in 2019.   
  • To reduce their chance of a compromise, QR Code users should be somewhat skeptical when using one of the digital cubes. Look for things that might seem out of the ordinary – like asking for logins, passwords or payment information. Ask an employee if you encounter something you think is odd.  
  • For more information, contact the Identity Theft Resource Center toll-free at 888.400.5530 or by live-chat on the company website.  

Quick Response Codes, also known as QR Codes, have generally grown in popularity over the years. COVID-19 has sped the use, with an increasing number of businesses using QR Codes for contactless encounters and transactions. However, hackers are aware of the rise, which could mean QR Code security threats to consumers who use them. 

Waitress providing menu for restaurant goer through contactless QR code

What is a QR Code? 

QR Codes are digital barcodes often used for electronic tickets for travel or events, to view a restaurant’s menu, or to share product information at a retailer. They are a quick way to get people to websites, promotional codes and mobile payments.  

QR Code Security Threats 

The convenience of QR Codes comes with security risks too. According to a survey of consumers conducted by MobileIron, 71 percent of respondents could not tell the difference between a malicious QR Code and a legitimate one. Also, more than 51 percent of respondents did not have mobile security on their devices (or did not know if they did) to provide QR Code security in case of a QR Code-related attack.  

Attackers can take advantage of people’s trust in QR Codes by embedding malicious software into the digital cubes. MobileIron says they expect QR Code attacks to increase in the near future. The attacks would steal data from mobile devices or lead to phishing websites that could harvest credentials and other personal information.  

What You Can Do 

Attacks can lead to many different actions that range from inconvenient to malicious. This includes risky texts, emails, initiating a phone call, or adding a contact listing. However, there is one thing consumers can do to protect themselves: be skeptical.  

  • If you see what seems to be a QR Code physically pasted on top of another, ask an employee. The restaurant or retailer may have just updated their QR Code, but it could also be a sign of a malicious code. 
  • Before scanning the QR Code, check the website address of the code. Many phones will allow you to view the web address before you scan it. If you are unsure about the website, you can safely view the site by searching it by adding a “+” sign after the URL. You can also ask an employee about any suspicious website addresses. 
  • Only scan codes from trusted entities. The Identity Theft Resource Center (ITRC) always tells consumers to use trusted entities when donating to a charity or shopping online because there is less risk. The same advice applies to QR Codes. A trusted entity will be less likely to have a malicious QR code on a restaurant menu, plane ticket or promotional code. 

Contact the ITRC 

Consumers need to be aware of QR Code security threats. The more people protect themselves, the harder it will be for identity thieves to succeed in hacking people using QR Codes. If you would like to learn more or believe you have been a victim of a QR Code attack, contact the ITRC toll-free at 888.400.5530 or on the company website via live-chat.  


Read more of our latest information & educational resources below

Unsubscribe Email Scam Looks to Trick Consumers

Social Media Scams are on the Rise as More People Use the Platforms to Connect

Reports Show Consumer Privacy and Cybersecurity Views Have Evolved

  • Two new research papers from OpSec Security and Consumer Reports shows how consumer privacy and cybersecurity views are evolving across the U.S. 
  • Findings in the OpSec Security report show that cyberattacks and data breaches are pervasive, and consumers are concerned and desensitized by the volume of information compromises. 
  • The Consumer Reports report concludes that consumers believe companies are primarily responsible for protecting the personal information businesses collect, store and use. 
  • For more information on the latest data breaches, visit the Identity Theft Resource Center’s (ITRC) data breach tracking tool, notifiedTM. It is updated daily and free to consumers.  
  • For cybersecurity, privacy or data breach advice, contact the ITRC toll-free at 888.400.5530 or by live-chat on the company website. 

Privacy and cybersecurity impact consumers. Two new research papers show how consumer privacy and cybersecurity views are evolving across the U.S. The reports validate a central concern among consumers that there is not enough done to protect their most precious possession; their name. 

Subscribe to the Weekly Breach Breakdown Podcast 

Every week the Identity Theft Resource Center (ITRC) looks at some of the top data compromises from the previous week and other relevant privacy and cybersecurity news in our Weekly Breach Breakdown Podcast. This week, we will look at two new research reports. The first focuses on recent changes in consumer attitudes. The second takes a longer-term look at how consumer privacy and cybersecurity views are different now compared to 25 years ago when the modern commercial internet was born.

The Importance of Reputation 

Reputations are important to individuals, companies and organizations. That’s why OpSec Security, a global cybersecurity firm, recently surveyed 2,600 consumers throughout the U.S. and four European countries. Researchers asked consumers whether they have been affected by cybercrime, their perceptions of brands, and if their role – or the role they should play – in keeping consumers safe has changed over time. 

The findings show that cyberattacks and data breaches are pervasive and consumers are both concerned and desensitized by the volume of information compromises. Some of the key findings in the last year include the following: 

  • 40 percent of respondents were a victim of an email or phishing scam
  • 51 percent of respondents say they receive more phishing attempts now than before the COVID-19 pandemic. 
  • 35 percent of respondents experienced credit or debit card fraud. 
  • 21 percent of respondents were a victim of identity theft at some point.  

Meanwhile, 30 percent of respondents were impacted by a data compromise, which did not surprise nearly one-third of the people who received a data breach notice. Of those who had their data compromised, 46 percent were contacted more than five times. Almost half of those who haven’t received a data breach notice, 48 percent, are worried they will soon.  

Those 30 percent of consumers in the OpSec survey who say they had their data compromised in a data breach equal the same percentage of people who responded to a similar question from Consumer Reports.  

Consumers Think Businesses are Responsible for Protecting Personal Information 

Both surveys came to a similar conclusion: consumers believe companies are primarily responsible for protecting the personal information businesses collect, store and use. Consumer Reports surveyed more than 5,000 U.S. residents about privacy and security. They also reviewed past research to show how consumer attitudes changed over time. 

  • In 1995, 44 percent of consumers were worried “a lot” or “some” about losing privacy due to the internet. 
  • By 2002, 76 percent of survey respondents were uncomfortable about companies collecting data about them. However, 94 percent thought they had a legal right to see what data the company collected about them from a website. 
  • Fast forward to 2019; 65 percent of consumers said they do not believe their personal information is kept private. 

In the Consumer Reports research published in October, 96 percent of consumers surveyed agreed that more could be done to ensure companies protect consumer information. Other findings include the following: 

  • 68 percent of consumers surveyed believe companies should be required to delete the data they have about someone upon the consumer’s request. 
  • 67 percent of respondents think there should be tougher penalties, like high fines, for companies that don’t protect someone’s privacy. 
  • 63 percent say companies should be required to give consumers access to the data companies have about them. 
  • 63 percent also believe there should be a national law that says companies must get a person’s permission before sharing their information. 

There are now laws, passed in multiple states, that include one or more of the items from the consumers’ privacy wish list above, but a national privacy law remains elusive. 

Built-In Privacy Features 

One finding that did not emerge from either survey on consumer privacy and cybersecurity views was a consensus around what consumers want to happen next to protect their information. Consumer Reports notes that companies are beginning to build products with built-in privacy features. More than 40 percent of consumers say they may be willing to pay companies to stop collecting, sharing and selling their personal information. Right now, that practice is prohibited in California, the state with the toughest privacy law in the U.S.  

notifiedTM  

For more information about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notifiedTM. It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.   

Contact the ITRC 

If you receive a breach notice and would like to know how to protect yourself, contact the ITRC at no-cost by calling 888.400.5530 to speak with an expert advisor. You can also live-chat with an advisor on the company website. Also, download the free ID Theft Help App to access advisors, data breach resources, a case log and much more.  

Join us on our weekly data breach podcastto get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.   


Read more of our latest information & educational resources below

Unsubscribe Email Scam Looks to Trick Consumers

Social Media Scams are on the Rise as More People Use the Platforms to Connect

Phishing Attack Report Reveals Microsoft is the Top Spoofed Brand and Other Data Breach News

  • A new unsubscribe email scam tries to scare people into “unsubscribing” from confirmation emails coming from an adult dating list.
  • The unsubscribe button could lead to malware or to a form to steal your personal information.
  • Anyone who receives a suspicious email they are not expecting should ignore it and not click on any links, open any attachments, or download any files. Users can also report the email as spam.
  • For more information, contact the Identity Theft Resource Center toll-free at 888.400.5530. You can also live-chat with an expert advisor on the company website.

Scammers are always looking for new ways to dupe consumers into turning over their personal information or spreading malware to one of their devices. A new unsubscribe email scam reported to the Identity Theft Resource Center (ITRC) tries to trick people into clicking an “unsubscribe button” that could be either a malicious link or a form to steal your personal information.

Who It Is Targeting

Email users

What It Is

A “confirmation” email that claims you received a private message from an adult dating website. The fake email asks the user to confirm by entering their email address and name, and it gives people an option to “unsubscribe” if they would like to stop receiving the adult dating list emails. Scammers use scare tactics such as an email from an adult website in hopes people will click the “unsubscribe” button.

What They Are After

Entering your email address and name into the confirmation email gives cybercriminals the personal information needed to commit identity crimes. Clicking the “unsubscribe” button could lead to malware infecting your device, or to a form that asks for your personal information.

What You Can Do

  • If you receive a suspicious or unexpected message that includes links or asks for your information, ignore it. If it claims to be from a legitimate company, go directly to the source to verify the validity of the message.
  • Do not click on any links, open any attachments, or download any files in an email or text unless you confirm it is legitimate.
  • Use your email provider’s “spam” feature to report the email as junk rather than clicking unsubscribe.

If you believe you have fallen victim to an unsubscribe email scam or have additional questions, call the ITRC toll-free at 888.400.5530. You can also live-chat with an expert advisor on the company website.

  • The Federal Trade Commission reports that people who lost money to scams that started on social media has more than tripled in 2020, with a significant increase in the second quarter of the year. 
  • The increase in social media scams fits the overall 2020 trend of more phishing scams on channels besides email. 
  • Some recent social media scams include romance scamsfake advertisements, and social media messages offering grant money or giveaways. 
  • To reduce the risk of falling for a social media scam, don’t click on any links from unknown messages, do research on any ad seen on social media, and never send money to someone you’ve never met in person. 
  • To learn more, contact the Identity Theft Resource Center toll-free at 888.400.5530, or speak with an expert advisor via live-chat on the company website. 

There is an increase of social media scams in 2020, fitting the overall trend of the year of more phishing scams on channels besides email. Scams strike people in many different ways, ranging from robocalls to phishing attacks. While social media websites are another platform scammers use for their attacks, it’s not always the first place people think to monitor when they hear the phrase “phishing scams.” 

Scammers Take Advantage of More People Online During COVID-19 

However, 2020 is different. Social media is already a great place to connect, but especially right now due to COVID-19. More people are using social media, and scammers are aware. In fact, more scammers are hanging out on the sites, posing a greater threat for scams to users. Scammers know COVID-19 changes the way people live, and they try to take advantage in any way possible. 

New Report on Increase in Social Media Scams 

The Federal Trade Commission (FTC) reports that people who lost money to scams that started on social media has more than tripled in 2020, with a significant increase in the second quarter of the year. The FTC says the growth has been happening for years, reporting social media scam fraud losses of $134 million in 2019.  

However, the first half of 2020 had $117 million in fraud losses from social media scams alone. Some recent social media scams include romance scamsfake advertisements, and social media messages offering grant money or giveaways. Often, scammers create fake profiles of people victims may know to take advantage of them. In some cases, scammers will even take over a real person’s account. 

How to Avoid a Social Media Scam 

Consumers can do a handful of things to reduce their risk of falling victim to a social media scam.  

  1. Check the validity of any ad you see on social media. Do a quick Google search of the supposed business followed by “complaints,” “reviews” or “scam.” This will help you determine whether or not the company has been reported or accused of any suspicious activity. Also, directly search for the company website. Any legitimate company will most likely have contact information on their webpage. 
  1. Never click on a link or open an attachment without verifying the validity of the message or ad. You can do this by directly reaching out to the company to see if they sent the message or posted the ad. If not, it is probably a scam. If you cannot find any contact information for the company, it is probably a scam. 
  1. Reach out directly by phone or email to the friend or family member asking for money or personal information. If they did not send the message, the sender’s account was probably hacked. 
  1. Never send money or personal information to someone you have never met in person. Imposter scams, where scammers try to trick people into giving up personal information or money by posing as someone fake, continue to rise throughout the country.  
  1. Regularly check your privacy settings on all of your social media platforms. Make it more challenging for scammers to target you by limiting what you share online. 

Contact the Identity Theft Resource Center 

Consumers should be aware of the 2020 trend around scams and that scammers will continue to hang out in the social media space. However, if everyone does their part, they can still enjoy the platforms with minimal risk of falling for a social media scam.  

To learn more, or if you believe you are the victim of a social media scam, reach out to the Identity Theft Resource Center (ITRC) toll-free at 888.400.5530 or by live-chat on the company website. Also, download the ITRC’s free ID Theft Help app for access to additional resources. 


Read more of our latest articles below

Phishing Attack Report Reveals Microsoft is the Top Spoofed Brand and Other Data Breach News

New VPN Security Vulnerability Could Affect Businesses and Consumers

Election Scams Begin to Surface with the General Election Less than One Month Away

  • A new CheckPoint report shows that 44 percent of all phishing attacks involve emails that use Microsoft as the spoofed brand. Microsoft was the brand used as bait in 19 percent of all forms of phishing last quarter. 
  • Barnes & Noble acknowledged what they initially thought was a systems error earlier in October turned out to be a cyberattack on some of its systems. 
  • Cyberthieves posted three million credit cards for sale on the dark web earlier in the month stolen from Dickey’s BBQ restaurant chain throughout 2019 and 2020. 
  • Darkside announced they donated $20,000 in bitcoins to two global charities. Darkside claims they do not attack schools, hospitals or governments, and instead focus on highly profitable, large corporations. 
  • If you are the victim of a phishing attack or data compromise, contact the Identity Theft Resource Center for no-cost assistance at 888.400.5530 or by live-chat on the company website. 

A new report reveals how frequently identity criminals use well-known brands to trick people into sharing their personal information. CheckPoint Security researchers say one company has jumped to the top of the heap when it comes to fake emails and fake websites involved in brand phishing attacks – Microsoft.  

Subscribe to the Weekly Breach Breakdown Podcast 

Every week, the Identity Theft Resource Center (ITRC) looks at some of the top data compromises from the previous week and other relevant cybersecurity news in our Weekly Breach Breakdown podcast. This week, we take a look at CheckPoint’s latest survey and what it means, as well as two data compromises that recently prompted consumer notices, and a ransomware group donating to charities.  

Brand Phishing Attacks 

There are different types of phishing attacks. What is a brand phishing attack? In this attack style, a cybercriminal imitates a well-known brand’s official website by using a web address and webpage design similar to the real thing. A link to the fake website is then sent to people by email, text message, or social media.

The fake webpage often contains a form intended to steal the credentials, payment details, or other personal information of the people caught in the phisher’s net.  

While many of the spoofed websites are fake with poor spelling or grammar, these emails, websites, texts and social media accounts are increasingly sophisticated and highly accurate imitations that even trained professionals don’t spot at first glance. 

Report Reveals Microsoft as the Top Spoofed Brand 

CheckPoint’s current report shows that 44 percent of all phishing attacks involve emails that use Microsoft as the spoofed brand. Forty-three percent of all types of phishing attacks involve fake websites, and Microsoft is again the number one brand used to lure unsuspecting users.

As tolled, Microsoft was the brand used as bait in 19 percent of all forms of phishing last quarter.  

However, Microsoft is not the only brand in the crosshairs of cybercriminals. The rest of the top ten brands currently being used in phishing campaigns include: 

  • Google (nine percent) 
  • PayPal (six percent) 
  • Netflix (six percent) 
  • Facebook (five percent) 
  • Apple (five percent) 
  • WhatsApp (five percent) 
  • Amazon (four percent) 
  • Instagram (four percent) 

How to Avoid a Phishing Attack 

The best way to avoid falling victim to all types of phishing attacks is to ignore unsolicited emails and texts that include links. If anyone receives a notice from a company where they do business, they should log in directly to their account to verify the message they received was real.

Anyone who gets a notice can also go to the company website directly and contact them. Under no circumstances should anyone click on a link or call a telephone number in an unexpected email.  

Barnes & Noble Data Compromise 

We also want to tell you about two recent data compromises that led to consumer notices. Barnes & Noble – the online brick and mortar bookseller – acknowledged what they initially thought was a systems error earlier in October was, in fact, a cyberattack on some of the company’s systems.

Customer email addresses, billing and shipping addresses, telephone numbers and transaction histories may have been involved in the security breach. Barnes & Noble says there is no evidence of a data exposure. However, they are not ruling out the possibility. 

Dickey’s BBQ Data Compromise 

The Barnes & Noble breach is different from the circumstances at the Dickey’s BBQ restaurant chain. Cyberthieves posted three million credit cards for sale on the dark web earlier in the month stolen from the popular eatery throughout 2019 and 2020. Security researchers believe 156 Dickey’s locations across 30 states likely had payment systems compromised by card-stealing software.  

“Darkside” Ransomware Group Tries to Claim its Legitimacy 

Finally, the ransomware group known as “Darkside” is trying its hand at brand building just like a legitimate company. This week Darkside announced they had donated $20,000 in bitcoins to two global charities. Darkside claims they do not attack schools, hospitals or governments, and instead focus on highly profitable, large corporations.  

Security researcher Chris Clements notes, “The most troubling realization here is that the cybercriminals have made so much money through extortion that donating $20,000 is chump change to them.”  

Neither of the two charities has acknowledged receiving the donation and say they will not keep it if it turns out to be true. 

notifiedTM 

For more information about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notifiedTM. It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.  

Contact the ITRC 

If you accidentally click on a link of a brand phishing attack or provide information to what you discover later was a fake website form, contact the ITRC toll-free at 888.400.5530 or live-chat with an expert advisor on the company website. An advisor will walk you through the steps to take to protect yourself from any possible identity misuse. 

If you receive a breach notice due to the Barnes & Noble or Dickey’s BBQ events or any other data compromise and you’d like to know how to protect yourself, contact the ITRC to speak with an expert advisor. Also, download the free ID Theft Help App to access advisors, resources, a case log and much more. 

Join us on our  weekly data breach podcastto get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.  


Read more of our latest articles below

Identity Theft Resource Center® Reports 30 Percent Decrease in Data Breaches so Far in 2020

Election Scams Begin to Surface with the General Election Less than One Month Away

Recent Insider Attacks Stress the Importance of Smart Business Practices

  • Data breaches are down 30 percent in Q3 of 2020 compared to Q3 of 2019 when you look at the Blackbaud ransomware attack as a single event. 
  • Data breaches are down 10 percent in Q3 of 2020 compared to Q3 of 2019 when you look at the Blackbaud ransomware attack as a series of data breaches.  
  • Regardless of how the Blackbaud ransomware attack is viewed, the number of individuals impacted by a data breach is down nearly two-thirds.  
  • Anyone who believes they are a victim of a data breach is encouraged to contact the Identity Theft Resource Center to learn more about the next step to take. Victims can call toll-free at 888.400.5530 or live-chat with an expert-advisor on the company website. 

2020 has seen many different data breach trends. In the first half of 2020, the Identity Theft Resource Center (ITRC) reported a 33 percent decrease in data breaches and a 66 percent decrease in individuals impacted. The ITRC has compiled the Q3 2020 data breach statistics, and the number of compromises has dropped. However, there is one data breach that skews all the data. 

Two Ways to Look at the Numbers 

With the ongoing global pandemic and one particularly nasty ransomware attack against IT service provider, Blackbaud, reported in the third quarter, the Q3 numbers can be interpreted in two ways. 

Data Breaches Down 30 Percent Treating Blackbaud as a Single Event 

If we treat the Blackbaud attack as a single event, the number of data compromises reported so far in 2020 remains well below the 2019 trend line, with nearly a 30 percent decrease year-over-year. Looking at the rest of 2020, absent a significant data breach, 2020 could end with just over 1,000 data breaches. That would be the lowest number of breaches in five years, dating back to 2015. 

Data Breaches Down 10 Percent Treating Blackbaud as a Series of Breaches 

If the Blackbaud ransomware attack is treated as a series of data breaches, the year-over-year trend line changes significantly. However, the number of data breaches is still down in comparison to 2019. There have been 247 data breaches reported as a result of the Blackbaud ransomware attack. Once you add those to the overall number of data compromises, we go into Q4 with a 10 percent decrease in data breaches compared to this time last year.  

Individuals Impacted by Data Breaches Down Two-Thirds 

No matter how Blackbaud is categorized, one data point remains the same: the number of individuals who have been impacted in 2020 by an information breach. So far in 2020, roughly 292 million people have had their personal information compromised, nearly two-thirds fewer people than in 2019. The ITRC will have more information to share on our Q3 Data Breach Trends Report, which will be released later in October. We will also discuss the details on our sister podcast, The Fraudian Slip, in two weeks. 

Subscribe to the Weekly Breach Breakdown Podcast 

Every week, the ITRC looks at some of the top data compromises from the previous week, and other relevant cybersecurity news in our Weekly Breach Breakdown podcast. This week, we are looking at the Q3 data breach trends and the latest numbers.  

notifiedTM 

For more information about recent data breaches, or any of the data breaches discussed in Q3, consumers and businesses should visit the ITRC’s new data breach tracking tool, notified. It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free. 

Contact the ITRC 

If you receive a breach notice due to the Blackbaud ransomware attack or any other data compromise and want to know what steps to take to protect yourself, contact one of the ITRC expert advisors by phone toll-free 888.400.5530, or by live-chat on the company website. Victims of a data breach can also download the free ID Theft Help App to access advisors, resources, a case log and much more. 

Join us on our weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform. 


Read more of our latest news below

Shopify Data Exposure Affects Hundreds of Online Businesses

Dunkin Donuts Data Breach Settlement Highlights Busy Week of Data Compromise Updates

50,000+ Fake Login Pages for Top Brands from Credential Theft

CashApp scams have seen an uptick since COVID-19 began impacting the United States. In April, we wrote about scammers out in full force trying to get consumers to fall for CashApp scams by clicking on fraudulent and malicious links that could steal people’s money and identity, taking advantage of the economic hardships. Now, the Identity Theft Resource Center (ITRC) is receiving multiple calls and live-chats about a twist on the CashApp scam: a CashApp customer support scam.

Who Is Targeted

CashApp users

What It Is

A CashApp customer support scam where scammers act as CashApp customer support on a hotline to gain access to users CashApp accounts or ask users to download software to allow remote access to their mobile device.

What They Are After

Scammers are after money and personal information using a fake customer support hotline. In one CashApp scam case reported to the ITRC, a scammer stole all of the victim’s money and changed their username and password. In another case, a scammer was able to get a hold of the victim’s bank account number and access the victim’s bank account.

How You Can Avoid It

  • As of right now, CashApp only offers customer service via email or through the app, not by telephone. Reach out to customer support directly through the company’s website or app.
  • Never give out personal information over the phone if you do not know who is on the other end.
  • Do not download software to allow third parties to have access to any of your mobile devices.
  • Only use CashApp to transfer money to people you know.
  • Add additional security measures, including multi-factor authentication.

If you think you may have fallen victim to a CashApp customer support scam, you can call the ITRC toll-free at 888.400.5530. You can also live-chat with an expert advisor on the company website.


Read more of our latest blogs below

Fortnite Gaming Data Being Sold for Hundreds of Millions of Dollars Per Year

“Meow” Attacks Lead to 4,000 Deleted Databases and Perplexed Security Experts

Cense.Ai, Freepik and ArbiterSports Headline Recent Data Breaches

With some businesses opening back up after temporarily closing due to the COVID-19 pandemic, scammers are trying to capitalize using online job scams to steal people’s personal information.

Recently, Scripps Health found hackers exploiting job seekers through phishing emails with Scripps Health-themed “lures.” Scripps sent the following email to warn their community members:

Image provided to the Identity Theft Resource Center by public

ATA Engineering, another San Diego-based company, reports they also are seeing similar-type online job scams.

The Identity Theft Resource Center (ITRC) has seen a rise in victims contacting the organization about online job scams, including phishing emails. Some of the particular job scams reported to the ITRC include ones from Indeed, Zip Recruiter, and Facebook. The ITRC has had more than 40 victims reach out about online job scams the last three months.

Who Is It Targeting

People looking for work amist the COVID-19 pandemic

What Is It

Either a fake listing posted on a job board or a phishing email, robocall, social media message, or text message looking for a response.

What Are They After

While scammers attack in different ways, they are all looking for one thing: personal information. They hope they can trick people who are desperate or vulnerable into giving up sensitive data like usernames and passwords, financial data, or Social Security numbers. Once scammers have that information, they can commit many different forms of identity theft.

How You Can Avoid It

  • Never click on a link or open an attachment from an email you are not expecting. Instead, go directly to the source to verify the validity of the message.
  • Review all emails and websites carefully to make sure there are no suspicious addresses, subject lines or URLs.
  • Be careful about how much personal data you share, at least during the application process. Do not turn over information like your Social Security number until you are hired.
  • Make sure you have the job, and it is legitimate, before giving away financial information like a bank account number or routing number for direct depositing of paychecks.

If you think you may have fallen victim to an online job scam, you can call the ITRC toll-free at 888.400.5530. You can also live-chat with an expert advisor on the company website.


Read more of our latest articles below