Posts

Get the latest trends in data breaches by signing up for the ITRC Monthly Breach Newsletter delivered straight to your inbox.

On July 19, 2019, Pearson PLC reported a data breach affecting approximately 13,000 schools and university AIMS Web 1.0 accounts. The data breach was attributed to unauthorized access by an unknown individual. Students had their names and in some cases dates of birth and email addresses exposed. Additionally, some staff member names, email addresses and work information – such as job title and work addresses – were exposed.

Editor’s note: School districts affected by the Pearson breach have continued to come forward since the initial July 2019 report. ITRC is tracking each school district separately, as well as part of the larger breach by Pearson. Due to the scope of this breach, an unprecedented number of individual student accounts could have been exposed (hundreds of thousands) leaving an unknown number of victims. ITRC will continue to monitor this breach as it unfolds.

In August 2019 there were a total of 130 data breaches exposing 1,748,078 sensitive records.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

10,000 Breaches Later: The Benchmark Breaches That Created Systemic Change

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

 

By 2021, over 2.14 billion people worldwide are expected to buy goods and services online, up from 1.66 billion global digital buyers in 2016. That means retail data breaches will also be on the rise as point-of-sale (POS) systems, e-commerce sites and other store servers are major targets for hackers looking for large volumes of personally identifiable information (PII) and behavioral data.

Sign up for the ITRC Monthly Breach Newsletter

That is one reason why the Identity Theft Resource Center has been working to empower identity theft victims with the resources and tools to resolve their cases since 1999., including helping people proactively reduce their risk of becoming a victim of identity theft. Since 2005, the ITRC has recorded over 10,000 publicly notified data breaches with monthly and cumulative end-of-year report published.

Read next: 2018 End-of-Year Data Breach Report

ITRC currently tracks five industry categories: banking/credit/financial; business; education; government/military and medical/healthcare. ITRC is a leader in reporting new data breach trends. We’re continuing our 10,000 breaches blog series with a look at the five most impactful retail data breaches for consumers.

Target

Retail giant Target makes the list for their 2013 data breach that exposed the payment card information of 40 million people and the personal information of 70 million. Hackers were able to infect Target’s POS systems with malware, disrupting holiday shopping for millions of consumers. Between Black Friday and Christmas shopping, anyone who shopped at Target from November 27 to December 15, 2013 was at risk for fraud. In a public statement to customers, Target said they moved swiftly to address the issue and that they regret any inconvenience it might have caused.

TJX Companies

In January 2007, TJX Companies Inc., operator of stores like T.J. Maxx, Marshalls and HomeGoods, experienced a retail data breach that affected 94 million customers. Payment card information and customer return records, which included driver’s license numbers, military I.D. numbers or Social Security numbers, were stolen by hackers who were able to gain access to TJX’s computer systems that process and store transaction information. TJX reached settlements with a majority of entities in 2007 and 2008.

Home Depot

Target is not the only retailer that experienced a breach of their POS systems. In 2014, Home Depot announced that they had experienced a retail data breach affecting their payment card processing systems. The hackers were able to steal the payment card information of 40 million customers and emails of 54 million. Since the incident, there have been 57 lawsuits filed against the large retailer. While the company did not admit any wrongdoing, they say they settled so they could move forward and put the incident behind them without incurring further costs.

Hudson Bay

Hudson Bay, parent company of Saks Fifth Avenue and Lord & Taylor, experienced a retail data breach that affected the payment card information of five million customers in 2018. Most of the stores affected were located in New York and New Jersey. It is reported that the retail data breach only affected in-store purchases and did not affect its e-commerce sites. In a statement, Hudson Bay said they deeply regretted any inconvenience or concern the breach may have caused. They also said there was no indication that Social Security or driver’s license numbers were stolen.

Hannaford Brothers

In 2008, supermarket company Hannaford Brothers was breached. It affected just over four million customers. Malware was placed on 300 Hannaford servers as part of the retail data breach which allowed hackers to steal customers’ payment card details as they were used at the check-out. Of the just over four million customers who were affected, more than 1,800 reported their credit cards had been used.

As we recap the last 10,000 breaches, the ITRC hopes that we can help those impacted – both consumers and business fall victim to the nefarious acts of fraudsters – understand how to minimize their risk and mitigate their data compromises. If you received a data breach notification letter, don’t just toss it aside. Call us at 888.400.5530 or LiveChat to talk with a live-advisor on what you should do. If you are a business impacted by a data breach incident, please reach out to us to discuss how we can provide assistance to your impacted customers.

As part of this series, in our next 10,000 Breaches Later blog  we will take a look at some of the biggest business breaches since 2005 and what they meant for consumers. For a look at all of the ITRC’s 10,000 breaches blogs, visit idtheftcenter.org.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

10,000 Breaches Later: The Benchmark Breaches That Created Systemic Change

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

 

Identity Theft Resource Center and Futurion unveil a new tool Breach Clarity for consumers impacted by data breaches 

LAS VEGAS, Mar 24, 2019 ­­– Today, the Identity Theft Resource Center® (ITRC), a national non-profit organization established to support victims of identity crime, and Futurion announced during the KNOW 2019 conference the launch of a new tool to empower victims of data breaches in decoding what breach notification means to them and how they can minimize the risk of identity theft and fraud. The ITRC, along with the tool’s creator Jim Van Dyke, announced Breach ClarityTM. Breach Clarity is the secret decoder that will allow consumers to decipher data breach risks, prioritize the right minimization actions and access ITRC advisors for additional help. Breach Clarity is a no-cost, online tool for consumers, meant to crack the often muddled and incomplete information that follows breach notification.

Consumers can utilize the tool at www.idtheftcenter.org/BreachClarity and begin decoding the effect of any data breach on their identity safety. Breach Clarity uses a proprietary algorithm to give a data breach a risk score based on unique variables, like amount and type of information exposed. The higher the risk score for a specific breach, the more negative consequences that breach can potentially have for an individual. Breach Clarity also unlocks the top potential harms and recommended action steps for a victim of each breach, eliminating confusion in a time-is-of-the-essence period for victims. Finally, the tool provides resources for consumers like risk minimization plans from ITRC for data breach and next steps toward remediation.

The most frequently asked question ITRC receives when assisting victims of data breach is, “But what does this actually mean to me?” The national non-profit strives to better assist and educate victims in determining if they should be worried and how the breach can affect them. Breach Clarity gives consumers the power to decode the harms of a data breach. After receiving a notification letter or getting information from a credible third-party like media sources, websites that provide security

information and other sources, a victim can enter the name of the breach they were affected by to decode what that breach means to his or her safety.

“Victims deserve answers, not vague language that covers up the true meaning of data breaches,” says president and CEO of ITRC Eva Velasquez. “We are thankful to have partners, like Jim Van Dyke, who are working to change the industry and bring clarity to victims. Breach Clarity is the first step toward empowering data breach victims and changing the scope of the industry.”

The Breach Clarity algorithm runs on the backbone of ITRC’s proprietary database of publicly available and notified breaches. Since data breaches – and fraud methods around them – often change quickly, Breach Clarity is a dynamic, evolving tool that updates as new information becomes available regarding breaches and fraud mechanisms.

“I’m delighted to work with the ITRC because we share a passion for protecting consumers,” says Jim Van Dyke, inventor of Breach Clarity. “In contrast with some who blame victims as being ‘apathetic’ or even ‘dumb’ when it comes to security, Breach Clarity is designed to empower every identity holder with the facts and help they need to minimize the risk of a data compromise leading to identity theft.”

Shortly following the launch of Breach Clarity, ITRC and Van Dyke will jointly offer webinars on how to use the tool and address questions from the public. Sign up for the first webinar about Breach Clarity at idtheft.center/BreachClarity. For financial institutions and employers, a premium version of Breach Clarity will be created to provide advanced capabilities such as an expanded list of risks and action steps for the consumer, integrated results from multiple breaches and methods for integrating to digital finance systems that further empower the consumer after a breach.

Attendees of the KNOW 2019 conference can join Eva Velasquez, president and CEO of ITRC (booth #121), Jim Van Dyke, founder of Futurion and creator of Breach Clarity, and James Ruotolo, director of product management and product marketing for the Fraud and Security Intelligence division at SAS, for a covert event Monday March 25th, 7-9pm. Register here or visit ITRC’s booth (#121) for more information, space is limited as this is a first come, first serve event. Thanks to SAS for their support of ITRC and underwriting the KNOW 2019 networking event.

###

About the Identity Theft Resource Center®

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nationally recognized non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft, data breaches, cybersecurity, scams/fraud, and privacy issues. Through public and private support, ITRC provides no-cost victim assistance and consumer education through its call center, website, social media channels, live chat feature and ID Theft Help app. For more information, visit: http://www.idtheftcenter.org

About Futurion and Breach ClarityTM

Futurion is a research-based consultancy focused on consumer identity, digital commerce and financial services. Futurion’s CEO Jim Van Dyke formerly founded and led Javelin Strategy & Research and has also held various product management and board positions. Breach Clarity was created based on research of consumer identity crime victims and interviews with experts on the front line of fraud prevention at financial institutions, government agencies, payments networks and more. Breach Clarity’s basic outputs are free to all consumers at www.BreachClarity.com, with an upcoming premium version being designed for consumers who log into their secure personal account at licensing financial institutions and employers.

###

Identity Theft Resource Center
Charity Lacey
VP of Communications
O: 858-634-6390
C: 619-368-4373
clacey@idtheftcenter.org