Data Breaches Down 14% From Last Year's Record Number

The latest word from the Identity Theft Resource Center (ITRC) is that the reported data breach number is about 14% lower so far this year than last year's record number of breaches.  As of February 16, that there have been 124 data breaches reported, with nearly 3 million records exposed since the beginning of the year. 
This is certainly good and welcome news, but "the barn door has already been left open." Our personal information has been exposed multiple times over in recent years, most notably in the Equifax breach last year. Still, I'll take the good news; better than 14% higher.
Looking at the ITRC numbers just reported, the business sector continues to lead the breach count with 40% of the breaches (and 74% of the records exposed), but medical breaches have risen to nearly 1/3 of the breaches.  I'm very worried about the medical numbers, because so much critical data, including medical insurance data and medical conditions are stolen. This information is …

Staybridge Suites in Lexington, KY, Breached

Staybridge Suites in Lexington, KY, has announced a data breach that exposed some customer data, such as names and credit card data.  This brief article -- -- doesn't go into a lot of detail, but it sounds like some kind of credit card skimmer device.  If I find out any more on this, I will add a comment to this post.

New EU Privacy Laws May Help US Privacy

On May 25, 2018, the European Union is implementing some privacy laws that may help to improve the security of US businesses. The new laws require any US company doing business in the EU to comply. Some US companies are complying completely, while others are building two compliances, one for the EU and another for the US. Still, the effect is likely to improve privacy protection overall, as the EU laws seem to be being adopted worldwide. 

These laws include tightening up the breach notification window to 72 hours of being discovered, giving users the right to request to see the data being held and have their data removed, and require the companies to have a data protection officer who will not be part of the operations and responsible for the compliance to the privacy laws. 
I’m sure there will be kinks that need to be worked out, but on the surface this looks hopeful. It is going to be difficult to get similar laws passed in the US, because of the structure of federal and state laws,…

Equifax Breach Was Worse Than Originally Told

Last September, the credit bureau Equifax announced that their database of consumer information had been breached, exposing about 145 million records, including names, birthdays, Social Security numbers, and some drivers licenses. Most of this information doesn’t change, meaning that the data will stay valid for years, so the thieves can take their time selling off the information to the highest bidder. 
As bad as this was, Equifax has just announced that the breach was broader in scope than originally disclosed. While the number of stolen records has not changed, Equifax now reveals that the data points include tax identification numbers, email addresses, phone numbers, the expiration dates for credit cards, and issuing states for driver's licenses. (Tax Identification numbers, or TINs, are used by non-US residents to report income from earning accounts.)

This announcement reveals the extent of information held by the credit bureaus that, at least to me, seems unnecessary for them…

Company collected kids’ info without permission

Article says it best:
#idtheft #identitytheft

Is Credit Card Fraud The Same As Identity Theft?

As an identity theft risk management specialist, I speak to various groups about identity theft awareness and prevention. My biggest challenge is to get people to realize that true identity theft is much more than financial theft.  Always at some point in the Q&A time of the presentation, someone will mention that they have had their credit card stolen or that they have had bogus charges show up on their credit card statement.  Does that mean, they ask, that their identity has been stolen?

The accurate but not-very-helpful answer is "not necessarily".  Credit card fraud by itself is not defined as identity theft by the Federal Trade Commission (FTC).  It can be an indicator of identity theft, but more often than not, it is just a case where a criminal has obtained a credit card number through a data breach or pickpocketed the card, either physically or by using RFID technology. That may be as far as the theft goes.
Sometimes the issuing credit card company will spot a po…

Are You Tired Of Hearing About Data Breaches?

With every year setting new records for data breaches (nearly 1,600 last year alone), I'm wondering if the public is becoming fatigued and numb to the news of another breach. Even the massive Equifax breach, which compromised very personal and critically non-changing information of at least half of the adult population, I've found people not knowing about it and even more not understanding what it means.  That may change after people start filing their taxes, only to find that someone else has filed a false return ahead of them.

Studies from social media activity are being reported, showing that people who have been notified of a data breach that affects them are simply ignoring the notice. They aren't changing passwords or enrolling in protection services, just hoping nothing happens. If their credit cards are compromised, they are inconvenienced, but they get a new card and never check to see if anything else is amiss.  The winners are the thieves, because there is littl…

Tax Effect Of The Equifax Breach

Every year, tax experts and the IRS have cautioned us to file our tax returns early. Not only does it help to get any refunds back to us quicker, there has been a history in recent years of tax identity fraud — thieves filing returns in our names and getting our refunds. Basically, file before the bad guy files. Whoever gets there first gets the refund. 

While this has been true for several years, it is even more applicable this year, because of the Equifax breach last year. Remember that at least half of the adult population in the US have has very personal data stolen: names, dates of birth, addresses, Social Security Numbers — more than enough to create fake W-2’s and file false returns. 
If you have been following the Equifax breach in the news, you may have wondered why so few cases of fraud have shown up yet. Quite likely, this tax filing may be a key reason the thieves have been sitting on the data. 
Whether you use a tax prep service or do it yourself, get going as soon as you…

69 Breaches Already in 2018

The Identity Theft Resource Center says that there have been 69 data breaches reported as of 1/24/18.  This is a decrease of 9% from last year's 76 breaches at this point, but breaches in the business sector accounts for 48% of these 69.

Last year, by the way, was a huge record number of breaches -- 1,579 -- up nearly 45% over 2016's pace. Like this year, the business sector led the way with 55% of the reported breaches.  Hacking was the predominant cause of the breaches.

Here is the article from the ITRC:


Four DMV Clerks Guilty Of Identity Theft

A former Boston, Massachusetts, clerk at its Registry of Motor Vehicles was sentenced to one year in prison for creating a false drivers license.  Three other former clerks were also charged.

According to an article (, they were making the IDs for illegals in exchange for cash, using stolen data of US citizens.

I share this to show that our identities are not safe even from government agencies, as if you didn't know that already.