Orbitz Reveals Breach Of 880,000

Orbitz, a division of Expedia, has announced it was hacked last October, 2017, revealing credit card information of 880,000 customers, including names, birth dates, mailing and email addresses, dated between January and June, 2016.

The current Orbitz website was not hacked, according to the company.

One article on the breach:

166 Applebee’s Restaurants Hit With Payment Carr Breach

166 of the 167 Applebee’s restaurants have been hit with payment card malware that exposed card numbers, names, card verification numbers, and expiration dates.

Here is a breakdown of restaurants by state:

Alabama: 2Arizona: 23Florida: 4Illinois: 14Indiana: 21Kansas: 3Kentucky: 14Missouri: 2Mississippi: 1Nebraska: 11Ohio: 44Oklahoma: 6Pennsylvania: 1Texas: 15Wyoming: 5

More details, including restaurants by city within states, at this article:

Illegal Alien Used Stolen ID For 37 Years

Fox News has reported that a Mexican national assumed a false identity of a Texas resident 37 years ago. He was able to generate a false birth certificate, then got a California driver’s license, a Social Security number, and a passport.

With this created identity, he was able to receive over $361,000 in government benefits during those 37 years.  The identity thief Andres Avelino Anduaga, 66, is a repeat felon who used the false ID to go in and out of Mexico several times a week.

The real owner of the identity, who now lives in Florida, had no idea his identity was being misused. (This is very common, unless the thief does something to bring attention to the identity.)

More details are in the article here:

Woes Continue For Equifax. Another 2.4M Exposures.

Last week, Equifax announced that they have discovered an additional 2.4 million consumers were victimized by the breach last year, bringing the number to 147.9 million.  Equifax says this information includes partial driver's license data, but does not involve Social Security numbers, unlike the earlier announced exposures.

The interim CEO Paulino do Rego Barros Jr. Says this is not newly discovered stolen data, just a "sifting through the previously identified stolen data."

There are several articles about this announcement.  Here is one:

More Millennials Lost Money To Scams Than Seniors Last Year

Interesting fact: during last year's record number of data breaches, 40% of the complaints to the FTC about losing money to fraud were made by millennials, whereas only 18% of the complaints came from folks 70 years old and older.

An article in Market Watch also states that while this may be true, older folks seem to suffer the greatest financial loss, perhaps because they have a little more readily available money.  The infamous "senior scam", where a con artist poses as a grandchild needing financial help, may be the key scam tool. The article lists several top scams being used to separate people from their money.
Here is a link to the article: #idtheft

Should I Be Concerned About Criminal Identity Theft?

As I mentioned in a previous post, I've found that most people equate ID theft only with their finances -- their bank and credit accounts.  They don't see a need for paid protection services, relying instead on bank- or card- or insurance-provided free services.  Or they put fraud alerts on their credit report every three months. While useful, these free services rarely look beyond the finances or offer much in the way of restoration.  I advise people to get all of the reliable free coverage they can, but recognize their limitations, and understand that real identity theft is much more than their finances.

Take for example something called criminal identity theft.  This is where someone pretends to be someone else, hiding their own identity, when caught in the act of a crime, such as illicit drug dealing or breaking and entering.  Often this is pulled off by first obtaining driver's license info either through direct theft or through a breach and then modifying it with the…

Data Breaches Down 14% From Last Year's Record Number

The latest word from the Identity Theft Resource Center (ITRC) is that the reported data breach number is about 14% lower so far this year than last year's record number of breaches.  As of February 16, that there have been 124 data breaches reported, with nearly 3 million records exposed since the beginning of the year. 
This is certainly good and welcome news, but "the barn door has already been left open." Our personal information has been exposed multiple times over in recent years, most notably in the Equifax breach last year. Still, I'll take the good news; better than 14% higher.
Looking at the ITRC numbers just reported, the business sector continues to lead the breach count with 40% of the breaches (and 74% of the records exposed), but medical breaches have risen to nearly 1/3 of the breaches.  I'm very worried about the medical numbers, because so much critical data, including medical insurance data and medical conditions are stolen. This information is …

Staybridge Suites in Lexington, KY, Breached

Staybridge Suites in Lexington, KY, has announced a data breach that exposed some customer data, such as names and credit card data.  This brief article -- -- doesn't go into a lot of detail, but it sounds like some kind of credit card skimmer device.  If I find out any more on this, I will add a comment to this post.

New EU Privacy Laws May Help US Privacy

On May 25, 2018, the European Union is implementing some privacy laws that may help to improve the security of US businesses. The new laws require any US company doing business in the EU to comply. Some US companies are complying completely, while others are building two compliances, one for the EU and another for the US. Still, the effect is likely to improve privacy protection overall, as the EU laws seem to be being adopted worldwide. 

These laws include tightening up the breach notification window to 72 hours of being discovered, giving users the right to request to see the data being held and have their data removed, and require the companies to have a data protection officer who will not be part of the operations and responsible for the compliance to the privacy laws. 
I’m sure there will be kinks that need to be worked out, but on the surface this looks hopeful. It is going to be difficult to get similar laws passed in the US, because of the structure of federal and state laws,…

Equifax Breach Was Worse Than Originally Told

Last September, the credit bureau Equifax announced that their database of consumer information had been breached, exposing about 145 million records, including names, birthdays, Social Security numbers, and some drivers licenses. Most of this information doesn’t change, meaning that the data will stay valid for years, so the thieves can take their time selling off the information to the highest bidder. 
As bad as this was, Equifax has just announced that the breach was broader in scope than originally disclosed. While the number of stolen records has not changed, Equifax now reveals that the data points include tax identification numbers, email addresses, phone numbers, the expiration dates for credit cards, and issuing states for driver's licenses. (Tax Identification numbers, or TINs, are used by non-US residents to report income from earning accounts.)

This announcement reveals the extent of information held by the credit bureaus that, at least to me, seems unnecessary for them…