Identity Theft Blog and Resources

Disney+, a new streaming TV and movie service provided by Disney, allows customers to view everything from classic movies to original, exclusive television shows. Although the streaming service has only been active since November 12, 2019, customers have already complained about technical issues with their Disney+ accounts. Many customers were not able to access their Disney+ accounts and, therefore, were not able to use the company’s streaming services. And it turns out, these Disney+ technical issues may be correlated to a customer hacking situation. What happened Many Disney+ users claimed that hackers logged them out of their devices and changed their email and password information associated with their Disney+ accounts, according to CNBC. And, as stated on a Global News article, “thousands of Disney+ accounts have been hacked and are being sold online on the dark web, according to a report published on Monday.” According to a ZDNet, the accounts that were stolen “were put up for sale on hacking forums within hours after the service's launch.” ZDNet also found that the accounts put up for sale on the dark web were priced between $3 and $11 per account. Although Disney+ user accounts are being affected by hacker efforts, it doesn’t seem that the streaming service, itself, was breached. According to Global News, a Disney spokesperson recently provided a statement saying that “Disney takes the privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+.” What you can do Disney+ isn’t the only streaming service that has faced this type of hacking situation. In fact, other streaming services like Netflix, Amazon Prime, and Hulu all continue to struggle with similar threats. These popular streaming services have made an effort to protect customers against hacker-related threats; however, there is still a long way to go in terms of protection. According to a recent BBC article, Disney+ “does not have two-factor authentication.” And users may quickly realize that this lack of multi-factor authentication definitely puts them and their information more at-risk. Since there is a lack of preventative measures on the company side of things, the one thing you can do to make sure your account is safe for any streaming service is to use a unique password. Although creating and using a unique password for every online account you have may sound exhausting, it’s an incredibly important step in protecting your account and your personal information. The bottom line It can be difficult to know how to protect yourself when using popular streaming services like Disney+; however, the more active you are in taking control of your personal security, the less likely you’ll be to fall victim to common hacking situations. If you are struggling to find ways to enhance your streaming service account security, here are five basic tips you can follow: Avoid sharing your password and writing it down Change your passwords up at least once per year Use a secure password management service to stay organized Follow these steps to create unique, secure passwords Immediately report any suspicious account activity Along with following the tips listed above, it’s important that you stay up-to-date on the latest data breach and hacking trends. After all, knowing what is happening in the news today can help you protect yourself tomorrow.

Capital One announced on Monday, July 30, 2019, that it experienced a major data breach which compromised the personal information of more than 100 million customers in the United States and 6 million customers in Canada. This data breach was discovered by the bank on July 19, 2019; however, the data breach appeared to take place in March 2019. What you need to know According to an updated CNBC article, the Capital One data breach that occurred in March 2019 “involved the theft of more than 100 million customer records,140,000 social security numbers, and 80,000 linked bank details of Capital One customers.” Capital One provided a news release which stated that “no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised.” Authorities have arrested a 33-year-old Seattle woman suspected of being the individual responsible for the Capital One breach. According to a USA Today article, the woman is Paige A. Thompson, “a former software engineer.” Thompson is also a former employee of “an unidentified cloud computing company that provided data services to Capital One,” according to The Washington Post. Capital One CEO and Chairman, Richard D. Fairbank provided an apology to the public via the bank’s news release. He is quoted in the news release saying “while I am grateful the perpetrator has been caught, I am deeply sorry for what has happened.” He continues by saying “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.” The bank has announced in its news release that it will be notifying affected consumers “through a variety of channels.” In regards to providing further protection, Capital One will provide free identity protection and credit monitoring services to all affected consumers. How you can protect yourself Although there is no guaranteed way to prevent a massive data breach like this Capital One breach or the 2017 Equifax breach from affecting you, here are a few protective steps you can take to increase your chances of staying secure: Freeze your credit Freezing your credit is often a solid first response to a security breach. A credit freeze, otherwise known as a security freeze, will restrict all access to your credit reports which can help protect your credit from those who may have enough information to try to open a line of credit in your name. To freeze your credit, you can either call the phone numbers for each of the three major credit bureaus (Equifax, Experian, TransUnion) or you can visit their individual websites and apply for a freeze online. Obtain credit monitoring services If you find that you have been affected by the Capital One data breach, you will be able to receive free credit monitoring services from the bank. It’s important that you use these services to keep a close eye on your credit reports. By monitoring your credit, you’ll hopefully be able to see if and when someone tries to do anything with your compromised credit information. If you do not receive free credit monitoring services from Capital One, you should still consider obtaining credit monitoring services on your own accord. Click here to see our list of top credit monitoring companies. Change your passwords It’s important that you regularly change your passwords, especially if you suspect that you have fallen victim to a large data breach. You should consider changing your passwords for all financial accounts, shopping websites/accounts, social media accounts, etc. Although changing your passwords is not guaranteed to prevent thieves from obtaining sensitive information and personal data, it can help make it more difficult for thieves to access your information. View this article to learn more about strong password creation. Get identity protection services Identity protection services can help you in more ways than one, especially as massive data breaches continue to occur. Many identity protection services offer up to $1 million in identity theft insurance, recovery services, several around-the-clock monitoring services, and more. Those who have identity protection services may have a better chance of catching suspicious or fraudulent activity before any major damage takes place. If you do not receive free identity protection services from Capital One, you should consider looking into getting identity protection services yourself. Click here to see our list of top identity theft protection companies. The bottom line Millions of people have been affected by data breaches over the past few years. As technology continues to advance, the threat of cybercrime also advances. Data thieves are starting to find new ways of stealing sensitive, data and information like social security numbers, credit information, passwords, address and email information, and much more. By following the protective steps mentioned above, researching ways to keep your information and personal data secure, and keeping up with data breach news, you will be able to lower your chances of being the next victim of a cybercrime or security breach.

Newegg, a computer hardware and electronics retailer, has been the victim of a mass data breach. Security firms RiskIQ and Volexity conducted an investigation regarding the breach and released their reports and findings on Sept. 19, 2018. According to the security firms, the Newegg data breach was most likely performed by Magecart group, the same group that conducted the Ticketmaster data breach and possibly the same group that was behind the recent British Airways security hack. Security research shows that Newegg was breached from Aug. 14 to Sept. 18 of 2018. During the time that the breach took place, hackers had "injected 15 lines of card skimming code on the online retailer's payments page," according to TechCrunch. Newegg has a significantly large customer base with over 50 million monthly site visitors. Due to its mass customer base and business value, it's no wonder why the company was targeted by cybercriminals. Unfortunately, customers who have provided credit card information to the company in the past are now at risk. It is currently unknown as to how much information the hackers were able to obtain or how much customer credit card information has been stolen. According to The Verge, Newegg CEO Danny Lee sent out an email to all Newegg customers explaining the company's data breach, as well as how the company is investigating what happened and working on recovery solutions. The email stated that Newegg will be alerting customers who have been affected by the breach in coming days. It also noted that the company will publish an official FAQ regarding the data breach on Friday, Sept. 21, and will make sure all customers receive a link to that FAQ. Customers who have provided credit card information to the company are being encouraged to contact their banks and be on the lookout for more company information. Although falling victim to a data breach can sometimes be out of your control, it's important to do all you can to focus on your personal security to best avoid becoming a target of identity theft or another cybercrime. Consider looking into professional identity theft protection services, obtaining antivirus and other protective software for your personal devices, and doing your own research to determine what security practices you should be focusing on.

On September 8th, 2014, Home Depot announced that its customers' debit and credit card information had been compromised during a data breach. Customers who had used the self-checkout systems from April through August of that year were victims of this breach. In the announcement, Home Depot apologized for the breach, offered identity theft and credit monitoring services to affected customers, and promised that their Incident Response Team was doing its best to limit the damage of the breach. Approximately 56 million credit and debit card information was stolen along with 53 million email addresses. At the time, Home Depot's data breach was the largest with the most known data stolen. It would later be found that Yahoo!'s 2013 data breach was even larger, affecting more than 1 billion accounts. The Cost Recently, it was estimated that the total expenses of this data breach has cost Home Depot $263 million and expenses are still piling up in settlements from individuals and card issuers: extra customer service legal costs credit monitoring identity theft protection investigation expenses settlements fines card re-issuances How It Happened Much like the Target data breach, Home Depot's data breach occurred through the point of sale (POS) systems. According to an in-depth case study, the hackers were able to steal a third-party vendor's credentials and used this as a way to enter the system. The hackers were then able to use the zero-day vulnerability in Windows to pivot directly into the Home Depot corporate network. Once inside the network, the hackers were able to install a custom memory scraping malware. Memory scraping malware is able to scan the POS systems to collect all sensitive data that is entered in. For example, when you swipe your payment card, the malware will collect all of your card information to later be gathered by the hackers. This malware was installed on over 7,500 self-checkout POS terminals, evading antivirus software and remaining undetected for months. The gathered credit and debit card information was sold, and the emails gathered were used in phishing campaigns. How It Was Discovered The Home Depot data breach was not discovered by the company itself, but through multiple banks that found tens of thousands of their customers' cards had shown up for sale on an underground cybercrime shop. It is believed that the same group of Russian and Ukrainian hackers who were responsible for the Target data breach are also responsible for Home Depot's data breach. According to Krebs, this data breach wasn't just about the money and recognition, but also out of retribution: "In what can only be interpreted as intended retribution for U.S. and European sanctions against Russia for its aggressive actions in Ukraine, this crime shop has named its newest batch of cards “American Sanctions.” Stolen cards issued by European banks that were used in compromised US store locations are being sold under a new batch of cards labeled 'European Sanctions.'" After the banks discovered the cards being sold on the cybercrime shop, they researched and found that all of the cards had recently been used at a Home Depot. The banks notified Home Depot of the possible data breach. Home Depot immediately began a full investigation on September 2, 2014. What Good Came from the Home Depot Data Breach A story about a massive corporate data breach doesn't have an obvious silver lining; however, the Home Depot data breach acted as a wakeup call to individuals and companies across the country. Companies started taking great strides in providing better cybersecurity for their customers' information. Chip-in-card readers have started to become standard in most major stores as well as other alternative payment methods, like Apple Pay. Individuals have also started taking extra precautions with their personal information by enrolling in identity theft protection programs. If you are one of the millions who have been affected by a data breach, or if you want to protect yourself, check out our top-rated identity theft protection companies. In our next article, we will discuss how chip-in-cards work and other alternative payments and why you should use them.

Data breaches continue to occur more frequently as time goes on; both corporations and individuals are currently at risk. Although many organizations and individuals claim that their security measures are advanced enough to eliminate the chance of falling victim to cyber crime, in reality, there isn’t a 100 percent possibility of avoidance. Equifax, one of the top three leading credit reporting agencies, announced on September 7, 2017, that it experienced a serious data breach which may have affected 143 million people in the United States. The company also announced that 209,000 consumer credit card numbers were stolen, along with 182,000 credit dispute documents that contained private information. Other data, such as birth dates, names, addresses, and driver’s license numbers were also put at great risk during the breach. Equifax claimed to have discovered the breach on July 29, 2017. Executives decided to sell company shares worth almost $2 million after they discovered the hack and before the breach was announced to the public. Although the executives have stated that they “had no knowledge that an intrusion had occurred” when they sold these shares, their actions have made many wary of the company and has led to a decrease in Equifax stock trading. In order to start recovery efforts, Equifax notified law enforcement of the hack and stated that it will be mailing notices to those who were affected. The company also created a website where consumers can find out if they were victims of the breach. The website requires consumers to enter in their last name and the last six digits of their social security number for identification purposes, which has sparked some worry because companies typically only ask for the last four digits of a social security number. In an effort to make amends, Equifax has offered one year of free identity theft and credit monitoring services to U.S. consumers as a result of the data breach announcement. However, as a top credit reporting firm that stores a significant amount of sensitive information, Equifax is and will continue to be a huge target. Rather than signing up for free services from Equifax, consumers may be better of taking security action into their own hands. BestCompany.com and other online resources are available to aid consumers in finding reliable identity theft companies to combat the increasing threat of identity theft. Keep yourself and your family safe and check out top-rated identity theft protection companies here.

Restaurant chain Wendy's has announced that over 1,000 of its U.S. locations have been hit by a massive cyber attack, compromising credit and debit card data of Wendy's customers. While suspicious activity had been reported as early as the Fall of 2015, officials did not anticipate the hack to have such a widespread impact. They are currently unaware of how many individuals have been affected, though the potentially compromised locations have been identified (click the image below to expand). According to investigators, the source of the breach came in the form of malware that was installed on the point-of-sales systems at select Wendy's locations. Wendy's representatives attribute the malware to a non-disclosed third-party "service provider," but they are not explaining reasons why this third party had remote access to the company's tills. In the meantime, Wendy's has issued a statement apologizing to customers for compromising their data, as well as providing information on how they gain access to free fraud consultation and one year of free identity restoration services through Kroll (ID Shield). Despite the apparent mistakes that led up to one of the largest data hacks of 2016, Wendy's has done well to partner with ID Shield, which holds one of the top spots on BestCompany.com. If you feel your data has been compromised in Wendy's data hack, refer to Wendy's official statement for further instructions. To learn more about what ID Shield can do for you, check out the company review here.

Utah-based essential oils distributor dōTERRA International announced last week in a letter that one of its third-party data hosting servers has been hacked, compromising the personal data and information of customers and wholesale distributors alike. Company representatives believe the intrusion occurred in March 2016, potentially compromising the following private data: Names Social Security numbers Other government-issued identification numbers Payment card information Full or partial card numbers Security codes Expiration dates Dates of birth Postal and email addresses Telephone numbers Usernames and passwords for dōTERRA's online portal The company has not yet identified the exact number of people affected by the data breach, but experts have confirmed that those who were affected primarily reside in the United States and Canada. Customers and distributors who have not received a notice of breach from dōTERRA were not affected by the breach. DōTERRA's Solution While dōTERRA has issued a notice of data breach to each customer and distributor who has potentially been affected by the breach, there is no evidence that the data has been misused in any way. In addition to law enforcement, the State of California Attorney General's office, and the Federal Bureau of Investigation, dōTERRA has teamed up with identity security company AllClear ID to provide up to 24 months of free identity protection services and credit monitoring to its affected clientele. About AllClear ID The letter identifies identity theft protection company AllClear ID as dōTERRA's solution for potential misuse of customer and distributor information. Although AllClear ID is not a top-rated identity theft protection company in terms of comprehensive protection services, the company does rank well among companies with a restoration-focused platform. The company provides lost wallet protection, three-bureau credit monitoring, as well as fraud detection. However, in the event that their data is misused as a direct result of this data breach, dōTERRA customers and associates should expect a lengthy recovery process when working with AllClear ID. Current and former AllClear ID customers have reported to BestCompany.com that the company can be difficult to work with over the phone and via email. For a closer look at how AllClear ID ranks in the industry, click here.