More Data Breaches Exposing Your Personal Identity Information
There were nearly 100 major data breaches last year and 50 so far this year in which hackers and other criminals are able to obtain your personal identity information. Despite the dozens of other ways that thieves can steal your data, these breaches are perhaps the biggest source of personal identity thefts. Then, this information is used is all kinds of other scams, which I’ll describe in another post.
I previously posted some of the major data breaches in 2021 between January and mid-April. Following are some of the biggest breaches since then until mid-September, according to an annual report by Eugene Bekker for Identity Force, part of Sontig, These breaches include:
· The April 10 leak of 1.3 million of Clubhouse users that were posted on a popular hacker forum as free for the taking. Among other things, the leak included user ID, name, photo URL, username, Twitter handle, Instagram handle, and number of followers and number of people following. So anyone could easily access this data, including criminals.
· The April 19 exposure of driver license number information on the GEICO auto insurance sales system. Although the company didn’t indicate the number of insured drivers affected, the breach probably affected millions of drivers around the U.S. and enabled the thieves to obtain the personal information on these cards, including the individual’s name, address, and date of birth.
· The April 25 leak of an unsecured Experian application programming interface, called an API, which an independent security researcher uncovered while researching student loan vendors online. In this case, the tool, which was used by Experian and many other lending sites, enabled anyone to easily access the private credit scores of tens of millions of individuals in the U.S. All anyone searching the data needed to do was provide the individual’s name, date of birth, and mailing address, and they had access to these scores.
· The June 15 leak of the personal information of 3.3 million customers of Volkswagen and Audi by a third-party marketing services supplier. As a result, the breach not only exposed the customers’ name, mailing address, email address, and phone numbers, but information about the vehicle they purchased, leased, or inquired about.
· The June 21 leak of over a billion search records of CVS Health customers in an unsecured database due to an accidental posting by a third-party vendor. Unfortunately, the database wasn’t password protected and included information on the IDs of visitors, including their medications, purchase of CVS products, and even if they got a COVID-19 vaccine.
· The June 20 exposure of the personal and shipping information of over 410,000 customers of Carter’s, a baby clothes retailer, by a third-party data breach by someone using the company’s online purchase software. The result was the leak of the customers’ names, email addresses, billing addresses, phone numbers, and information on what they purchased and how it was shipped.
· The August 4 exposure of the personal records of 126 million individuals in the database of the marketing company OneMoreLead. In this case, the leak included the individuals’ names, job titles, personal email addresses, work email addresses, IP addresses of home computers, home and work addresses, personal and work phone numbers, and the names of each individual’s employer, if any.
· The August 24 exposure of at least 38 million records by Microsoft Power Apps as a result of a misconfiguration in the app. In this case, the companies affected by the leak included American Airlines, Microsoft, J.B. Hunt, and the governments of Indiana, Maryland, and New York City. The information exposed included the individuals’ social security number, email address, and COVID-19 vaccination status.
· The September 14 exposure of over 61 million records of Apple and Fitbit users related to their use of fitness trackers and wearables, as a result of a breach of an unsecured database belonging to GetHealth, a health and wellness data app. In this case, the leaked database included the individuals’ names, display names, date of birth, weight, height, gender, and location.
* * * * * * * * * *
The author is internationally published author and film producer, Gini Graham Scott, PhD, who has published over 200 books, 50 for traditional publishers and 150 for her own company Changemakers Publishing, specializing in books on self-help, popular business, and social issues. She is the author of The Big Con: Scams Targeting Writers, the Victims, and How to Avoid Becoming a Victim, and she is working on a new book on different types of scams: I Was Scammed. Other recent books include: What Type of Dog Are You? and The New American Middle Ages, published by Waterside Productions. She has written and executive produced 14 feature films and documentaries, featured on the www.changemakersproductionsfilms.com website. She also writes books and scripts for clients. Her website for writing is at www.changemakerspublishingandwriting.com.
For more information or to set up an interview, contact:
Karen Andrews
Executive Assistant to Gini Graham Scott
Changemakers Publishing and Writing
Lafayette, CA 94549 . (925) 385–0608