In the digital age, consumers have grown accustomed to doing everything from shopping to banking to dating online. But that’s also left them vulnerable to misuse of their personal data. From hackings to data breaches to unwanted tracking by marketers, there’s a lot to be worried about. That’s why it’s crucial to take steps to protect your personal data — and to know how to respond if your information is compromised.
Your personal data is a valuable asset — and thanks to technology, it’s also vulnerable to exploitation. Anyone can fall prey to data breaches, phishing tricks, online shopping scams and other types of cyberattacks.
Practices such as data mining that gather large amounts of personal, financial or medical information in one place can create attractive targets for hackers.
The financial costs of fraud and identity theft are enormous. Some 17 million identity theft victims lost an estimated $17 billion in 2017, according to the research firm Javelin — and the damage can be life-altering. Identity thieves can destroy your credit, and collection agencies may hound you. It can even put your home and job at risk.
That’s why it’s so important to take steps to safeguard your personal information by:
- Creating strong passwords
- Not using unsecured wi-fi networks
- Using two-factor authentication
- Only using secure browsers
- Limiting the information you share on social media
- Monitoring your credit card and bank accounts frequently
- Regularly checking your credit reports
If you are victimized, it’s vital to report the scam and take steps to minimize the damage.
In the first half of 2018, more than 900 data breaches led to the compromise of 3.3 billion data records worldwide, according to the digital security firm Gemalto. That’s a 72 percent increase over the number of records that were lost, stolen or compromised in 2017.
A data breach is a security incident in which sensitive personal information — such as your social security number, credit card account information or medical information — is accessed without authorization. Hackers often take the stolen information and sell it on the dark web, an untraceable part of the internet where crime thrives.
A single credit card number can be purchased for about $7 on the dark web, according to global cybersecurity firm Secureworks. The going rate for a full bundle of your personal information — known as a “fullz” in cybercriminal lingo — is as little as $15 to $65.
With these details, attackers can apply for lines of credit in their victims’ names, hack their personal devices, file fraudulent tax returns and commit other types of fraud.
- This massive hacking of one of the three largest credit bureaus exposed the personal information of nearly 148 million consumers. Exposed data included consumers’ names, social security numbers, birth dates, addresses and, in some cases, driver’s license info. The breach also exposed credit card numbers of 209,000 people.
- A 2013 cyberattack on the retail giant exposed the credit card account information of 41 million customers and contact information for 60 million customers. Target agreed to pay a $10 million settlement of a class action suit related to the breach. The retailer paid a separate $18.5 million settlement to dozens of states probing the matter.
- In 2017, Yahoo’s parent company, Verizon, announced that 3 billion user accounts were compromised in 2013. The fraudsters stole users’ names, birth dates, passwords and phone numbers but did not access credit card or bank information. Another 500 million user accounts were affected by hackers in 2014.
If you’ve received notice that your information was exposed in a data breach, the Federal Trade Commission’s website will guide you through important steps you can take to protect yourself from identity theft. It also provides information specific to the Equifax data breach and breaches involving MyFitnessPal and Lord & Taylor, Saks Fifth Avenue and Sakes OFF 5th.
Unfortunately, data breaches often lead to identity theft and fraud. When this happens, someone else may use your name, social security number and other personal information to open accounts, make purchases or even file an income tax return.
Criminals can also steal your personal information through other nefarious methods including:
- Phishing scams
- Phishers send deceptive emails that may appear to be legitimate and entice you to hand over sensitive information or click on a link that will take you to a fake website.
- Hackers use malicious software designed to steal data, delete documents or cause other harm to a computer system.
- Skimmer devices
- Using handheld devices called skimmers, thieves can copy credit card information and make, sell and use duplicate cards.
- Shoulder surfing
- Crooks can a learn a lot about you — including your passwords, PINs and account numbers — simply by peering over your shoulder or eavesdropping on your phone conversations. You’re not just at risk in the checkout line or at the ATM counter. Any time you enter a password on your smartphone or tablet, a fraudster could be spying on your keystrokes.
- Dumpster diving and mail theft
- These low-tech techniques can still yield a wealth of information about you. Credit card bills, pre-approved credit card offers and bank statements can be “spun into gold” by crafty criminals.
Credit card fraud is the most prevalent form of identity theft, according to FTC data. The agency received more than 133,000 reports from people who said someone else had used their information to charge purchases or open a new credit card account. Employment and tax-related fraud is the second most reported type of identity theft.
And the damage can take considerable time to uncover and repair. Many consumers don’t realize or discover the fraud for weeks or months. It can take six months on average and 100 to 200 hours of personal time to undo the damage caused by identity theft, according to a report in The Economist magazine.
Federal Trade Commission’s Red Flags of Identity Theft:
- Unexplained withdrawals from your bank account
- Unfamiliar accounts on your credit report
- Calls from debt collectors about debts that aren’t yours
- Missing bills or mail
- Data breach notifications
- Merchants reject your checks
- Notification from the IRS that more than one tax return was filed in your name
If you’ve been affected by identity theft and don’t know where to turn, the FTC’s IdentityTheft.gov can help. The site will walk you through the steps of reporting the crime and developing a recovery plan. It even provides sample letters to send to creditors and banks to help get charges reversed.
Scams and Fraud
Consumers reported losing $905 million to fraud in 2017 — with an average loss of $429 — according to the FTC. In over two-thirds of these cases, the scammers contacted consumers via telephone.
Topping the list of fraudulent schemes are so-called imposter scams, in which fraudsters pretend to be someone you know or trust and convince you to wire them money.
While there are an endless variety of imposter scams, many of the common ones go something like this:
- “This is the IRS…”
- A caller claiming to be from the IRS says you owe back taxes and that you’ll be arrested if you don’t cough up some cash.
- “I’m calling from Windows technical department…”
- The caller claims to be a computer technician and wants remote access to your computer to “fix” or install something.
- “Grandma, I’m in trouble…”
- A beloved grandchild calls you crying and begs you to wire them money.
- “Congratulations, you’ve won…”
- The caller says you’ve just won a sweepstakes, lottery or other “free” gift, but you have to pay money in order to collect your prize.
Other commonly reported scams and fraud, according to the FTC, involve: shop-at-home and catalog sales ($94 million in reported fraud in 2017); travel, vacation and timeshares ($38 million); foreign money offers and counterfeit check scams ($34 million); telephone and mobile services ($17 million); and advanced payments for credit services ($15 million).
If you’ve been ripped off, you can file a complaint online with the FTC. According to the agency, these complaints help investigators detect patterns of fraud and abuse.
You can also report international scams online at econsumer.gov, a partnership of nearly three dozen consumer protection agencies around the globe known as the International Consumer Protection and Enforcement Network.
Personal Health Information
It’s not just your money that cybercriminals are after. Medical identity theft is a growing problem. According to the FTC, criminals can use your identity to get prescription drugs and file claims with your health insurance provider.
In 2018 alone, nearly 5.9 million Americans had their protected health information and other data exposed in 118 reported hacking or IT incidents, according to “Breach Portal” operated by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights.
That’s why it’s important to review your health insurance statements regularly and check your medical files for accuracy if you think you’ve been defrauded.
- Bills from medical providers you haven’t seen
- Insurance denials stating you’ve reached your benefits limit
- Calls from debt collectors about medical debts you don’t owe
- Denials of insurance coverage because of conditions you don’t have
Under the Health Insurance Portability and Accountability Act, or HIPAA, health care providers, insurance companies and their business associates must notify HHS and consumers when breaches affecting at least 500 people occur. Notifications must be made within two months of the discovery of the breach.
If you think you might be a victim of medical identity theft, the FTC provides online resources to help you detect the fraud and correct mistakes in your medical records.
33 Cited Research Articles
Consumernotice.org adheres to the highest ethical standards for content production and references only credible sources of information, including government reports, interviews with experts, highly regarded nonprofit organizations, peer-reviewed journals, court records and academic organizations. You can learn more about our dedication to relevance, accuracy and transparency by reading our editorial policy.
- Accenture. (2018). Unmask Digital Fraud. Today. Boosting Customers’ and Companies’ Defense Against Digital Fraud. Retrieved from https://www.accenture.com/t20180605T061205Z__w__/us-en/_acnmedia/PDF-79/Accenture-Unmask-Digital-Fraud-Today.pdf
- Econsumer.gov. (n.d.). Report international scams online! Retrieved from https://www.ftccomplaintassistant.gov/#crnt&panel1-1
- Equifax. (n.d.). 2017 Cybersecurity Incident & Important Consumer Information. Retrieved from https://www.equifaxsecurity2017.com/frequently-asked-questions/
- Fair, L. (2018, March 1). FTC recaps consumer complaint data for 2017: Who’s on the list? Retrieved from https://www.ftc.gov/news-events/blogs/business-blog/2018/03/ftc-recaps-consumer-complaint-data-2017-whos-list
- Federal Trade Commission. (2017). Consumer Sentinel Network Data Book 2017: Executive Summary. Retrieved from https://www.ftc.gov/policy/reports/policy-reports/commission-staff-reports/consumer-sentinel-network-data-book-2017/executive-summary
- Federal Trade Commission. (2017). Consumer Sentinel Network Data Book 2017: Report Type, Top 10 Fraud Categories, Identity Theft Types, Other Categories. Retrieved from https://www.ftc.gov/policy/reports/policy-reports/commission-staff-reports/consumer-sentinel-network-data-book-2017/top-ten-fraud-categories-id-other
- Federal Trade Commission. (n.d.). FTC Complaint Assistant. Retrieved from https://www.ftccomplaintassistant.gov/#crnt&panel1-1
- Federal Trade Commission. (2017, September 29). FTC Announces Workshop on Informational Injury. Retrieved from https://www.ftc.gov/news-events/press-releases/2017/09/ftc-announces-workshop-informational-injury
- Federal Trade Commission. (n.d.). Consumer Information: Imposter Scams…Pass it On. Retrieved from https://www.consumer.ftc.gov/features/feature-0035-pass-it-imposter-scams#imposter-scams
- Federal Trade Commission. (2018, March 1). FTC Releases Annual Summary of Complaints Reported by Consumers. Retrieved from https://www.ftc.gov/news-events/press-releases/2018/03/ftc-releases-annual-summary-complaints-reported-consumers
- Federal Trade Commission. (2018, September). What To Know About Medical Identity Theft. Retrieved from https://www.consumer.ftc.gov/articles/what-know-about-medical-identity-theft
- Federal Trade Commission. (n.d.). Medical ID Theft: Health Information for Older People. Retrieved from https://www.consumer.ftc.gov/articles/0326-medical-id-theft-health-information-older-people
- Federal Trade Commission. (n.d.). Protecting Consumer Privacy and Security. Retrieved from https://www.ftc.gov/news-events/media-resources/protecting-consumer-privacy-security
- Federal Trade Commission (2018, October 18). PROTECING Older Consumers — 2017-2018 — A Report of the Federal Trade Commission. Retrieved from https://www.ftc.gov/system/files/documents/reports/protecting-older-consumers-2017-2018-report-congress-federal-trade-commission/protecting_older_consumers_-_ftc_report_10-18-18.pdf
- Federal Trade Commission. (2018, March 1). The top frauds of 2017. Retrieved from https://www.consumer.ftc.gov/blog/2018/03/top-frauds-2017
- Federal Trade Commission. (n.d.). When Information is Lost of Exposed. Retrieved from https://www.identitytheft.gov/#/Info-Lost-or-Stolen
- Gemalto. (2018, October 23). Data Breaches Compromised 3.3 Billion Records in First Half of 2018. Retrieved from https://www.thalesgroup.com/en/markets/digital-identity-and-security/press-release/data-breaches-compromised-3-3-billion-records-in-first-half-of-2018
- Gemalto. (n.d.). 2017: The Year of Internal Threats and Accidental Data Breaches. Retrieved from https://library.cyentia.com/report/report_003418.html
- Hurtado, P. (2017, May 23). Target Agrees to Pay $18.5 Million to End Data-Breach Probes. Retrieved from https://www.mysanantonio.com/business/article/Target-agrees-to-pay-18-5-million-to-end-11167387.php
- Javelin. (2018, February 6). Identity Fraud Hits All Time High With 16.7 Million U.S. Victims in 2017, According to New Javelin Strategy & Research Study. Retrieved from https://www.javelinstrategy.com/press-release/identity-fraud-hits-all-time-high-167-million-us-victims-2017-according-new-javelin
- LifeLock. How Common is Identity Theft? (Updated 2018) The Latest Stats. Retrieved from https://www.lifelock.com/learn-identity-theft-resources-how-common-is-identity-theft.html
- Microsoft. (2018, November 7). Protect yourself from tech support scams. Retrieved from https://support.microsoft.com/en-us/help/4013405/windows-protect-from-tech-support-scams
- Mostowyk, L. (2018, November 19). Big data needs a big re-think: consumers are more anxious, but businesses can restore trust with greater transparency. Retrieved from https://home.kpmg/ro/en/home/media/press-releases/2018/12/big-data-consumatori-ingrijorati-incredere-transparenta.html
- National White Collar Crime Center. (n.d.). Criminal Use of Social Media (2011). Retrieved from https://www.nationalpublicsafetypartnership.org/clearinghouse/Content/ResourceDocuments/Criminal%20Use%20of%20Social%20Media.pdf
- Norton. Protecting your privacy on social media networks. Retrieved from https://us.norton.com/internetsecurity-privacy-protecting-privacy-social-media.html
- Rainie, L. (2018, March 27). Americans’ complicated feelings about social media in an era of privacy concerns. Retrieved from https://www.pewresearch.org/fact-tank/2018/03/27/americans-complicated-feelings-about-social-media-in-an-era-of-privacy-concerns/
- Ron Wyden U.S. Senate (2018, November 1). Wyden Releases Discussion Draft of Legislation to Provide real Protections for Americans’ Privacy. Retrieved from https://www.wyden.senate.gov/news/press-releases/wyden-releases-discussion-draft-of-legislation-to-provide-real-protections-for-americans-privacy
- Safe Computing University of Michigan. (n.d.). Social Media Privacy: Manage Your Social Media Accounts. Retrieved from https://www.safecomputing.umich.edu/be-aware/privacy/social-media-privacy
- SecureWorks. (2016, April). Underground Hacker Markets (ANNUAL REPORT — April 2006). Retrieved from https://cybersolace.co.uk/CySol/wp-content/uploads/2017/12/UndergroundHackerMarketplace.pdf
- Selyukh, A. Every Yahoo Account That Existed in Mid-2013 was Likely Hacked. Retrieved from https://www.npr.org/sections/thetwo-way/2017/10/03/555016024/every-yahoo-account-that-existed-in-mid-2013-was-likely-hacked
- The Economist. (2017, September 14). How to protect yourself against the theft of your identity. Retrieved from https://www.economist.com/finance-and-economics/2017/09/14/how-to-protect-yourself-against-the-theft-of-your-identity
- U.S. Department of Health and Human Services Office for Civil Rights. (n.d.). Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information. Retrieved from https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- Weisbaum, H. (n.d.). Who’s watching you online? FTC pushes ‘Do Not Track’ plan. Retrieved from http://www.nbcnews.com/id/42239031/ns/business-consumer_news/t/whos-watching-you-online-ftc-pushes-do-not-track-plan/