AP

ID theft stings, but it’s hard to pin on specific data hacks

Aug 3, 2019, 8:38 AM
FILE - In this Tuesday, July 30, 2019, file photo, the logo for Capital One Financial appears above...
FILE - In this Tuesday, July 30, 2019, file photo, the logo for Capital One Financial appears above a trading post on the floor of the New York Stock Exchange. Data breaches through hacking attacks are common these days, and personal details about you can lead to identity theft, such as credit cards and loans in your name. Yet few victims can ever pin the blame on any specific breach, whether that’s Equifax from 2017 or the recently disclosed breach at Capital One. (AP Photo/Richard Drew, File)
(AP Photo/Richard Drew, File)

NEW YORK (AP) — Data breaches through hacking attacks are distressingly common these days, and personal details about you can lead to identity theft, such as credit cards and loans in your name. But it’s hard to pin the blame on any specific hack, as the most sophisticated criminals combine data from multiple attacks to better impersonate you.

“That’s why fraud can be emotionally challenging,” said Kyle Marchini, a specialist in fraud management at the financial research group Javelin. “It just comes out of the blue, and there’s no way to identify where it came from or what I could have done to prevent that.”

While the number of reported breaches decreased slightly last year to 1,244, according to the nonprofit Identity Theft Resource Center, the total number of records exposed more than doubled to 447 million. That suggests hackers are focusing on larger organizations with bigger payoffs. Last year’s figures include data on about 383 million Marriott guests in a breach that investigators suspect was tied to the Chinese government.

Criminal rings often buy datasets from multiple hacks to commit fraud. The idea is to collect enough information to get past ID verification and authentication checks that banks and other institutions employ. One database with your Social Security number might have your old address, but hackers can simply sub in your current one from a more recent database.

“We’re in this vicious cycle,” said Eva Velasquez, the ID theft center’s CEO. “We create and capture and use more and more data points about a specific individual in order to fight fraud and authenticate people. That, in turns, makes data more valuable to the thieves, so they are going to increase the efforts to get that data.”

Fraudulent card charges are relatively easy to reverse, and U.S. law limits credit card liability for consumers. But fraud involving new accounts is tougher to deal with.

Javelin estimates that the average victim spends 18 hours dealing with the fallout, including convincing collection agencies and credit-ratings agencies that the accounts weren’t really theirs. And victims wind up spending hundreds of dollars out of pocket. Javelin estimated that more than 3 million U.S. adults were victims of new account fraud last year, nearly triple the number in 2013.

Much of the increase can be attributed to the cumulative effect of data breaches and the types of information stolen.

While credit card numbers and passwords can be changed, birth dates and Social Security numbers typically stay with you for life. And U.S. passport numbers stick around for 10 years. Hackers in the 2017 breach of credit monitoring firm Equifax got some or all of that from 147 million people. Equifax agreed last week to pay at least $700 million to settle lawsuits.

Just a few days later, the bank Capital One disclosed a breach of personal information of 106 million Capital One credit card holders or applicants in the U.S. and Canada. The data included self-reported income, credit scores and account balances. Although Capital One said it doesn’t believe the information was used for fraud, the breach further increases worries about leaked data — in this case, the very types of information needed to submit credit card applications.

“Every breach increases the risk because different pieces of information come out,” said Deepak Patel, a vice president at the security firm PerimeterX.

Beyond financial applications, personal data can be useful for telemarketing and email phishing scams, as fraudsters try to trick you by claiming they already know you. And criminals armed with such data can impersonate you on calls with financial institutions to get money transferred or a mailing address changed.

You can take such precautions as freezing your credit, which stops thieves from opening new credit cards or loans in your name. Doing so is now free, though you’ll have to temporarily unfreeze your credit if you apply for a new credit card or loan.

You can also sign up for a credit monitoring service, which alerts you when someone is pinging your credit report, a precursor to opening a new account. There are also ID protection services that will scan the internet underground for signs your personal data is for sale. Some of these services are available for free to customers hit with data breaches, including the one at Equifax.

But Jason Wang, who founded TrueVault to help companies protect data, said there’s not a lot consumers can do once their data is in the wild. A better approach, he said, is to minimize what data is sitting on servers — something a California privacy law may do if it takes effect as planned on Jan. 1. Among other things, customers can seek information on what data companies have on them and request its deletion — although companies wouldn’t have to do anything unless they get such requests.

We want to hear from you.

Have a story idea or tip? Send it to the KSL NewsRadio team here.

Today’s Top Stories

AP

quit their jobs...
PAUL WISEMAN AP Economics Writer

US added a strong 517,000 jobs in January despite Fed hikes

The Fed is aiming to achieve a "soft landing" — a pullback in the economy that is enough to tame high inflation without triggering recession.
3 days ago
Thousands of fraudulent nursing diplomas  were dispersed in Florida. (Canva)...
Associated Press via Miami Herald

Fake nursing diploma scheme in Florida; 25 arrested

The defendants each face up to 20 years in prison.
4 days ago
Microsoft is cutting 10,000 workers, almost 5% of its workforce, in response to "macroeconomic cond...
MATT O'BRIEN, Associated Press

Job cuts in tech sector spread, Microsoft lays off 10,000

Microsoft said in a regulatory filing Wednesday that had just notified employees of the layoffs, some of which begin immediately.
19 days ago
exxon mobil sign pictured...
SETH BORENSTEIN and CATHY BUSSEWITZ Associated Press

Study: Exxon Mobil accurately predicted warming since 1970s

Exxon said its understanding of climate change evolved over the years and that critics are misunderstanding its earlier research.
25 days ago
FILE - Protesters, supporters of Brazil's former President Jair Bolsonaro, stand on the roof of the...
The Associated Press

Brazil and Jan. 6 in US: Parallel attacks, but not identical

RIO DE JANIERO, Brazil — Enraged protesters broke into government buildings that are the very symbol of their country’s democracy. Driven by conspiracy theories about their candidate’s loss in the last election, they smashed windows, sifted through the desks of lawmakers and trashed the highest offices in the land in a rampage that lasted hours […]
27 days ago
President Joe Biden pictured...
ZEKE MILLER AP White House Correspondent

DOJ reviewing potentially classified docs at Biden center

Special counsel to the president Richard Sauber said “a small number of documents with classified markings” were discovered at the offices of the Penn Biden Center.
28 days ago

Sponsored Articles

Banner with Cervical Cancer Awareness Realistic Ribbon...
Intermountain Health

Five Common Causes of Cervical Cancer – and What You Can Do to Lower Your Risk

January is National Cervical Cancer Awareness month and cancer experts at Intermountain Health are working to educate women about cervical cancer, the tests that can warn women about potential cancer, and the importance of vaccination.
Kid holding a cisco fish at winterfest...
Bear Lake Convention and Visitors Bureau

Get Ready for Fun at the 2023 Bear Lake Monster Winterfest

The Bear Lake Monster Winterfest is an annual weekend event jam-packed full of fun activities the whole family can enjoy. This year the event will be held from January 27-29 at the Utah Bear Lake State Park Marina and Sunrise Resort and Event Center in Garden City, Utah. 
happy friends with sparklers at christmas dinner...
Macey's

15 Easy Christmas Dinner Ideas

We’ve scoured the web for you and narrowed down a few of our favorite Christmas dinner ideas to make your planning easy. Choose from the dishes we’ve highlighted to plan your meal or start brainstorming your own meal plan a couple of weeks before to make sure you have time to shop and prepare.
Spicy Homemade Loaded Taters Tots...
Macey's

5 Game Day Snacks for the Whole Family (with recipes!)

Try these game day snacks to make watching football at home with your family feel like a special occasion. 
Happy joyful smiling casual satisfied woman learning and communicates in sign language online using...
Sorenson

The Best Tools for Deaf and Hard-of-Hearing Workplace Success

Here are some of the best resources to make your workplace work better for Deaf and hard-of-hearing employees.
Team supporters celebrating at a tailgate party...
Macey's

8 Delicious Tailgate Foods That Require Zero Prep Work

In a hurry? These 8 tailgate foods take zero prep work, so you can fuel up and get back to what matters most: getting hyped for your favorite
ID theft stings, but it’s hard to pin on specific data hacks