Protecting your identity means paying attention to the type of Personally Identifiable Information (PII) is involved in a data breach. Recognize how each piece of stolen information from a different breach fills in various puzzle pieces of your identity. It’s also critical to know which pieces are most important to protect, especially when 1 in 3 breach victims goes on to experience identity theft. When scammers get ahold of your identity, they may not use it immediately. Instead, they use it in the future, after you’ve let your guard down. This month, databases containing social media profile information and medical information has armed cybercriminals with the sensitive information they need to commit elaborate synthetic identity theft schemes.
Here are the recent data breaches that made headlines in August 2020:
Instagram, TikTok & Youtube
Researchers at Comparitech uncovered an unsecured database with 235 million Instagram, TikTok, and YouTube user profiles exposed online belonging to the defunct social media data broker, Deep Social. The scraped profile information in the data leak includes names, ages, genders, profile photos, account descriptions, statistics about follower engagement and demographic such as number of likes, followers, follower growth rate, engagement rate, audience demographic (gender, age and location), and whether the profile belongs to a business or has advertisements.
Freepik, a free image database, sent out a breach notification to 8.3 million users that their account login information was exposed through injected malware on their website. The malware collected emails of all users and hashed passwords of 3.77 million users.
A motion rehabilitation device manufacturer, Dynasplint Systems, experienced an encryption attack on its business devices that exposed the personal and medical information of 103,000 patients. The accessed information includes names, addresses, dates of birth, Social Security numbers, and medical information.
Utah Pathology Services
In an attempt to redirect funds from Utah Pathology Services, an unauthorized hacker gained access to an employee email account and the sensitive information of 112,000 medical patients. The accessed information includes patient names, gender, date of birth, mailing address, phone number, email address, health insurance information, internal record numbers, diagnostic information, and a small number of Social Security numbers.