Cyber scammers have found a new way to exploit data breaches in the United States. With the increasing frequency of data breaches, it has become common for individuals to receive notification letters informing them that their personal information has been compromised. However, scammers are now taking advantage of this situation by disseminating their own fraudulent breach letters, hoping to trick recipients into providing their private information.
One victim shared her experience of receiving a notice from a company called Reventics, claiming that she and her family had been impacted in a breach. The company went on to explain that their personal information was out there on the dark web and asked them to share all their information and create profiles. At first, the victim was skeptical, thinking it might be another scam. While Reventics did indeed suffer a breach earlier this year, experts advise confirming the validity of a breach before sharing any personal information.
Adah Rodriguez from the Better Business Bureau of Southern Colorado warns about this growing trend of scammers capitalizing on data breaches. She explains that scammers have obtained information about these large breaches and are using it to their advantage. They send out mailers to thousands of consumers, even those who don’t use the affected company, claiming that their information has been compromised. These mailers include phone numbers, links, or websites, all designed to trick individuals into providing their personal information.
In another incident, Washington State University (WSU) disclosed that staff and student data were exposed in data breaches involving several third-party vendors. WSU relies on a vendor called National Student Clearinghouse (NSC) for enrollment and degree verification services, as well as student loan management. To complete their work, NSC needs to share personally identifiable information of current and prospective students with WSU. It is still uncertain whether these breaches are connected to the mass-hack of the MOVEit file transfer application, as TIAA, another vendor affiliated with WSU, confirmed previously that their systems were impacted in that attack.
Furthermore, Senate Democrats are urging the US Department of Justice to investigate the illegal sharing of taxpayers’ sensitive personal and financial information by online tax preparation companies. After a months-long probe, these officials, including Senators Elizabeth Warren, Ron Wyden, Richard Blumenthal, Tammy Duckworth, Bernie Sanders, and Sheldon Whitehouse, have submitted a letter to several regulatory bodies detailing their findings. The investigation revealed that tax prep companies shared the tax return data of millions of taxpayers with tech firms like Meta and Google.
The letter states the officials’ concerns about the breach of taxpayer privacy and the potential violation of taxpayer privacy laws. These companies claim that the shared data is anonymized, but experts warn that it could still be aggregated to create profiles on individuals for purposes like targeted advertising. H&R Block, one of the tax companies implicated in this investigation, emphasized its commitment to protecting client privacy and stated that measures have been taken to prevent data sharing. Google, when asked for comment, highlighted its strict policies and technical features aimed at prohibiting the collection of data that could identify an individual.
As these incidents demonstrate, cybercriminals are finding new ways to exploit data breaches, and individuals need to be cautious about sharing their personal information. It is essential to verify the validity of breach notifications and exercise caution when interacting with third-party vendors or sharing sensitive data. Regulatory bodies and law enforcement agencies must also respond promptly to investigate and prosecute any companies or individuals found to be in violation of privacy laws. Only by holding these parties accountable can we hope to protect individuals and their sensitive information in an increasingly interconnected world.