NBC 7 Responds

It's Getting Harder to Protect Yourself After a Data Breach; Here's What to Do

Companies are not telling their customers what information was taken during the data breaches, according to Eva Velasquez, Director of the Identity Theft Resource Center (ITRC)

NBC Universal, Inc.

Companies are not explaining to customers what was taken in a data breach, reports NBC 7 and Telemundo 20’s Sergio Flores.

A new report from the Identity Theft Resource Center (ITRC) says it's harder now to protect yourself after a data breach compared to just two years ago. This comes as data breaches remain at a near-record high.

The 2022 Data Breach Report says there were 1,802 total compromises, just shy of the record set in 2021 at 1,862 compromises. At least 422 million people were affected by data compromises and the ITRC says this year's report shows a worrying trend.

"There's this lack of transparency," said Eva Velasquez, director of the ITRC. "[A lack] of critical information in these notices and it's tying our hands."

Velasquez says companies are not telling their customers what information was taken during the data breach. The report says in 2022, only 34% of notices included details of the breach and what was compromised, a significant drop from 2019's 72%.

"This is moving backwards, absolutely," said Velasquez.

The ITRC also says this secrecy puts other companies at risk, because they don't know the details of how other companies were attacked.

"The industry doesn't know the root cause of these attacks," said Velasquez. "They can't prepare their own systems and make sure they aren't vulnerable."

It also makes it harder for you to protect your information. If you don't know what was taken, you aren't prepared to protect yourself. Some people may overreact, but others may completely ignore the breach. The ITRC says it also means its estimate of 422 million people who had their data compromised is low.

"A super, super, super conservative estimate is that we're only capturing 50%, only capturing half," said Velasquez. "I mean that as a very conservative estimate."

So why does the ITRC think companies are hiding what happened?

"The incentive isn't there," said Velasquez. "Businesses aren't required to provide that detailed granular information and they're hoping it reduces their liability."

For the breaches the ITRC was able to get details on, here's what information was stolen the most:

  1. Names - Compromised in 1,560 cases
  2. Full Social Security Numbers - Compromised in 1,143 cases
  3. Date of birth - Compromised in 633 cases
  4. Current home address - Compromised in 565 cases
  5. Drivers License/State ID number - Compromised in 499 cases

The question isn't if, but when will your data be stolen?

Here's what you can do to protect yourself against a data breach:

  1. Lock your credit. This can prevent people from opening accounts or taking out loans in your name, which can cost you big.
  2. Check your bank, credit card, and retirement accounts monthly. That way you can spot any fraudulent activity and report it quickly.
  3. Make sure you don't share too much personal information. If a company doesn't need to know your SSN or home address, don't share it.
  4. Find out what was taken. If you are notified of a data breach, but aren't told what information was compromised, contact the company and ask exactly what information was accessed.

The ITRC says there is some good news. People are becoming more aware of the dangers posed from data breaches, and advocacy groups are now calling for more transparency from a company when it notifies people of a data compromise.

Contact Us