The breaches compromise personal information like Social Security numbers, logins and passwords, credit card numbers, consumer information, and in some cases also expose company data to the cyber intruders.
If those passwords are used to wrest administrative control of a company’s computer network, the thieves have the “keys to the kingdom,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center.
“The exposure of usernames and passwords is particularly harmful because of the gateway it opens up,” she said. “Why go to the trouble of infiltrating a system and going past all of their security protocols when through things like phishing emails I can just get your username and password and log right in and walk right in the front door? The thieves, they are a crafty lot, but they also like easy.”
The center’s data includes breaches, where information was removed or misused, and data exposures, where information was unsecured but there was no evidence of it being removed or misused.
The center is nonprofit and tracks publicly reported incidents of compromised personal information and consumer data in the U.S. The group’s Help Center offers online assistance for people with questions about identity theft, email phishing, scams, data breaches and other cybercrime issues.
Here are links to the full Dayton Daily News series on cybersecurity:
Companies skimp on cybersecurity defense at their own peril
Cybercriminals want your data and ransom money
Cybercriminals make eye-popping ransom demands
Thieves stealing passwords can get ‘keys to the kingdom’
More than a billion people impacted in top U.S. data breaches and leaks in 2021