Con Watch: The Data Breaches Continue

Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.

Verizon’s recent annual data breach investigations report appears to exemplifes my motto that “Things aren’t as bad as you think. They are far worse.” Regardless of how diligent you are in protecting your personal information such as your Social Security number, you are only as safe as the myriad companies, institutions, and government agencies with the worst and most vulnerable security practices that have your personal information. This year’s Verizon report confirmed 12,195 data breaches last year, which is an increase of 34 percent over the previous year. More than 1.35 billion people were affected by data breaches last year.

While companies have always been vulnerable to direct data breaches through hacks of their computer networks, the report highlighted the danger posed by supply chain attacks where the cybercriminal hacks into a third party that supplies software or services and uses their access to hack into the primary target company. The number of supply chain attacks doubled last year. An example of such a supply chain attack was the recent data breach at Hertz, where customer information was compromised through an attack on Cleo Communications, a company that provides file transfer services for Hertz.

More recently, Verisource Services, a major provider of HR outsourcing and employee benefits administration, announced it had suffered a data breach with personal information of approximately 4 million people compromised. This data breach was first discovered in February of 2024, and it took the company until April 17, 2025, to complete its digital forensic investigation, which indicated that the number of people affected by the data breach was much larger than had been originally thought. In May of 2024 Verisource notified 55,00 people that they had been affected; 112,000 additional victims were notified in September of 2024. But now Verisource is notifying up to 4 million people that their information, including their Social Security numbers, was compromised, putting them in serious danger of identity theft.

When it comes to your personal information being compromised in a data breach, it is a matter of when not if. So, what can you do to protect yourself from the threat of data breaches?

• Don’t leave your credit card on file with any online retailer for convenience’ sake. Input your credit card each time you make a purchase
• Never use your debit card for online purchases because it does not provide the same protection from fraudulent use that you get with your credit card.
• Don’t provide your Social Security number to every company that asks for it as an identifier. Your doctor has no need for your Social Security number, so whenever possible refuse to provide it.
• Freeze your credit. It is free and easy to do. It protects you from someone using your identity to obtain loans, open bank accounts, acquire credit cards, or make large purchases even if they have your Social Security number. You should freeze your credit at all three of the major credit reporting agencies: Equifax, TransUnion, and Experian.
• One important piece of information that many people don’t realize should be kept as private as possible is their cell phone number. Limit providing your cell phone number to people and companies as much as possible. When a criminal knows your cell phone number, they can leverage that number through commonly available databases such as White Pages Premium and learn information such as your current address, past addresses, the names of your family members, and more. The criminal can also use the number to gain access to your social media accounts and can, most significantly, use the information to answer security questions, which could lead to gaining control over your phone. Consider getting a second phone to use for online transactions. You also can use apps such as Google Voice or Burner that will enable you to create different numbers.
• Monitor your credit reports regularly for indications of identity theft. The three major credit reporting agencies now provide free weekly access to your credit reports. Some scammers have websites that appear to offer “free” credit reports, but if you read the fine print, you often may find that you have signed up for unnecessary services.
• Finally, be wary of anyone who calls you purporting to help you in regard to a data breach who  asks for personal information. Also, as always, never click on a link or download an attachment to an email or text message, and don’t provide personal information in response to an email, text message, or phone call, unless you have absolutely confirmed that the communication is legitimate.