identity theft
Photo by NeONBRAND on Unsplash

The idea of identity theft is nothing new, but it can take on various forms. And since the risk only seems to be growing, it’s important to understand the full extent of what it is. Read on to learn more about what identity theft is and what you can do about it.

What Is Identity Theft?

Identity theft is just what it sounds like. Someone gets their hands on your personal information and pretends to be you, usually to open credit accounts in your name. The thief reaps the benefits of whatever they purchased with your credit, and you could get stuck with the bill.

But there are other ways your personal information can be compromised. Thieves can steal your credit card number and rack up purchases that you’ll have to pay for (unless, that is, you happen to catch and report the purchases to your credit card issuer within the requisite time). Hackers can also steal your login credentials to various online accounts, giving them access to whatever information is stored in those accounts.

As you can see, there are many ways your identity and financial information can be compromised. That’s why it’s important to use multiple methods to protect yourself. For example, you can’t keep your credit card number safe if you only focus on your Social Security number. And you can’t keep your email from getting hacked if you only focus on keeping your credit card number safe.

Here are a few things you can do to shore up your personal information:

FREE TOOL: Worried a mistake on your credit report could be bringing your credit score down? Try this.

The Biggest Data Breaches From 2018

Data breaches have become a hot topic around identity theft. Depending on the company breached, any number of different types of personal information can be exposed — from credit card numbers and Social Security numbers to medical information and more.

The problem is, the news is so full of data breaches that it can be hard to track them all. But the sooner you know a company you work with has been breached, the sooner you can take steps to protect your information.

The Identity Theft Resource Center (ITRC) is a non-profit that, among other things, catalogs information on data breaches each year. In their latest annual report, the ITRC noted that there were 1,244 data breaches in 2018, with 446,515,334 records exposed. Below are the largest data breaches in 2018 according to this report. Take a look to see if there are any companies you deal with on the list or take a look at the full report here.

1. Starwood Hotels & Resorts Worldwide

  • Number of records exposed: 383 million
  • Category: Business
  • What was exposed: According to Marriott’s press release, the information for about 327 million of the guests whose records were exposed included “some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (‘SPG’) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.” The release goes on to say that, “for some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128).” Finally, they say that “For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address, or other information.”
  • Protections offered: One year of free enrollment in WebWatcher, which guests can activate here — U.S. guests enrolled in WebWatcher are also eligible for fraud consultation services

2. Government Payment Service Inc. (

  • Number of records exposed: 14 million
  • Industry: Government/Military
  • What was exposed: According to Krebs on Security, the records leaked date back at least six years and included “names, addresses, phone numbers and the last four digits of the payer’s credit card.”
  • Protections offered: None; a quote of the company’s statement to Krebs on Security says, “The company has no indication that any improperly accessed information was used to harm any customer, and receipts do not contain information that can be used to initiate a financial transaction.”

3. Cathay Pacific

  • Number of records exposed: 9.4 million
  • Industry: Business
  • What was exposed: According to Cathay Pacific, exposure of records of their passengers and Cathay Dragon passengers included “name; nationality; date of birth; phone number; email; address; passport number; frequent flyer programme membership number; customer service remarks and historical travel information.”
  • Protections offered: Affected passengers were notified and offered Experian ID monitoring services

4. Hudson Bay Company (Saks Fifth Avenue, Saks Off Fifth, Lord & Taylor)

  • Number of records exposed: 5 million
  • Industry: Business
  • What was exposed: Credit card numbers and debit card numbers
  • Protections offered: According to the Chicago Tribune, “The company said its customers won’t be liable for fraudulent charges. It plans to offer free credit monitoring and other identity protection services.”

5. Firebase (Google)

  • Number of records exposed: 4.05 million
  • Industry: Business
  • What was exposed: SecurityWeek reported that this leak of data from “thousands of mobile applications running on iOS and Android,” exposed plain text passwords, user IDs, “Protected Health Information records,” GPS location records, financial records, and data store user tokens.
  • Protections offered: “Google provided a list of impacted apps and servers,” according to AppleInsider.

6. Jason’s Deli

  • Number of records exposed: 3.4 million
  • Industry: Business
  • What was exposed: A press release by the deli says that impacted information could include “cardholder name, credit or debit card number, expiration date, cardholder verification value, and service code” (the latter of which, they note, is not the same thing as a credit card security code).
  • Protections offered: None, but you can view the press release to see if any locations you’ve been to were affected.

7. AccuDoc Solutions, Inc. (Atrium Health)

  • Number of records exposed: 2.65 million
  • Industry: Medical/Healthcare
  • What was exposed: The company’s press release said that the following types of information about both patients and guarantors were exposed in the breach: “first and last name, home address, date of birth, insurance policy information, medical record number, invoice number, account balance, and dates of service” and, for some, social security numbers
  • Protections offered: Credit monitoring services are being offered to those “whose Social Security numbers were potentially accessed.”

8. T-Mobile

  • Number of records exposed: 2 million
  • Industry: Business
  • What was exposed: T-Mobile’s press release said that “name, billing zip code, phone number, email address, account number, account type (prepaid or postpaid), and/or date of birth” were among information exposed.
  • Protections offered: None

9. SunTrust Banks, Inc.

  • Number of records exposed: 1.5 million
  • Industry: Banking, credit, financial
  • What was exposed: According to a letter from law firm King & Spalding, this breach included “name, address, phone number, age (but not date of birth), certain account balances, and in some instances, email addresses.”
  • Protections offered: Also according to this letter, the bank offered “an ongoing subscription to Experian IDNotify®” to affected customers.

10. UnityPoint Health

  • Number of records exposed: 1.42 million
  • Industry: Medical/Healthcare
  • What was exposed: UnityPoint Health said that the breach included patient names and “addresses, dates of birth, medical record numbers, medical information, treatment information, surgical information, diagnoses, lab results, medications, providers, dates of service and/or insurance information,” as well as, for some, social security numbers, driver’s license numbers, bank account numbers, payment card numbers.
  • Protections offered: One year of free credit monitoring services to any individual whose driver’s license number and/or social security number were exposed in the breach

Have you fallen victim to fraud or want to make sure you don’t? Read this.