Amazon fined $2.25M for withholding evidence from fraud victims
The U.S. Federal Trade Commission (FTC) says Amazon will pay a $2.25 million civil penalty to settle charges that it blocked identity theft victims' access to transaction records. [...]
Identity theft occurs when stolen personal data is used to impersonate someone, access accounts, commit fraud, or bypass security controls.
Search across headline titles and summaries.
Background for this topic.
Identity theft is the unauthorized use of another person’s personal information or account credentials to impersonate them or obtain money, services, or access. Stolen names, government identifiers, payment details, passwords, and authentication tokens can support account takeover, fraudulent purchases, new-account applications, or synthetic identities assembled from real and fabricated data. Information may be obtained through phishing, infostealer malware, social engineering, SIM swapping, or exposed databases.
For security teams, the key concerns are limiting exposure of personal data and detecting misuse after credentials or identifiers are compromised. Useful controls include data minimization, strong access controls and encryption, phishing-resistant multifactor authentication, rapid password and session revocation, and monitoring for unusual logins, account changes, or applications. When theft is suspected, incident response should determine which identities and data were affected, contain active access, preserve evidence, and provide appropriate notifications or fraud-protection guidance. Privacy and breach-reporting obligations may apply depending on the data and jurisdiction.
Weekly headline count for the current query.
The U.S. Federal Trade Commission (FTC) says Amazon will pay a $2.25 million civil penalty to settle charges that it blocked identity theft victims' access to transaction records. [...]
'We have no reason to believe that our data or systems have been compromised. We are in the process of contacting the Maine Attorney General's office to have this removed.'
Victims Increasingly Face Multiple Compromises From a Single IncidentIdentity theft scams are increasingly unfolding as coordinated, AI-assisted attack chains that begin with phishing or impersonation escalate into account takeovers, device compromise and broader fraud, according to the Identity Theft Resource Center.
A 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology companies and steal tens of millions of dollars worth of cryptocurrency from investors.
A British man, believed to be the leader of the Scattered Spider cybercrime collective, has pleaded guilty in the United States to charges of wire fraud and aggravated identity theft. [...]
Tyler Buchanan Pleads Guilty to Conspiracy to Commit Wire Fraud and Identity TheftA senior figure in the Scattered Spider cybercrime group pleaded guilty to one count of conspiracy to commit wire fraud and one count of aggravated identity theft on Friday in US federal district court. The plea marks the conclusion of a digital crime spree by Tyler Robert Buchanan.
A 29-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for his role in facilitating North Korea's fraudulent information technology (IT) worker scheme
ITRC Report: 2025 Breach Notices Lack Critical Details as AI-Based Attacks SurgeThe Identity Theft Resource Center tracked a record 3,322 U.S. data breaches in 2025, more than any previous year. Yet, only 30% of breach notices included actionable details that other defenders need. ITRC's James Lee warns that this lack of transparency puts people and businesses at greater risk.
Identity Theft Resource Center Catalogs 3,322 Known US Incidents in 2025The number of U.S. organizations that reported falling victim to a data breach in 2025 reached an all-time high, while the number of notifications they sent to affected consumers fell sharply, reports the Identity Theft Resource Center's latest annual breach roundup.
Data from the Identity Theft Resource Center reveals 23 million individuals victimized by breaches in Q3 2025
CRM giant denies security shortcomings as claims allege stolen data used for ID theft Salesforce is facing a wave of lawsuits in the wake of a cyberattack that exposed customer data.…
UK High Court Overturns Home Office Request to Extradite Diogo Santos CoelhoThe U.K. High Court of Justice on Sep. 11 overturned a Home Office request to extradite a Portuguese national and an alleged administrator of RaidForums who is wanted in the United States on charges of device fraud and aggravated identity theft charges.
A 20-year-old member of the notorious cybercrime gang known as Scattered Spider has been sentenced to ten years in prison in the U.S. in connection with a series of major hacks and cryptocurrency thefts
Nigerian national Chukwuemeka Victor Amachukwu has been extradited from France to the U.S. to face charges of hacking, fraud, and identity theft for suspected spearphishing attacks on U.S. tax preparation businesses. [...]
A Nigerian man accused of hacking, fraud and identity theft has been extradited from France to the US to face charges
Most Compromises Trace to Financial Services, Healthcare, Professional ServicesData breaches rage on. In the first half of this year, the Identity Theft Resource Center counted 1,732 total data breaches affecting 166 million people, marking a rise in data breaches but a decline in victims, likely due to a drop in mega-breaches.
The alleged Chinese state-sponsored hacker faces multiple charges, including wire fraud, aggravated identity theft, and unauthorized access to protected computers.
AI agents are changing the way businesses work. They can answer questions, automate tasks, and create better user experiences. But with this power comes new risks — like data leaks, identity theft, and malicious misuse
A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. U.S. prosecutors allege Tyler Robert Buchanan and co-conspirators hacked into dozens of companies in the United States and abroad, and that he personally controlled more than $26 million stolen from victims.
Tyler Buchanan, a 23-year-old Scottish Man Extradited to the US on WednesdaySpanish authorities extradited on Wednesday the suspected head of the Scattered Spider cybercrime group to the United States, where he is being held without bail in a downtown Los Angeles federal prison. Tyler Buchanan, 23, faces charges for wire fraud, aggravated identity theft and conspiracy.