Amazon fined $2.25M for withholding evidence from fraud victims
The U.S. Federal Trade Commission (FTC) says Amazon will pay a $2.25 million civil penalty to settle charges that it blocked identity theft victims' access to transaction records. [...]
Identity theft occurs when stolen personal data is used to impersonate someone, access accounts, commit fraud, or bypass security controls.
Search across headline titles and summaries.
Background for this topic.
Identity theft is the unauthorized use of another person’s personal information or account credentials to impersonate them or obtain money, services, or access. Stolen names, government identifiers, payment details, passwords, and authentication tokens can support account takeover, fraudulent purchases, new-account applications, or synthetic identities assembled from real and fabricated data. Information may be obtained through phishing, infostealer malware, social engineering, SIM swapping, or exposed databases.
For security teams, the key concerns are limiting exposure of personal data and detecting misuse after credentials or identifiers are compromised. Useful controls include data minimization, strong access controls and encryption, phishing-resistant multifactor authentication, rapid password and session revocation, and monitoring for unusual logins, account changes, or applications. When theft is suspected, incident response should determine which identities and data were affected, contain active access, preserve evidence, and provide appropriate notifications or fraud-protection guidance. Privacy and breach-reporting obligations may apply depending on the data and jurisdiction.
Weekly headline count for the current query.
The U.S. Federal Trade Commission (FTC) says Amazon will pay a $2.25 million civil penalty to settle charges that it blocked identity theft victims' access to transaction records. [...]
A British man, believed to be the leader of the Scattered Spider cybercrime collective, has pleaded guilty in the United States to charges of wire fraud and aggravated identity theft. [...]
Nigerian national Chukwuemeka Victor Amachukwu has been extradited from France to the U.S. to face charges of hacking, fraud, and identity theft for suspected spearphishing attacks on U.S. tax preparation businesses. [...]
The IRS relaunched its Identity Protection Personal Identification Number (IP PIN) program this week and all US taxpayers are encouraged to enroll for added security against identity theft and fraudulent returns. [...]
A 39-year old man from Somerset, Kentucky, was sentenced to 81 months in federal prison for identity theft and faking his own death in government registry systems. [...]
DuckDuckGo has launched a new paid-for 3-in-1 subscription service called 'Privacy Pro,' which includes a virtual private network (VPN), a personal data removal service, and an identity theft restoration solution. [...]
Sebastien Raoult, a 22-year-old from France, has pleaded guilty in the U.S. District Court of Seattle to conspiracy to commit wire fraud and aggravated identity theft as part of his activities in the ShinyHunters hacking group. [...]
The Australian Federal Police (AFP) have announced today that a 24-year-old woman from Melbourne, arrested in 2019 for her role in large-scale, cyber-enabled identity theft crimes, was sentenced to five years and six months in prison. [...]
Four men suspected of hacking into US networks to steal employee data for identity theft and the filing of fraudulent US tax returns have been arrested in London, UK, and Malmo, Sweden, at the request of the U.S. law enforcement authorities. [...]
A newly discovered phishing kit targeting PayPal users is trying to steal a large set of personal information from victims that includes government identification documents and photos. [...]
The New York State Office of the Attorney General (NY OAG) warned victims of the August 2021 T-Mobile data breach that they faced identity theft risks after some of the stolen information ended up for sale on the dark web. [...]