This Week in Data Breaches: Imposter Scams Run Rampant in Lead Up to Tax Day
From news of a possible data leak at Toyota to warnings about imposter scams in the run-up to the tax deadline, here we round up the latest in data security and privacy news.
IRS Issues Warning About Imposter Scams
The end of tax season, April 15, is upon us and imposter scams have kicked into high gear. Both the IRS and the US Tax Court have issued warnings about phone impersonation and other tax-related scams leading up to the tax deadline, in which “thieves make unsolicited phone calls to their intended victims fraudulently claiming to be from the IRS.”
As the IRS reminds taxpayers in their warning, the IRS will never call or email to demand immediate payment of taxes or court fees, call or email to threaten an arrest, nor call or email to request payment card number or sensitive personal information. You can find more information and view current tax scam alerts on the IRS website. The IRS also maintains an annual list of the top tax scams, the Dirty Dozen, to be on the lookout for. As always, stay vigilant out there!
For more information on steps you can take to help prevent identity fraud, check out our guide on how to protect your identity.
Leak Exposes Information of 3.1 Million Toyota Customers
In a press release last week, Toyota disclosed that it may have exposed information on 3.1 million customers. The company said that it detected unauthorized access on the systems of Tokyo Sales Holdings, Tokyo Motor, Tokyo Toyopet, Tokyo Corolla, Lexus Koishikawa Sales, Lexus Nerima, and Toyota West Tokyo Corolla.
Toyota said that “up to 3.1 million items of customer information may have been leaked outside the company” but that “information that may have leaked this time does not include information on credit cards.” Last week’s announcement comes on the heels of an attempted cyberattack on Toyota Australia in February, which shut down many of Toyota Australia’s systems and disrupted the company’s sales and delivery operations. Researchers believe that the attacks were perpetrated by a “Vietnamese cyber-espionage unit” known as Apt32.
Read more from BleepingComputer.
Security Research Uncovers Massive Spam Operation
A security researcher has uncovered a massive spam operation that used more than 3 million stolen usernames and passwords to gain unauthorized access to thousands of email accounts and then used those accounts to send hundreds of thousands of emails with links to fake scam sites throughout the first half of March. In total, more than 5.1 million spam emails were sent and 162,980 emails were opened.
Bob Diachenko, the security research who discovered the operation, said in a post detailing the discovery, “Last month I have discovered a publicly available database with almost 5GB of 11,535,164 records with compromised emails and plain-text passwords, exposing the entire operation of one of the span operations targeting UK-based users.”
Diachenko, working with TechCrunch, provided a copy of the database to Have I Been Pwned so that people can check to see if their email was misused.
Read more from TechCrunch.
Bloom: Take Back Control of Your Data
At Bloom, we are giving you the tools to take back control of your data.
Bloom enables you to own, authorize the use of, and protect your data using the latest advancements in blockchain technology. With Bloom, the risk of your data being exposed in a data breach or leak is greatly reduced. No more centralized data storage. No more selling off your data to the highest bidder. No more risking identity theft. Your identity, and your highly sensitive personal and financial information, is securely safeguarded on your own personal device using cutting-edge cryptography.
