Cyber thieves seek data breaches through workers at home

With so many people working from home, identity thieves have changed their tactics.  

The Identity Theft Resource Center's annual report shows data breaches are down, but thieves are taking advantage of people working from home to steal organizations' data. Save as Draft

First, some good news.

"The number of breaches is actually down and it's down by a significant number. And the number of exposed records or individuals impacted is also down," said Eva Velasquez, CEO of the Identity Theft Resource Center. 

The ITRC found there were 1108 reported data breaches in the U.S. last year, down 19% from 1473 breaches in 2019.  

But now the bad news. 


The ITRC says cyber criminals have changed their approach. Rather than hack into a company's or organization's data from the outside, Velasquez says they're finding it easier to get in by stealing employee credentials, such as log-ins and passwords, by sending workers phishing emails.  

"It could be a request for you to open a document and it looks like something coming from either other folks in your company, or maybe from your managers, supervisors or leadership," explained Velasquez.

The ITRC reports thieves are then installing ransomware and holding the organization's data hostage until they're paid a ransom.  The Center says some of this is happening because employees are working from home. 

"Having a voicemail at your desk phone, you can have that message forwarded to your email. If you're used to remote work, you know what that legitimate incoming message looks like," said Velasquez.

"But if you've never seen it before, all of these imposter emails, it would be very hard to tell the difference," she said. 

Velasquez says many people may also find out when they file their taxes this year that a thief took out unemployment benefits in their name, as the crime rose with unemployment. 

"They could get a communication from the IRS, saying hey, you have unreported income. Those benefits are taxable income. The states will be sending those 1099-G forms to the IRS," said Velasquez. 

To help protect yourself and your employer, Velasquez says don't give out logins and passwords, and use different, complicated passwords for each account. 

You can also check to see if you or your employer has been impacted by a data breach. 

ITRC has an interactive data breach tracking tool called Notified. It's updated daily and free to consumers.  You can type in a company name and it will reveal whether the organization has been breached, the date, and how many people were impacted. 

Tech magazines also say you can enter your email address on sites such as HaveIBeenPwned?, F-Secure, NortonLifeLock, and Firefox Monitor.  The sites let you know if your data has been dumped on the internet.  You can sign up for alerts of a breach on some of these sites. 

If you're a victim of identity theft, you can get help from the ITRC by visiting to live-chat or call (888) 400-5530.