PHOENIX, AZ—Fraudsters have been trying to steal your identity and personally identifiable information—or PII—for years. Your PII can include your name, Social Security number, date of birth, or financial information. In 2018, personal data breaches were the number one reported cybercrime in Arizona with more than 1,300 people filing such complaints with IC3.

• A personal data breach is defined as a leak/spill of personal data which is released from a secure location to an untrusted environment. It may also refer to a security incident in which an individual’s sensitive, protected, or confidential data is copied, transmitted, viewed, stolen or used by an unauthorized individual.

Once a cyber-criminal obtains your PII, they can open credit card or bank accounts, apply for loans, or commit any number of crimes in your name. The FBI has seen an increase in the number of companies and institutions reporting the theft of PII. This theft takes many forms—from email phishing attacks, to Point-of-Sale theft, to the more advanced hacking of vulnerabilities in servers where the information is hosted.

More recently, the FBI has seen reports of cyber-criminals creating new online accounts or accessing existing online accounts to gain access to a variety of victim retirement and health spending accounts, sometimes rerouting deposits to their own bank accounts.

Both individuals and businesses can take steps to protect their financial future.

For individuals:

• Watch for phishing attempts—unsolicited email, text messages, and telephone calls purportedly from a legitimate company requesting personal, financial, and/or login credentials.
• Watch credit card, utility bills, and bank statements for unusual transactions.
• Enable security functions on your phone and computer—especially if you have passwords stored or apps that link to your financial institutions.
• Never respond to unsolicited requests for your personal information, whether online, by phone, or in person.

For businesses (Employers and plan administrators responsible for managing participant accounts):

• Alert your workforce personnel to the latest methods criminals are utilizing to obtain Personally Identifiable Information.
• Continue to encourage employees to scrutinize links and attachments contained in emails.
• Direct employees to report any suspicious requests for personal information to your Information Technology or Information Security Department.
• Establish multi-factor authentication for creating new online accounts and monitor accounts for unauthorized access, modifications, and anomalous activities.

The FBI encourages anyone who has been victimized by an online scam or cyber fraud to report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov, or call your local FBI office.