data breach roundupIdentity theft never takes a vacation, as evidenced by the numerous data breaches that have been uncovered in the first month or so of 2016. It’s important for consumers to be wary at all times and keep an eye on the news to be sure they haven’t been exposed, but that can be difficult considering the sheer volume of breaches that occur on a regular basis. In 2015, everyone from celebrities to government employees to children were victims to highly publicized data breaches — and for every breach that got its own front page headlines, there were many more that didn’t warrant such attention due to their limited reach. According to the Identity Theft Resource Center, there were a total of 781 tracked breaches during the past year, the second highest year on record since the ITRC began tracking them in 2005.

To help our readers keep abreast of potential risks to their identity and personal information, we will be posting a series of data breach roundup blogs throughout the year that highlight the smaller — yet still significant — security alerts they should know about.

Wendy’s is probing reports of a potential credit card breach

Fast food lovers might want to double check their bank statements if they’ve eaten at a Wendy’s restaurant over the past year. As reported by Krebs on Security, following reports from banking and payment industry contacts of suspicious fraud on cards that could be traced back to multiple Wendy’s locations, the restaurant chain has launched an investigation. So far, there isn’t much concrete news regarding the exact nature of the breach or how many locations may have been affected, but a spokesperson for Wendy’s was quoted saying the period of time being investigated is late last year (2015). Hopefully sooner than later, answers will be found and customers will receive notification if their cards were involved. In the meantime, keeping an eye on your bank or credit card statements for suspicious activity is always solid advice.

Data breach at Landry’s, Inc. is officially confirmed

When we first wrote about it in Dec. 2015, the restaurant-chain conglomerate was merely investigating reports of credit card fraud in relation to some of its restaurants. A press release from Jan. 29 revealed the results of that investigation, and the news isn’t good for Landry’s, Inc. and Gold Nugget Hotels and Casinos. It determined that attackers installed a program on some of the payment card processing devices at certain locations which stole payment card information — including cardholder name, card number, expiration date and verification code — when cards were swiped.

Due to the extensive nature of locations involved in this breach, concerned consumers are advised to visit the website where Landry’s, Inc. has set up a detailed list of all restaurants, properties, spas and other locations involved and the time period when they were vulnerable. The time periods being considered include May 4, 2014 to March 15, 2015, March 16, 2015 to May 4, 2015 and May 5, 2015 to Dec. 3, 2015.

Landry’s, Inc. has enhanced its security and is working with payment card companies to identify and alert individuals affected. Concerned customers, in the meantime, can call a hotline set up by the company from 9 a.m. to 7 p.m. ET Monday through Friday.

Breaches at children’s tech toy companies are likely to continue

The massive VTech security breach discovered right before Christmas set off a wave of worry as parents realized the tech toys on many kids’ must-have list might not be as safe as they should be. Unfortunately, this was unlikely an isolated incident, as evidenced by new research published by cybersecurity firm Rapid 7, Inc. Although these toys connect to the Internet and are used by those that are most incapable of protecting their security and identities, tech toy companies aren’t as stringent about security as they should be. Most toys are Android-based, and Rapid 7 concluded the majority contain serious flaws that make them easy targets for data thieves. Parents should be alert to the potential dangers that tech toys (as well as any device that is part of the greater Internet of Things network) pose to their family’s security.

Not all security enhancement attempts hit their mark

Companies that have suffered data breaches naturally work in the weeks and months afterward to beef up their security and regain customers’ trust. While some efforts, such as introducing more stringent IT practices and enhancement of encryption, are certainly bound to help, others seem to be nothing more than a Band-Aid on top of a gaping wound. An almost absurd example of this is the latest “security enhancement” from Ashley Madison, the infidelity dating website which suffered a massive data breach that exposed millions of people around the world as cheaters to their friends and family. The website has revealed a new feature that lets users add masks, blurring and black bars to their profile pictures in an effort to obscure what they look like. While the site is promoting this as a great way to protect its members’ identities, the fact that users must still upload their picture undoctored before applying a mask doesn’t seem promising if the security of the site itself hasn’t been addressed.

It’s important to look at any efforts promoted by companies to improve security with a critical eye. Not all identity theft protection services offered for free are equal when it comes to the protections offered, and it’s necessary for consumers to be vigilant towards monitoring their own accounts and credit reports instead of relying on a company to do it for you (or crossing your fingers and hoping for the best).

To learn more about protecting your identity and security online as well as get the latest news on other data breaches, follow our identity theft protection blog.