An alarming new report warns about an increase in data breaches potentially affecting tens of millions of Americans. The Identity Theft Resource Center said that the significant new threat to consumer data is as simple as large organizations failing to add a password to protect their cloud-based data.

The group estimates about 165 million sensitive records were exposed in 2019 when nearly 15,000 breaches of U.S. private and government organizations were uncovered, a 17% jump from the year before. Experts warn that companies are still not doing enough to protect consumer data.

Their published report mentions noteworthy “credential stuffing” attacks in 2019 included Boost Mobile, Dunkin’, and Disney+. Credential stuffing refers to the exploding trend of hackers buying someone’s stolen login and password from the dark web, and then using the same combination to access their other online accounts.

“The reason it’s so easy is because so many of us use the same password for multiple accounts,” Identity Theft Resource Center COO James Lee told CBS News’ Anna Werner.

But what can consumers do on their part to combat the threat of a stolen identity?

Werner told “CBS This Morning” that the surest protections are using different password and login combinations for different accounts. Using a strong password adds an extra layer of security.

If that fails, consumers are urged to contact their banks and freeze their credit immediately, and reporting the hack to law enforcement.

Jaspreet Singh, a Detroit resident who said his private information was exposed along with millions of others in the 2017 Equifax hack, described his ordeal.

“MasterCard told me that I had requested a new credit card, which I never did, and that they sent a credit card to somebody in Texas I believe,” he said. Hackers had stolen the information off of Singh’s business credit card and racked up $4,500 worth of charges before he was able to correct the issue over the course of a year.

The Identity Theft Resource Center provides resources on their website for those affected by identity hacks.

More about: