Incognito — October 2025: Cybersecurity Awareness Month

Welcome to the October 2025 issue of Incognito, your monthly dive into privacy and security with DeleteMe.

This month: 

• It’s Cybersecurity Awareness Month and the month we observe World Mental Health Day. Did you know good cyber hygiene can help your mental health?
• The grift hiding in plain sight. In this week’s episode of DeleteMe’s podcast “What the Hack?” host Beau Friedlander is joined by ITRC CEO Eva Casey-Velazquez to unpack the good (yes, really), the bad, and the ugly of data brokers. Listen here.
• Essential reading: From ads popping up on smart fridges to why you should update your LinkedIn settings. 
• Q&A: “Are there any “smart” home devices that are okay for privacy?”

Share Your DeleteMe Story!

We’re recording customer testimonial videos about the impact of privacy protection and would love to feature your story!

We Want to Hear:

• Why you chose DeleteMe.
• How DeleteMe protects your data.
• The benefits and peace of mind you’ve gained.

Interested?

Email marketing@joindeleteme.com. If selected, we’ll schedule a 30-45 minute video call. Your story helps others protect their privacy! You may be compensated for your time.

‘What the Hack’ (DeleteMe’s Podcast) Is a Finalist In the Signal Awards for Thought Leadership!

We’re honored to be recognized. And with your help, we can win.

Vote for us in this year’s Signal Awards! (You are required to enter an email address to cast your vote. Privacy Pro Tip: Use DeleteMe email masking if you don’t want to share your real email address.)

Would This Email Freak You Out?

You check your inbox. 

A subject line reads: “Your data may have been exposed.”

It’s an email from a company warning you that a large amount of your personal data was recently exposed in a data breach of their systems.

Do you:

1. Sigh and think: “Why bother worrying? My privacy was sold out long ago.” 
2. Feel awful, like this internet user who shared: “My real name and email were part of a data breach a few weeks ago, and I’ve been feeling extremely stressed and ill.”

If you chose b), you’re not alone. 

Many people experience strong emotional and, in some cases, even physical responses following a data breach.

Data Breaches Are a Mental Health Trigger

A data breach can have a significant impact on your mental well-being if your data is leaked. 

Studies show that people exposed in data breaches often report sleep disturbances, stress, trouble concentrating, and even physical symptoms like headaches and cramps.

In severe cases, victims can develop anxiety, depression, or PTSD. 

A study of 145 hacking victims found that while some individuals lean into problem-solving (by changing passwords, regaining access, and tightening their defenses), others spiral into unproductive responses (withdrawing, lashing out, or becoming overwhelmed by stress). 

Older data breach victims tend to be the worst hit, while women, on average, are more likely than men to take constructive steps to regain control of their privacy. 

The type of hack matters, too: social media breaches hit hardest, while email hacks cause the least distress. 

Breaches’ Feel Personal Because…They Are 

Data breaches can be a snapshot into the sheer volume and sensitivity of the information companies collect and the number of parties they share it with.  

As one frustrated user of an ebook store put it: “It’s so […] annoying that in order to buy literally anything online you have to give your personal info to a town of corporations that have nothing to do with the product you’re buying.” 

Change the word “buying” with “using,” “scrolling,” “downloading,” etc., and the idea still applies. 

Good Cyber Hygiene Is Calming

Strong, unique passwords, paired with two-factor authentication, reduce worry about breaches. 

Adjusting privacy settings, sharing less online, and opting out of data brokers can all help restore a sense of control over your personal information. 

Perhaps most importantly, simply knowing what steps to take when a data exposure incident inevitably happens can make you less likely to spiral into panic.

Psychologists say that when you feel prepared, you experience less shock and confusion if something does go wrong. It’s the difference between feeling ambushed and feeling ready.

Looking for a Quick Check Up?

Ask yourself:

• Do I reuse the same password on multiple accounts?
• Am I using two-factor authentication on my most important accounts?
• Do I know if my data is on data broker websites, and have I tried to opt out?
• Have I checked HaveIBeenPwned to see if my email addresses, phone numbers and/or passwords were compromised in past breaches?

• Do I have a plan if one of my accounts gets hacked?
• Are my account privacy settings as strict as they can be?

If any of your answers made you uneasy, now’s the time to do something about it this Cybersecurity Awareness Month. 

We’d Love to Hear from You!

Have a story for our podcast about scams or fraud? Any privacy stories you’d like to share, or topics you’d like to see in Incognito? We’d love to hear from you!

Drop a line to Laura Martisiute at laura.martisiute@joindeleteme.com. She’s keen to hear any feedback you have about this newsletter.

Recommended Reads

Our recent favorites to keep you up to date in today’s digital privacy landscape.

Police Drones Double as License Plate Readers

Police are starting to use drones equipped with automated license plate readers (ALPRs), combining aerial surveillance with vehicle tracking. Companies like Flock Safety are driving this expansion, raising major privacy concerns as these tools can collect and share vast amounts of sensitive data. Critics warn that without strong limits, such drones could enable widespread, warrantless surveillance of entire communities.

DHS Secretly Collected DNA From U.S. Citizens, Fed It Into FBI Database

The Department of Homeland Security, through Customs and Border Protection, has secretly collected DNA from nearly 2,000 U.S. citizens (including minors) and entered it into the FBI’s CODIS crime database, despite lacking congressional authorization. New data shows that most samples were taken under civil, not criminal, authority, with some involving children as young as fourteen and adults never charged with crimes. 

Samsung Starts Serving Ads On Smart Fridges In U.S. Pilot Program

Samsung has started pushing ads to its Family Hub smart refrigerators in the U.S. market through a new software update, despite previously denying plans to do so. The company calls it a “pilot program” to add “value” for customers, with ads appearing on idle cover screens but not during Art Mode or photo displays. While users can dismiss specific ads, the move has drawn criticism. 

Time to Opt Out? LinkedIn Will Use Member Data for AI Training 

LinkedIn is updating its User Agreement and Privacy Policy on November 3, 2025, and will begin using members’ data by default to train its generative AI models unless users manually opt out in their settings. The changes also expand data sharing with Microsoft for advertising in certain regions, clarify rules on deepfakes and impersonation, and introduce new terms related to payments and account appeals. 

You Asked, We Answered

Here are some of the questions our readers asked us last month.

Q: Are there any “smart” home devices that are okay for privacy? 

Most smart devices carry privacy risks. 

Even things like smart lightbulbs can put your privacy and security at risk. Researchers have demonstrated that attackers can infer which songs or videos someone is playing by analyzing light patterns, and even utilize infrared capabilities to create covert channels for secretly exfiltrating private data from secured networks.

That said, these attacks are sophisticated. They require specialized sensors, clear visibility of the bulb, or prior compromise of a device on your network. 

The bigger, more practical concern is probably the data collection and sharing practices of smart device companies. 

Take Wyze Light Bulbs as an example. According to Mozilla’s *Privacy Not Included guide, Wyze collects A TON of data through its devices and app. 

The app requests permissions that allow it to track location, access the microphone, read text messages, and even control your flashlight. 

Additionally, the company uses your data for targeted ads and builds inferences about you. 

And no, you apparently can’t use the light bulbs without the app. 

Going fully “dumb” (i.e., no smart devices at all) is, of course, the best for privacy. The second-best option is to choose devices that work locally rather than relying on cloud servers. That said, you still need to trust that the manufacturer isn’t secretly collecting data when you set up updates or use apps.

Q: Is identity theft possible just from a photo?

A: Not directly. 

But if someone has your photo, they could run a reverse image search and find additional information (e.g., your full name, date of birth, names of family members) about you from sources like social media and data brokers. 

Scammers can then use this data for social engineering (tricking you into giving up more information) or to directly answer security questions on other websites, which can lead to account takeovers and identity theft.

Q: When you click ‘Accept All’ on a cookie banner, how much of your data actually gets shared, and with whom?

A: Good question. 

When you hit “Accept All”, you typically allow the site and its third-party partners to place various types of cookies and trackers on your device that can collect:

• Identifiers (device ID, IP address, unique cookie IDs).
• Usage data (like pages visited and products viewed).
• Location data (approximate, unless you grant location access).
• Demographic and inferred data (like age group, gender, and interests).
• Cross-site and cross-app activity (if the same trackers exist elsewhere).

Accepting all cookies generally allows data to be shared with hundreds of third parties, including advertising networks, data brokers, analytics providers, affiliates, marketing partners, and third-party vendors. 

As a result, you should always take the time to “Manage Preferences” or “Reject All” if possible (even if it is tedious). 

Back to You

We’d love to hear your thoughts about all things data privacy.

Get in touch with us. We love getting emails from our readers (or tweet us @DeleteMe).

Don’t forget to share! If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter. If you’d like to subscribe to the newsletter, use this link.

That’s it for this issue of Incognito. Stay safe, and we’ll see you next month.