What to do if you become involved in a data breach

This week in data breaches: password managers, travel websites, department stores, burrito bandits, and more!

This has been a busy week for cybercriminals stealing data from multiple entities. We came across at least four breaches for the week of May 29, 2017-June 2, 2017, via various reputable news sources and mainstream media channels.

With the exception of the password manager app breach, most of the latest breaches were commerce related, with attackers stealing personal data such as credit card information, names, address, e-mail address, username and password credentials, and a whole lot more. With credit card data, thieves will usually try to resell the information on the black market. However, credit card numbers do not fetch a high payday, as the owner can report the card as stolen in one phone call, and then it is useless. More permanent information such as names, dates of birth and especially social security numbers are all tied to who you are and are immensely difficult to change. Additionally, this is the core data needed for a cybercriminal to start attempting identity theft.

According to NortonLifeLock’s 2017 Internet Security Threat Report, almost 40 percent of information lost in data breaches in 2016 was Personal Financial Information, which could include credit or debit card details or banking financial records. When it comes to passwords, you are not alone- they are a bit of an annoyance to try to manage. That’s the one fact that cybercriminals rely on, though. Since they are difficult for most everyone to manage, people can tend to try shortcuts such as password reuse across multiple sites, passwords containing words or even personal info such as birthdates, former street addresses, and even phone numbers.

The most crucial thing you can do to help protect your personal information is to practice safe password use:

1. Never reuse the same password on multiple websites. Even if it’s just two or three sites, it’s still not a good idea. Once a cybercriminal obtains a cache of user credentials, they will then attempt to try them on other, well known websites, especially ones that are e-commerce, financial, and medical related.
2. Use strong passwords. A password should be a random string of letters, numbers, and special characters and must contain no less than 8 characters (the more the better). But they don’t really have to be 100% random, it can still be memorable to you.

Take a verse from your favorite song, poem, or quote. For this example, I’ll use the quote “Do. Or do not. There is no try.” This will be the base of your password. Take the first letter from each word: dodntint Now let’s randomize the case: doDnTiNt Take it one step further, and to ensure that the password is more than eight characters, add some numbers and symbols: @doDnTiNt! Swap out the vowels for numbers: @d0DnT1Nt! and there’s a secure password that is easy to remember!

1. Change your password the moment that you have found out that you have become involved in a data breach. If you reuse passwords (don’t worry, you’re not alone!), change those as well. 

It also helps if you use an identity protection service. Such services can help protect your personal information by sending you alerts if suspicious activity is identified on any of your financial accounts, or if new accounts are opened with your Social Security number. LifeLock is one such robust service.

The unique combination of Norton Security and LifeLock is the fortification that gives you the peace of mind to confidently move forward in the online and offline world.

This article is authored by an employee of Norton by NortonLifeLock. NortonLifeLock Corporation, the world’s leading cyber security company, helps organizations, governments and people secure their most important data wherever it lives. Likewise, a global community of more than 50 million people and families rely on NortonLifeLock’s Norton suite of products for protection at home and across all of their devices. Copyright © 2017 NortonLifeLock Corporation. NortonLifeLock Corporation. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, Norton by NortonLifeLock, LifeLock,and the Lockman Logo are trademarks or registered trademarks of NortonLifeLock Corporation or its affiliates in the United States and other countries. Other names may be trademarks of their respective owners.

Here’s a good refresher on what to do if you become involved in one of these breaches:

Cybercriminals are attracted to stealing data that they can make money from, such as credit and debit card numbers, bank account numbers, Social Security numbers, birthdates, full names and addresses. They can commit identity theft with Social Security numbers, sell credit and debit card numbers to other cybercriminals or bleed bank accounts dry using bank account information. Protection from data breaches is subsequently an essential thing in today’s world, as huge breach stories are more common than ever.

How do I know if I have been involved in a data breach?

Cybercriminals may not use stolen data right away, so you may not notice any suspicious activity on your accounts for some time. If you hear about a breach involving an institution you do business with, contact the organization in question to check whether your data has been compromised. You can visit the organization’s website to see if there is a statement about the breach with any instructions about what to do next, or you can call the company’s customer service phone number.

You may not know if you have been affected by a breach, so your best action is to be proactive. You can use the tips below to stay ahead of the bad guys and know what to look out for.

How can I protect myself in the event of a data breach?

Once you’ve confirmed your involvement in a data breach, monitor and follow instructions from the company if they provided any.

• Routinely monitor all of your financial accounts for suspicious activities, such as transactions you did not make. If your institution offers account activity alerts via text or email, sign up for them.
• If the information that was leaked in the breach was as a Social Security number or other personally identifiable information, you may want to consider putting a security freeze on your credit report. This will prevent other institutions from accessing your report entirely, which will prevent opening any new credit lines or credit extensions under your name. Also be sure to contact the Social Security Administration if dealing with a data breach that involves your SSN about next steps.
• If you do encounter suspicious activity on your account, contact your bank immediately and inform them of the activity as well as the fact that your information was exposed in a breach. Secondly, contact the FBI’s Internet Crime Complaint Center (IC3) and file a report.
• Beware of phishing scams. Phishing emails present themselves as legitimate messages from legitimate organizations. These emails contain a “call to action,” usually about an issue with your account and provide a link in the email. Never click on links in these kinds of emails. They can redirect you to a website that was designed to look just like the website in question in order to steal your login information. If you are worried about an issue with your account, open your Internet browser and visit the website directly by typing in the address directly into the browser’s address bar.
• Avoid using unsecured public WiFi.
• Use complex passwords and change them often.
• Check your bank and credit card statements frequently for any unusual charges.
• Notify the fraud units of Equifax, Trans Union, and Experian.

Breaches are becoming far too common these days, as the payoff for cybercriminals can be extremely lucrative. Luckily, there are anti-fraud laws in place to protect you. However, it is up to you to be vigilant about monitoring your accounts for suspicious activity and to report it right away.