LONDON — Data breaches like the recent one involving millions of AT&T customers are becoming an almost regular occurrence.
As our lives move online, personal data such as email addresses, phone numbers, dates of birth, and even passcodes are increasingly at risk of being stolen or accidentally exposed.
In malicious breaches, cybercriminals can use stolen data to target people by sending phishing messages or taking out loans or credit cards in their names, which It is a common and harmful type of identity theft.
Here are some tips to protect yourself.
be careful
In the United States, there is no federal law that forces companies and organizations to notify individuals of data breaches, but it is standard for companies and organizations to notify affected customers and often provide privacy services. It's a common practice, said Oren Aller, vice president of consumer privacy at cybersecurity firm Malwarebyte. .
The situation is even better in the European Union, where privacy regulations in 27 countries require disclosure of certain types of breaches.
Cybersecurity experts say people need to remain vigilant even after a breach is made public. Be wary of phishing and other social engineering attempts via email or phone calls from hacked organizations or people offering to help. Please contact the relevant companies and organizations to confirm. However, please use the official website, smartphone app, or social media channels. Do not use links or contact details in sent messages.
Also, visit identitytheft.gov, the Federal Trade Commission's website for victims of identity theft. This website provides step-by-step advice on how to recover from various scenarios.
Please change your password
In the event of a data breach, the first thing to do is change the passwords of the accounts involved.
Use strong passwords that include letters, numbers, and symbols. The longer the better – some experts say it should be 16 characters. Be sure to add multi-factor authentication. This adds his second layer of verification by requesting a code sent to you via text message or email, or by inserting his USB authentication key into your device.
Also, if you use the same or similar login information for multiple websites or online accounts, be sure to change them. The reason is that if a hacker steals your password from one service, he can try it on other accounts and easily break into all services. If you have trouble remembering all your different credentials, consider a password manager.
“Just because your information has been compromised doesn't mean someone stole your identity or your money. But it does mean you're at risk,” Aral said. said. “So it's wise to monitor credit on new accounts, change compromised passwords, use multi-factor authentication, and have a separate 'junk' email for less important sign-ups. ”
continue monitoring
Data breaches are widespread, and tracking them through individual notifications can be difficult. There are online services you can check to see if your email has been involved in a data breach, such as Have I Been Pwned, a free website.
Malwarebytes' Digital Footprint Portal has similar functionality, but also allows you to check if your information has been posted on the dark web.
“When a public data breach occurs, cybercriminals collect as much data as possible to sell on the dark web,” says Keeper Security CEO, developer of password protection software and dark-scanning tool BreachWatch. said Darren Guccione. Check to see if your personal information is visible on the web.
Please inform your bank or credit institution
If your card payment number has been stolen, contact your bank or credit card company, explain that your card is at risk of fraud, and ask them to alert you to any suspicious activity. They will probably issue you a new card soon. Some banking and credit card apps allow you to lock your account and freeze transactions from the app.
You can also notify credit agencies. The main three are Equifax, Experian, and TransUnion. They can freeze your credit, which limits access to your credit report and makes it difficult to open new accounts or issue fraud alerts. This will add a warning to your credit report prompting lenders to contact you before lending you money.
Be especially careful after a carrier hack
Cybersecurity experts have warned that breaches involving phone companies, such as the AT&T incident, put customers at risk of having their phone numbers stolen or “simjacked.” The thief could then use the hijacked number to access other accounts via text messages that use the number for multi-factor authentication.
To reduce this risk, AT&T also recommends setting up a unique passcode that is required to prevent significant changes to your account, such as transferring your phone number to another carrier. Also, delete messages containing phone bills, bank statements, and other personal information from your email account. This ensures that even if a criminal gains access to your inbox, they won't be able to use that information to get past your security checks.
___
Do you have a technical challenge you need help solving? If you have any questions, please contact onetechtip@ap.org.
