data-breach

Data breaches are all too common in today’s world. Our whole lives are online.

We have accounts of every kind: shopping, banking, kid’s websites and games, video streaming, restaurants, among others. It’s staggering really.

With all these data breaches, what should I do after data breach?

Do we know what steps need to be taken, when your email or password is compromised?

Have you thought about how many websites you have had to give user names, passwords, and even financial information?

Let us dive in right away to see how to safeguard our data and the steps needed after a data breach.

Breaches, breaches & more breaches

Data breaches come in all shapes and sizes. Marriott Hotels recorded a data breach in January 2019 that included credit card numbers and passport numbers of over 383 million guests.

In August 2019, Facebook had 540 million breached accounts which exposed account information. The breach included user names, IDs, and passwords.

This all happened because this information was being kept on unprotected servers (1).

In November 2019, an employee at Trend Micro stole the personal data of over 70,000 of the firm’s customers and then used the information to scam the customers (1).

According to the FBI, there were 467,361 reports of complaints of personal and business data breaches including breached accounts and leaked emails in 2019. This added up to $3.5 billion of losses. Many of these breaches were caused by exposed accounts, email scams, hacking, and even extortion (2).

What is a data breach?

A data breach is when information is stolen or taken without the knowledge or authorization of a system’s owner.

Often breached data involves sensitive or confidential information like credit card numbers, addresses, social security numbers, bank account numbers, or customer information (3).

People who cause data breaches often use data from leaked emails and exposed accounts for various purposes:

  • Hackers can take money directly if they gain access directly to bank accounts or credit cards.
  • Hackers use breached accounts to gain information to sell to others who will use it for their own purposes.
  • Hackers may be motivated to cause a data breach for political gain or to interrupt the service, company, or government services.
  • Hackers often sell any information they steal, including credit card details, names, email addresses, photos, date of birth, personal documents, insurance numbers, tax details, and any other personal information (4).

Hackers are experts at finding ways to expose weaknesses in web browsers, operating systems, software, computers, or companies that store information. Data breaches occur for many reasons:

  • Exposed AccountsData breaches may occur when companies don’t use secure servers which leads to exposed accounts. Servers that aren’t secure are easy for hackers to penetrate and get to all kinds of information.
  • StealingPeople working within a company may steal information and leaked emails to use personally or sell.
  • Application or Software WeaknessesHackers may also find backdoors or application vulnerabilities to get information. Companies often get hacked and their weaknesses are exposed. Companies respond by “patching” their software through updates.
  • MalwareMalware is also a common method hackers use. Malware is software that is downloaded into a computer which allows for the hacker to access what is there. It often comes through infected websites and emails.
  • Email ScamsEmail scams are also all too common and a great way for hackers to get information about exposed accounts from an individual without maliciously stealing the information.
  • Physical TheftAnother method people use to steal information is through physical theft of information. People will steal information from the trash, break-ins, stolen computers or phones, or other physical methods (9).

Is My Email Compromised?

At least a few times every month there is news about breached accounts, exposed accounts, or leaked emails at businesses, banks, email servers, etc.

We may even be notified by our bank or credit card companies about a possible breach of their systems. Additionally, we may be able to find out if our data has been breached from the website of the company that had the breach.

Last year my credit card company froze my account when there was suspicious activity. I was so glad they caught it before more could be done to my account.

In the end, the company froze my account, reissued a new card, and put a “fraud alert” on my account.

We each have a responsibility to be vigilant to watch our accounts for any suspicious activity, regularly check in on my online accounts to watch for suspicious activity, exposed accounts, or breached accounts that the credit card company or bank may not catch.

I have to do this for all accounts I have online that have my personal information on them or sensitive emails in them.

It can be difficult to know if an email account has been compromised since email companies don’t necessarily track usage.

I do get updates from Google if my Google accounts have been accessed on different devices. It is a great way to help me know if I have a leaked email account and it has been accessed by someone else.

XposedOrNot.com is a great resource for knowing if an email account has been compromised in any way. All you need to do is enter your email and it tells you if you have an exposed account and all its related parameters.

What can be done after a data breach?

Unfortunately, the odds are pretty high that we may be faced with compromised data, leaked emails, or exposed accounts  since our information is out on the internet on so many websites and accounts.. So what can be done if my email has been compromised? What can I do if my information or accounts have been breached?

  • Change Logins, Passwords, and Security Questions
    This is a great way to block access into that account from the threat of the current breach. Earlier this year my credit card information was stolen and my credit card company immediately froze my account, called me to confirm or deny the suspicious activity, and reissued a new card. I then had to go into my online account and change my password so that it couldn’t be accessed that way.
  • Accept Help from the Breached Company
    Companies that have had a data breach will often offer to help fix the problem. If information from a large company has been breached, the company will work to fix the problem. They will often take responsibility and offer help to those who have been affected. This may come in the form of stronger monitoring for a time or other help. If a company offers help, take it (9).
  • Monitor Accounts at Financial Institutions
    Depending on the information which may have been stolen or breached. It is important to be aware of accounts that may have been affected and to diligently watch the activity on them for anything suspicious.
  • Notify Appropriate Companies or Financial Institutions Banks and credit card companies have ways to help if the information is stolen. The bank account may need to be monitored to detect anything unusual. If credit card information has been stolen, the credit card needs to be aware so the credit card can be canceled and replaced or monitored for suspicious activity (6).
  • Notify Credit Bureaus
    If the information has been used for suspicious activity that may reflect on a credit score, credit bureaus should be notified and a “Fraud Alert” be put on a name. This protects against any identity theft when a person will try to open another account (6).

How can I secure my accounts?

Computer technology and the internet are constantly changing. As technology changes, there are always issues that arise with security that can open people up to breached accounts.

Hackers and those who set out to steal information are quick to find and exploit weaknesses of email systems, operating systems, and web browsers.

It seems like an ever-evolving race as technology change the hackers are quick to adapt and then the technology companies rush to cover up any weaknesses, leaks, or other issues that may have been revealed by hackers and exposed accounts.

There are several things that we can do to help guard against internet and email weaknesses. Some of these things include:

Password Tips
  • Secure Email Logins and Passwords

    Passwords are most secure when there it is at least 12 characters or more and consists of a combination of letters and numbers. Additionally, passwords should not be a common phrase like “password” or “mypassword” or familiar names associated with a person.

    Associated names like nicknames, family member names, or other information may be easy to find using a simple search on social media sites.

    If that information may be found there, then don’t use them as a part of a password. Instead, it is better if a password is random (9).

    Email logins and passwords can be secured in many different ways. It is important to try to not overuse a password. Using the same password for many different sites creates open doors for a hacker to get into multiple accounts.

  • Two-Factor or Multi-Factor Authentication 

    This adds to the level of security for the account (5). Two-factor authentication is when more information is required to verify identity to get into an account after already using a log-in and password.

    This could be in the form of application like [Google Authenticator(Android & iPhone), Microsoft Authenticator, bio-metric scanners (usually used to get into a computer or phone), receiving a code via email or text message, etc.(8)

  • Operating System Updates.

    Operating system makers like Microsoft, Apple, Google, and others are regularly creating updates or “patches” to their operating systems to correct vulnerabilities. Every computer, mobile, and tablet has its own operating system.

    All operating systems will have an option to automatically update whenever the company develops a new one.

    As soon as it is available, it downloads directly onto the device and requires very little from the owner of the device.

    This option should be turned on all of the time unless there is a specific reason not to.

    If it is not turned on or you aren’t sure if your system is up-to-date, you can always manually update it or check if it is updated (7).

  • Web Browser Updates.

    Like operating systems, web browsers(Chrome, Firefox) often have weaknesses that hackers find and use to get into computers, phones, and tablets.

    Companies that make web browsers will regularly create updates to fix weaknesses so that hackers won’t be able to get in.

    All browsers have an option to turn on regular automatic updates.

    If the option to automatically update has been turned off for any reason, it can always be started manually (7).

  • Be Wary of Suspicious Emails or Websites.

    It is tricky how emails are sent and either use names of or names close to people we know.

    It is easy to open emails thinking that it is from someone known but instead it isn’t.

    If it is opened malware has then been opened up on the computer or device.

    It is important to stay vigilant and wary of anything suspicious and not open it (9).

  • Be Wary of Scam Emails.

    This is one of the easiest ways in which many are falling prey to scams. Avoid trusting a well-written email asking for your credentials or asking you to verify to claim a reward or gift.

    Never respond to an email requesting information unless they are known and trusted by you.

    Hackers are experts at telling good stories to influence people to give them information or money.

Conclusion

Billions of dollars every year are stolen through data breaches involving compromised emails, leaked emails, exposed accounts, and breached accounts.

As a consumer and a daily user of internet accounts, we need to take responsibility to do all that we can to make sure we don’t end up with any exposed accounts or leaked emails by hackers bent on stealing our information.

There are many actions that we can take if we have any breached accounts. We must actively communicate with the appropriate companies to make sure our finances and information remain safe even after a breach.

We must also change logins, accept help, monitor accounts, notify appropriate companies, and notify credit bureaus.

Before there are any breached accounts, though, it is important for us to do all that we can to prevent it.

We must better secure email logins and passwords, use two-factor or multi-factor authentication, use password managers, update operating systems and web browsers, and be vigilant about suspicious emails, scam emails, and suspicious websites.

Data security takes vigilance and time, but it is well worth the effort.

Exposed accounts and leaked emails can cost us a lot of time and money.  Not just that, the pain of going through such unwanted transactions misusing our accounts is pretty heavy  as well.

Question now is, how secure are your online accounts?

What are the ways and means in which you secure your accounts? Are there any areas or steps that can be done or focused for post data breach actions than the ones explained in here?

Please let me know in the comments.

Good references: