Your data was probably stolen in cyberattack in 2018


Digital Directorship
Cybersecurity: Data Security/Privacy

Your data was probably stolen in cyberattack in 2018 – and you should care

Source: Mike Snider, USA TODAY
Published Dec. 28, 2018 | Updated Jan. 1, 2019

When it comes to data breaches, 2018 was neither the best of times nor the worst of times. It was more a sign of the times.

Billions of people were affected by data breaches and cyberattacks in 2018 – 765 million in the months of April, May and June alone – with losses surpassing tens of millions of dollars, according to global digital security firm Positive Technologies.

Cyberattacks increased 32 percent in the first three months of the year and 47 percent during the April-June period, compared to the same periods in 2017, according to the firm, which was founded in 2002.

Equifax

There wasn’t a breach “quite as significant” as the Equifax data breach from September 2017 in which an estimated 143 million Americans faced potential lifelong threat of identity theft, said Marta Tellado, president and CEO of Consumer Reports. “But the sheer volume of breaches of major companies was stunning,” she said.

Breaches and cyberattacks continue to escalate, “and it’s not like it’s slowing down,” said Gary Davis, chief consumer security evangelist for McAfee, the California-based maker of antivirus and computer security software.

As consumers grow more accustomed to breaches being revealed regularly – only four weeks ago, Dunkin’, Marriott and Quora each announced one within a span of six days – they tend to either accept or ignore them, Davis says.

With “security fatigue, (consumers) just throw their hands up and say something bad is going to happen, so I should brace myself for it,” he said. “Or they say, ‘It’s not going to happen to me, it will happen to somebody else.’ ”

Read More about Equifax data breach …

Marriott

And several breaches in 2018 were among the largest of all time. Last month, Marriott, the world’s largest hotelier, announced one of the largest-ever breaches involving as many as 500 million people who made reservations at its Starwood properties on or before Sept. 10, 2018. Those customers may have had their personal information accessed in a breach of the Starwood guest reservation database, the company said.

Marriott announced the breach Nov. 19 but said unauthorized access to the database had gone on for as long as four years. Among the data potentially accessed: names, mailing address, phone number, email address, passport number, date of birth, gender, arrival and departure information, reservation dates and communication preferences.

Read More about Marriott data breach …

Yahoo

The 2013 Yahoo breach, which affected as many as 3 billion accounts, remains the largest to date. A separate subsequent Yahoo breach also hit 500 million accounts.

Read More about Yahoo data breach …

Quora

Just days after Marriott’s announcement, question-and-answer website Quora said a security breach compromised the data of as many as 100 million of its 300 million users. The data potentially accessed included names, email addresses and encrypted passwords, along with questions and answers posted.

Read More about Quora data breach …

Dunkin Donuts

The Dunkin‘ breach, which made up that late November-early December trifecta, involved only a “small percent” of DD Perks program members having their account usernames and passwords accessed, the company said.

Under Armour

Back in March, sports apparel merchant Under Armour disclosed an intruder had gotten the email addresses and login information of about 150 million users of its food and nutrition website, MyFitnessPal.

Breaches hit other big-name brands, too. In April, Hudson’s Bay, the Canada-based parent company of the Lord & Taylor and Saks Fifth Avenue chains, said hackers had stolen the personal and financial information of more than 5 million credit and debit cards used at stores in North America.

Facebook

About 29 million Facebook accounts were breached in September – originally Facebook said it was 50 million – with attackers getting sensitive personal information from nearly half of those users. Among the data accessed: phone numbers and email addresses, recent Facebook searches, location history and the types of devices people used to access the social network.

The revelations of that breach came during Facebook’s attempt to assure its 2 billion-plus users of its sincere efforts to protect personal information after Russian operatives spread propaganda on the network during and after the 2016 presidential election – and in the wake of the Cambridge Analytica scandal, in which the accounts of 87 million users were accessed without consent by the U.K-based political targeting firm.

Facebook’s “deliberate data practices are often as outrageous as their failure to use strong security,” Tellado said. “As badly as we need new laws to protect people from malicious hackers, we also need new laws and corporate norms to keep the companies we entrust with our information from selling it without our consent. So 2019 is going to see robust calls for new security and privacy legislation.”

Target

Breaches used to be isolated. One of the first big ones hit Target in 2013, affecting as many as 110 million people. When that happened, “you worried about your credit card or your Target data and any of that being leaked,” said Bart McDonough, CEO of Agio, a New York-headquartered information technology and cybersecurity provider.

But that breach was just a harbinger: Each escalating breach these days is interconnected, he says. That means cyber-criminals may be able to compile enough of a digital profile about you to trick you into revealing more.

“Now you think about what information do they know about me or my clients based on this breach that can allow the next breach to happen,” said McDonough, whose book, “Cyber Smart: Five Habits to Protect Your Family, Money and Identity from Cyber Criminals,” publishes Jan. 7.

That interconnectivity is only going to make each successive breach potentially more worrisome, McAfee’s David says. “You hear about all of these high-profile attacks,” he said. “Ultimately, there is so much data out there now that the bad guys are going to start using machine learning and artificial intelligence to sift through it all.”

Some simple tips to protect yourself:

Use unique passwords. Too many consumers still use “password” or “123456” as their password. “And the sad thing is they use it over and over again,” Davis said. He and McDonough recommend using a password manager such as LastPass or 1Password. Those also let you use two-factor authentication, requiring an additional step before access is allowed to your accounts. “It’s a defensive depth approach,” McDonough said.

Be suspicious of email. Seven out of 10 cyberattacks (71 percent) start with a phishing email, Davis says. “It’s obvious to me that people are still willing to click on either links or attachments in emails without a lot of thought,” he said. As cyber-criminals get bits of data about you, be careful not to accidentally give them more. “Especially this time of year, before you start clicking away, think through it for a minute – did you actually order something that would suggest that this shipper (or retailer) should be sending you a notice,” he said.

Update your software. Admittedly, it’s annoying, McDonough says. “But apply all the software updates on your devices as frequently as possible,” he said. “If you do these things you are dramatically better protected than the person who doesn’t.”

• Credit freezes and other measures. If you have been a victim of data misuse and are concerned about identity theft you can get a credit freeze. “(It) makes it a lot harder for identity thieves to open accounts in your name, and, since the Equifax breach, it’s free,” Tellado said.

You should also limit the personal information you give out, she says. “For example, if a retailer asks for your email address or phone number, you should politely decline,” Tellado said. Another smart move – install a tracker blocker such as Disconnect.me or Privacy Badger, she says, to protect against malware and ransomware delivered through online advertisements.

 Related Article Links:
Jan 20, 2019:Finally, a Breakthrough in Cyber Security Protection
Jan 26, 2019:Cyber-Hijacking Campaign Sets off Global Government Alarm Bells
Feb 01, 2019:Secrecy Reigns as NERC Fines Utilities $10M citing Serious Cyber Risks
Jun 12, 2017: CRASH OVERRIDE: The Malware that Took Down a Power Grid
Jan 03, 2019:Did IoT Cyberattacks cause NY Power Transformers to Explode?
Dec 28, 2019:New York sky turns bright blue after transformer explosion.
Jan 01, 2019:Your data was probably stolen in cyberattack in 2018
Jan 22, 2019:Cyber Attacks are leading to US Navy Collisions
Dec 28, 2018: Did IoT Cyberattacks cause NY Power Transformers to Explode?
Mar 15, 2018:Cyberattacks Put Russian Fingers on the Switch at Power Plants, U.S. Says
Mar 15, 2018: Cyberattacks Put Russian Fingers on the Switch at Power Plants
Nov 28, 2018:Russian Hackers Haven’t Stopped Probing the US Power Grid
Jun 07, 2018:The damage from Atlanta’s huge cyberattack is even worse than the city first thought
Dec 03, 1018:TOP 10 of the world's largest cyberattacks
Dec 15, 2017: A New Industrial Hack Highlights the Cyber Holes in Our Infrastructure

For more, check out Consumer Reports’ Guide to Digital Privacy and Security


Read article at USA Today …

 

Print Friendly, PDF & Email

Richard Spangenberg

About the Author: Richard Spangenberg, CEO and Executive Director of Digital Directorship & board member at several companies, is a senior c-suite level executive, innovative strategic marketing leader, and digital/big data/AI specialist familiar with digital transformation, cybersecurity, startups, and social media integration to existing programs.