Another day, another report about a company exposing its customers’ personal information to hackers or other unintended audiences.
On Wednesday, Panda Restaurant Group (parent company of Panda Express, Panda Inn and Hibachi-san) revealed Hackers had obtained personal data Unknown number of diners. In recent weeks, Kaiser Permanente and AT&T announced unauthorized data releases that affected millions of their customers.
The specifics of what information is exposed in such events vary, but even the most general information companies collect from us is useful to hackers, scammers, and data brokers. Is.
Panda said the breach occurred in early March and affected only its corporate systems, not its in-store operations. The exposed data included customers’ first and last names and driver’s license numbers or non-driver identification cards.
Kaiser notified 13.4 million Its members say some data about searches for medical information made by patients on Kaiser’s website may have inadvertently been disseminated to Google and other search engines and media platforms. Other pieces of information that could have been compromised are IP addresses, account usernames and data on how members use the Kaiser website.
“These nuggets of information are being fed into databases that know a lot about you,” said Teresa Murray, director of the consumer watchdog organization. US Public Interest Research Group,
The pieces of information collected are put together to compile a profile of a person, which is then sold, Murray said.
A data breach may happen immediately, but the impact of your information being stolen may take time to become apparent. For example, it could take weeks, months or even a year for your stolen credit card information to be used to make fraudulent purchases, Murray said.
AT&T notified 7.6 million Current customers and 65.4 million former customers say their data from 2019 or earlier was exposed on the dark web in mid-March. The information exposed does not include personal financial information or call history, AT&T said,
According to Murray, large-scale online data breaches have been going on for more than a decade, beginning around 2013, when credit and debit card information at Target and Home Depot were compromised.
What has changed substantially is how much personal information about Internet users is being captured and collected from company servers. Hackers are destroying a variety of data points about people, including their email addresses, bank account information, Social Security numbers and location.
This is happening because the average computer, smartphone and smart device user is putting too much information online, making it vulnerable to hackers, said Iskandar Sanchez-Rola, director of privacy innovation for Cybersecurity Network. General,
Retailers and service providers don’t help the situation by asking for so much personal information when a customer is creating an online account. If a company’s server is breached, all that information becomes unsafe.
Experts say to provide only the necessary information when you’re signing up for an account. If a field is optional, leave it blank.
But what can you do if you have been affected by a data breach? The first thing is to stay calm, Iskandar Sanchez-Rola said.
It can be scary and overwhelming to hear that your information is in the dark web, but Sanchez-Rola says you can take solace in knowing that it’s highly likely that you or someone close to you has been exposed to a data breach before. are done. In other words, you haven’t become the new victim – you probably already were.
Security experts say that after a data breach is reported, several other steps need to be taken to prevent hackers and scammers from using the information for fraudulent activity. Here are his tips.
Make sure the breach notification is valid
When you sign up with a service provider, you typically tell the company how to alert you about fraudulent activity or data breaches. The message may reach you by phone, email, text, or mailed document.
The problem is that scammers can easily pose as a company and attempt to reach you through any of these means of communication.
A fake letter or email may use a logo similar to that of a company you have done business with. A fake notice may also include information that is familiar to you because hackers have access to your personal information, Sanchez-Rola said.
Experts say the best way to verify whether a notice is legitimate is to contact the company that allegedly sent it. If you receive an email or text stating that your credit card or banking information has been stolen, take your credit or debit card and call the customer service line, then call the fraud department to speak to the Say for.
If this is a notice from a retailer or service provider, do not click on the link in the note or call the provider’s phone number. Visit the company’s website freely, find the contact information for customer service and get in touch directly.
When you search online, don’t go by the first number that comes up in Google search results because it could be false or a scam, Sanchez-Rola said.
Your information has been stolen, what next?
Once you’ve verified that your information has been exposed — or if you want to protect yourself from future breaches — Murray and Sanchez-Rola suggest taking the following steps:
Update your contact information. If you’ve moved, changed jobs or got a new phone number, call your banks, credit card companies, investment firms and other financial institutions you do business with and give them your current contact information. . If fraudulent activity is occurring, you will want these financial institutions to catch you quickly.
Sign up for bank alerts. Most major banks and credit unions offer text or email alerts for large purchases or when someone tries to open a new bank or credit account in your name.
Update password. Bank, email and other sensitive accounts should have unique passwords. If you use the same password or different variations of the same password for all your online accounts, they are all vulnerable.
You should set up two-factor authentication when it’s available to provide an additional layer of security beyond your password. The option lets you verify who you are, usually by text or an authenticator app. Using an authenticator app is a little less convenient, but it’s a more secure method.
Put a pause on your credit report. A security freeze prevents new lines of credit from being opened in your name without the use of the personal identification number that is issued when you start it.
To perform a security freeze, you may need to provide information that identifies you to the three major credit bureaus – Equifax, Experian and TransUnion – including your full name, Social Security number, date of birth, current and previous addresses . A copy of your state-issued identification card and a recent utility bill, bank statement or telephone bill.
The only downside to a security freeze is that it may delay your ability to get credit, a product or service that requires a credit report, such as when you try to rent a new apartment. To solve that problem you have to temporarily remove the pause.
Set up fraud alerts. If you were alerted to possibly being a victim of fraud, you can set up a fraud alert. You can set up one with any of the three major credit bureaus; This prompts lenders to take extra steps to verify your identity before extending a new loan. Early Fraud Alert is free and will remain on your credit file for at least 90 days.
If you are a victim of fraud or identity theft, you should file a police report and provide the police with copies of your credit report, any relevant correspondence and disputed bills.
For your records, keep a log of your conversations with creditors, law enforcement officials, and other relevant parties.
Review your credit report. The Federal Trade Commission recommends that you periodically review your credit report and account statements. You can get a copy of your credit report directly every 12 months Equifax, experian And transunionor by visiting annualcreditreport.com Or call (877) 322-8228.
When you receive your report, look for credit inquiries you didn’t initiate or that you don’t recognize, as well as incorrect information, such as an incorrect home address or Social Security number.
When reviewing your report, if you see something you don’t understand, call the credit bureau at the telephone number listed on the report.
If you notice any suspicious activity on an account, you should immediately notify the financial institution or company maintaining the account. You should report any suspected fraudulent activity or identity theft to law enforcement.
