Double Data Breach Day
Category
Awareness, News
Risk Level
These days it seems that only three things are certain: death, taxes, and data breaches. We hear about data breaches all the time, but what exactly does a data breach even mean, and more importantly, what does it mean for you? Let's start with the first part:
“What is a data breach?”
In its most basic form, a data breach is when information is exposed to someone who should not have access. While most data breaches that you hear about in the news are related to passwords or credit card information being stolen by a hacker, a data breach can also include your personal information, health information, or proprietary information from the organization you work for. These are all things that shouldn't fall into the wrong hands.
“Ok, but what does it mean for me?”
Data breaches can be tricky because you have to understand what has been taken and how you can protect yourself from that information being used inappropriately. For example, if the news reported that passwords had been stolen from a website, you would change your password for that website. Or, if your credit card number gets stolen, you usually report it to your credit card company and receive a new one.
“What happened this time?”
In the past few weeks, two data breaches were disclosed for two popular services: DoorDash and Words with Friends. We won’t dive into how they happened in these posts (we’ll save that for our water cooler talks), but we will break down what sensitive information has been reported as being stolen. While other information was stolen, we’ll only list the main sensitive information about you.
If you use DoorDash to have food delivered to your door at the push of a button, you and 4.9 million people had their information stolen. You can read more about all the information stolen here, but we’ve listed the main information that could really impact your life below:
Your name;
Your email address;
Your phone number;
Any delivery addresses you’ve used;
Your password;
Your driver’s license number (If you’ve ever been a delivery driver for DoorDash).
If you are still stretching your thesaurus (no cheating!) and playing Words with Friends or translating words to pictures with Draw Something, gaming giant Zynga reported a security breach in September. You can read more about all the information stolen here, but we’ve listed the main information that could really impact your life below:
Your name;
Your email address;
Your login ID;
Your password;
Your phone number (if provided);
Your Facebook ID (if connected) - this is the name that shows up in the URL of your Facebook profile (i.e. www.facebook.com/hivesystemsllc).
“What should I do?”
For each type of sensitive information that was stolen, there are a number of actions that you can take to mitigate the effects of the data breaches. The hard part is that many types of sensitive information have been exposed in so many data breaches, that it’s almost not private anymore. However there are still things you can do to protect yourself:
NAME
Unfortunately, there’s not a lot you can do to protect your name if it has been stolen in a data breach. Buying services like identity theft monitoring can help, but the best way is by freezing your credit. Check out our easy to follow guide for more information.
Your email has likely become an extension of your name at this point, so how do you protect it? Unlike your name you have a few options. Changing it is not advised because that means you’ll have to update your family, friends, and websites with your new address. Instead, make sure you stay alert for phishing emails (emails that try to trick you into doing something bad) since your email has probably been added to a spam list and you’ll be receiving more junk email soon. We’ll have an upcoming series on phishing soon.
You should also make sure that the password you use for your email is not the same password that was stolen during the data breach.
PASSWORD
While there are a number of ways companies protect your passwords when they are stored online, some companies do it better than others. For example, it looks like DoorDash did the right things, however it’s safest to always consider the information stolen after a data breach. So what should you do? Change your passwords for these two accounts right now. Even more important, if you used these passwords somewhere else, like your bank, change those passwords too (hint: they should be different).
If you’re wondering how to remember all these passwords, check out our post on password managers.
LOGIN NAME/ USERNAME
That bad part about your login name/username is that it can be connected to two other information types mentioned here: 1. Email; since your login name could be your email address; and, 2. Password; if you have reused your password elsewhere, someone could use your login name/ username and password on another website and access the information there. The best way to protect yourself is to follow the tips in the “Email” and “Password” sections.
FACEBOOK ID
If your Facebook ID is lost in a data breach, it’s best to change your password for Facebook as well; especially if it shares the same password as the websites that had a data breach.
PHONE NUMBER
When your phone number is stolen, it usually gets added to a call list for scam calls. These could be fake calls from “the IRS,” “the Chinese Consulate,” “your boss,” or someone with “a great vacation offer.” While the government and telephone companies are trying to figure out how to reduce the number of calls coming through (including the fake calls that come from your own number!), it’s best to not answer any call from a number you don’t know. If you do answer, be skeptical, and ask to call them back on a number you know or that you can search for online (like for a business).
ADDRESS
Unfortunately your address isn’t virtual and you can’t just “reset it”. So what can you do? Most likely no one is going to come visit you, but they may try to use your address to apply for a new credit card. The best way to stop this is with a credit freeze which you can put in place with our easy to follow guide.
IDENTIFICATION (DRIVER’S LICENSE) CARD NUMBER
Depending on your state, you can file for a new identification or driver’s license card number. This often requires proof of a data breach in the form of a police report that can be filed with local law enforcement, but may be worth it if you are concerned about identity theft or someone opening a new bank account with the information.
If you or your organization are struggling to find a way to keep up with the latest data breaches, let’s talk about a Vulnerability Assessment today to find out how to identify your sensitive information, and how to keep it safe.