Dayton Daily News

Data hacks still require vigilance

- By Holly Shively

When Target announced in 2013 that up to 40 million customers had their credit card informatio­n stolen, the world was shocked. Five years later, data breach hacks have become routine and people have grown fatigued to the news.

In the last month alone, the Dayton Daily News has reported on three cyber breaches that could have left the personal informatio­n for area people exposed for malicious use — a growing trend that often is at no fault of the victim.

“With the technology evolving — and every day it gets better — it makes our lives so much easier because we have access to everything with the touch of a finger. But it also makes it very easy for scammers and people that are operating less than legitimate­ly to get access to our informatio­n,” said

John North, president and CEO of the Dayton Better Business Bureau.

Early last month the third party patient eligibilit­y and billing service provider for Premier Health, Nemadji Research Corporatio­n, said that patients of the local hospital system could have had their informatio­n exposed after an employee with the research firm fell victim to a phishing email.

When Equifax reached a $700 million settlement of its March 2017 breach in midJuly, many Americans, including in this region, found out for the first time that their informatio­n was accessed during the breach. It’s still unclear who stole the informatio­n and what has been done with it.

And last Monday, Capital One announced that 100 million credit card applicatio­ns and 140,000 Social Security numbers were accessed in a hack when its own software engineer Paige Thompson allegedly exploited a “configurat­ion vulnerabil­ity.”

“The old theory...was the larger the organizati­on, the more money that they invest in security, the more secure my data should be. And it’s turning out that it’s almost the complete opposite,” said Shawn Waldman, CEO and founder of Miamisburg-based Secure Cyber Defense.

Instead, those organizati­ons that are most trusted by consumers are a bigger target because cyber thieves have more to gain, and larger organizati­ons have so much data they have trouble keep- ing track of it all.

“As a protector of the system... I’m basically defending multiple fronts, and (hackers) are only having to attack me on one front. And I won’t know what that is until they break it,” said Tom Skill, chief informatio­n officer at the University of Dayton.

“Hacking fatigue”

Even before the Target hack in 2013, Heartland Payment Systems had a 2009 breach that affected 130 million and Sony’s 2011 breach impacted 100 million.

“We’ve gone almost 10 years of continuous compromise­s of data,” Waldman said. “The world has become immune to it. I think we see it in the news and we go, ‘Oh, OK. My data’s been compromise­d again.’ ”

In 2014, 76 million house- holds and 7 million small businesses were impacted by a J.P. Morgan breach, followed by 79 million at Anthem in 2015, 117 million at LinkedIn and 3 billion at Yahoo in 2017, 148 million at Equifax in 2017, 339 mil- lion at Marriott in 2018 and 106 million at Capital One this year.

Several other s maller breaches happen every single day, Waldman said.

The number of cyber attacks have grown so much in the last decade that cyber security spending is expected to reach $6 trillion annually by 2021,up from $3 trillion annually in 2015, according to a report from Cybersecur­ity ventures.

The running line of stolen informatio­n has resulted in what Dunlevey and other experts call “hacking fatigue.” That fatigue can lead to a false feeling of security, know- ing that data has been out there for years but hasn’t been used maliciousl­y and thinking there’s no way to stop it, Waldman said. But that doesn’t mean there’s nothing that can be done.

“Just assume your data was stolen,” Dunlevey said. “Be vigilant. They’re not going to stop.”

What can help?

Living without credit cards that are often a source of scams, along with loans and other forms of credit, would drasticall­y change life, and isn’t a change people will make, North said. But that doesn’t mean they have to accept that they’re always at risk.

“Majority of consumers don’t do the proactive measures,” Waldman said. “I don’t know if it’s because of the false sense of security or the ‘I’m going to give up’ type thing,’ that they don’t do it, but consumers should practice the basics.”

The first step, whether someone has credit or is young and hasn’t opened any cards or taken loans, is to find out what informatio­n is out there, North said. Free credit reports can be pulled online once a year from each of the major credit reporting agencies and there are also free online tools like Credit Karma that show updated scores.

“Even if you don’t have credit, you should go on one of the free sites and get that credit informatio­n … to make sure that there’s not any incorrect, erroneous infor- mation out there on you,” North said.

If there is wrong informatio­n, then credit reporting companies won’t know that and it will be a long process to sort it out, he said.

When starting to search for cards, Dunlevey said to make sure consumers only provide informatio­n on websites that have an SSL certifi- cation indicated with a padlock and https in the web address bar.

“You want to make sure that you understand first how that personal informatio­n is going to be used. You want to make sure that there are safeguards in place to protect that informatio­n. You want to be sure that the company that you’re providing that informatio­n has the proper technology,” North said. “Then it’s up to the consumer.”

Consumers should regularly monitor their credit, whether on sites like Credit Karma or with a service. Both Capital One and Equifax are offering free credit monitoring services to those affected by the breeches, or a refund of up to $125 for those who purchased the service them- selves after the Equifax hack, Dunlevey said.

It’s also important to watch credit statements closely, Waldman said. It’s easier to dispute purchases imme- diately than waiting. Debit cards can bea major concern because that money isn’t as easily returned as on credit cards, Skill said.

“The one thing that I think people should really consider doing is going ahead and freezing their credit infor- mation,” Skill said. “By doing that, regardless of whether or not people get your Social Security number, your date of birth, they cannot go in and do any kind of financial activity using your name of identity without having the special code you get that is unique to you.”

Creditfree­zes can be incon- venient because every time a consumer wants to request an additional credit line, they have to find out what credit reporting agency the com- pany will get a report from and call it to unfreeze the account. But it’s also the best way to make sure no one else is using your identity, Skill said.

After hearing about the Capital One breech this week and getting an alert that someone else tried to spend more than $4,000 on his credit card, Scott Drew of Greenville decided to freeze his credit. He isn’t aware of being impacted by any of the hacks, but said now it doesn’t matter as much because thieves can’t use his informatio­n to open other accounts.

“You can put safeguards in place and all you do is make smarter criminals out of that because they find their way around it. And that’s just the way it has been,” Drew said. “But I think everybody should be proactive and do everything they can. I would rather make myself as hard a victim to get to as possible and instead of working on me they’ll go somebody else.”

Additional tips include using firewall, anti virus, strong and unique passwords, avoiding phishing scams by learning the signs, updating software and not giving any personal informatio­n over phone or email unless the receiving end has been verified as legitimate, Waldman said.

Yearslong impact

Staying vigilant will remain increasing­ly important as the hackers continue to develop new techniques, Dunlevey said.

“I think it’s going to continue to ramp up. I don’t think of Capital One as a lackadaisi­cal company. They had a bad actor working for them and it could happen everywhere,” Dunlevey said.

And the increased attention to data hacks is like a “dinner bell for thieves,” she said.

Consumers now need to beware of increasing scam calls and emails claiming to be from Equifax or Capital One, asking for informatio­n to verify the consumer in order to set up repayment or free security monitoring. Those calls are likely scammers, Dunlevey said. Credit card companies, the IRS and banks already have your informatio­n and will never call or email to verify it, she said.

The stolen informatio­n can also sometimes take years to work its way through the Dark Web and other illegal channels, Waldman said. While credit card numbers are often sold and used immediatel­y, Social Security numbers, mothers’ maiden names and driver’s license numbers often have a far longer shelf life.

“As long as money drives what we all do, at the end of the day that’s what this is all about. If I’m stealing your identity, I’m doing it for financial gain. If I’m getting your credit I’m doing it for financial gain. It’s all driven by money,” Waldman said.

?? EMONHASSAN / THE NEW YORK TIMES ?? A Capital One Bank branch in Manhattan on Tuesday. A hacker compromise­d the informatio­n of more than 100 million Capital One credit card applicatio­ns and is accused of stealing 140,000 Social Security numbers.
EMONHASSAN / THE NEW YORK TIMES A Capital One Bank branch in Manhattan on Tuesday. A hacker compromise­d the informatio­n of more than 100 million Capital One credit card applicatio­ns and is accused of stealing 140,000 Social Security numbers.

Newspapers in English

Newspapers from United States