Pay attention to data breach notifications
In the 15 years that the Identity Theft Resource Center (ITRC) has tracked data breaches, the record was 1,529 breaches in 2017.
That number was surpassed last November with one month to go.
The ITRC tracked 1,580 breaches through last November, with notable recent breaches involving Costco, web hosting company Godaddy and stock trading platform Robinhood. Information compromised included full names, birthdates, usernames and passwords, and credit card numbers.
The ITRC has attributed some annual increases in the number of data breaches in part to more reporting by businesses, government agencies and other organizations.
Now it’s concerned that trend has reversed to some extent and that its current count is low. Some authorities are becoming more reticent to discuss data breaches and one state has apparently stopped posting notices altogether.
The ITRC says, “There has been an increase in a lack of transparency in breach notices at both the organization and government levels that, if it continues, could lead to a significant impact on individuals. Withholding important information or failing to post notices on a timely basis may serve to prevent individuals from taking actions to protect their identities.”
While individuals can’t prevent the hacking of a database containing their information, the ITRC and BBB recommend taking notifications of a breach seriously and reacting quickly to reduce the chances the information is used to commit identity theft.
Crooks may wait years before exploiting stolen information, sometimes aggregating it with information stolen from other databases.
Unfortunately, in a survey conducted with Dig.works, the ITRC found that while most consumers have been the victim of a data breach, few took strong actions to protect themselves after being notified.
A “shockingly high” 16% took no action. Only 11% took advantage of free data and credit monitoring services offered by the organization that was hacked. Survey respondents cited these reasons for taking little or no action:
“My data is already out there.”
They believed the organization involved would address the issue.
They didn’t know what to do.
They thought the notice was a scam.
One vulnerability with a data breach is that approximately 85% of people use the same password to some degree on multiple accounts.
In what’s known as “credential stuffing,” crooks use automated systems to try and access databases with user names and passwords stolen from another database. Yet only 22% of participants in the survey changed passwords on all of their accounts after being notified of a breach.
In response to these findings, the ITRC says organizations should review how they notify consumers about data breaches with the goal of reducing the level of inaction. They should also recommend consumers reset any password that is not unique and offer Multi-factor Authentication, which requires one or more additional verification factors.
The ITRC and BBB also recommend that you: Be careful sharing information on social media that could be combined with information from a data breach to victimize you.
Contact your financial institution for advice if a card or bank account is compromised.
Check your statements as soon as you receive them.
File a fraud alert with the credit reporting agencies and strongly consider putting a credit freeze on them. Sign up for free credit monitoring if it’s offered. Randy Hutchinson is the president of the Better Business Bureau of the Mid-south. Reach the BBB at 800-222-8754.