All You Need to Know About Data Breaches

hands on a computer keyboard with security lock icons superimposedIf you follow the news, you’ll note that there seems to be another major data breach monopolizing headlines every week. The details vary, but in each breach, thousands, millions or even billions of victims’ sensitive information is compromised, and they’re now vulnerable to identity theft unless they take immediate action.

Here at Advantage One Credit Union, your financial success and safety is our primary goal. To help keep your information and your finances secure, we’ve compiled a comprehensive guide on data breaches.

What is a data breach?
Data breaches occur when sensitive information is accessed or used without authorization. Factors like a wealth of online data and sophisticated hacking tools have spurred a steep increase in data breaches in recent years, causing tremendous damage to individual consumers and businesses across every industry.

Data breaches occur by exploiting vulnerabilities in a company’s security system. Alternatively, an employee can be tricked into giving a cyber-criminal access to the company’s network.

The goal of most data breaches is to obtain personal information, like names, email addresses and passwords, as well as financial information, like credit card numbers and account details. This information is used by criminals to steal identities and empty accounts, or sold to other criminals who will then do so.

While major data breaches make headlines, according to the Identity Theft Resource Center, there is an average of three data breaches each day, most of which will never even make the news.

After a data breach
Whenever you hear about a major data breach that can possibly affect you, it’s best to monitor your accounts for suspicious activity. In most cases, you will be notified by the victimized company if your data has been compromised; however, it helps to keep an eye on your accounts even if you haven’t been contacted so you can minimize your loss by acting quickly if your are among the unfortunate victims.

If you’ve been victimized by a breach
If you’ve been informed your information is compromised by a data breach, take the following steps immediately:

  1. Freeze your credit
    Placing a freeze on your credit is the most crucial step you can take to stop scammers from getting at your information. A credit freeze will not bring down your credit score, but it will serve as a red flag for lenders and credit companies by alerting them to the fact that you may have been a victim of fraud. This added layer of protection will make it difficult, or impossible, for hackers to open a new credit line or loan in your name.

    You can freeze your credit at no cost at all three of the major credit bureaus, Equifax, Transunion and Experian. You’ll need to provide some basic information and you’ll receive a PIN for the freeze. Use this number to lift the freeze when you believe it is safe to do so.

  2. Change your passwords
    Most people are on the alert following a major data breach, but they tend to let their guard down once the heat is off and things calm down. Hackers know this, and they’ll often hold onto victims’ information immediately following a data breach and then sell it months down the line to other identity thieves. To protect your accounts from a delayed-reaction hack, change all of your passwords after a breach that possibly has affected you.
  3. File an identity theft report
    Unfortunately, these protective measures can sometimes be too little, too late. If your accounts have been compromised, and you believe your identity has been stolen, file an identity theft report with the Federal Trade Commission (FTC) as soon as possible. This will assist the feds in tracking down your hacker(s) and returning your finances to their usual state as quickly as possible.

Protecting your information
There’s no fool-proof way to protect yourself from a data breach, but following these simple steps can help keep your information as safe as possible:

Monitor your credit.
Check your credit accounts for suspicious activity on a regular basis. You can request a free credit report from each of the three major credit bureaus once a year at AnnualCreditReport.com. You may also want to consider signing up for credit monitoring, a service that will cost you $10-30 a month for the promise of notifying you immediately about any suspicious activity on your accounts.

Use strong, unique passwords.
Use a different password for each account, and choose codes that are at least eight characters long. Also, use a variety of numbers, letters and symbols. Vary your capitalization use as well, and don’t utilize any portion of your name, phone number or a common phrase as your password. Using a password manager like Dashlane or iPassword can also help keep your information safe. It’s also a good idea to choose two-factor authentication when possible, and non-password authentication, such as face recognition or fingerprint sign-in, for stronger protection.

Browse safely.
Never share sensitive information online and always keep your security and spam settings at their strongest levels. Make sure your devices are fully updated at all times. It’s also a good idea to keep your social media accounts as private as possible.

Hackers never stop trying to get at your data, but with the right protective measures in place, you can keep them from seeing success.

Your Turn:
How do you protect yourself from data breaches? Share your tips with us in the comments.

Learn More:
forbes.com
malwarebytes.com
searchsecurity
experian.com

What’s Up With WhatsApp?

WhatsApp Logo on green backgroundA cybersecurity breach in Facebook’s WhatsApp app last month left users vulnerable to spyware attacks via voice calls. An undetermined number of the 1.5 billion users of the popular messaging app may have had malicious spyware installed on their devices.

Let’s take a closer look at the security breach and the steps you can take to protect yourself, both now and in the future.

What happened?
Security breaches are old news in the app world, but a breach of extremely high magnitude and reach is something new and fairly frightening. The fact that the breach hit WhatsApp is especially alarming. WhatsApp utilizes strong encryption for both voice and text messaging and is used as a communication platform for government and security officials around the world.

Here’s how it went down:
A government-grade intelligence collection tool was employed to target WhatsApp users via voice calls. The spyware has been endowed with the ability to seize control of the affected smartphones and to access any private information stored on the device.

The spyware utilized in the attack was allegedly created by the NSO Group, an Israeli cyber surveillance company that has developed this advanced technology for the express purpose of allowing government agencies to infiltrate terrorist groups and to fight crime. Unfortunately, when the spyware fell into the wrong hands, it helped scammers pull off one of the greatest cybersecurity breaches of all time.

The Financial Times reported that the WhatsApp breach was made possible because of a loophole in the app’s code that allowed hackers to transmit spyware onto smartphones by calling targets through the app. The malicious code could be injected into the device whether the user picked up the call or ignored it.

According to WhatsApp, the cyber breach was first discovered in early May and had been used to target an undisclosed number of WhatsApp users. The Facebook-owned messaging company claimed it briefed human rights organizations about the breach and also asked U.S. law enforcement agencies to assist it in conducting an investigation. When WhatsApp had more definite information, it notified the public about the breach.

Who was affected?
It doesn’t matter what kind of phone you have; the security vulnerability affects both iPhone and Android devices. The good news is that not every version of WhatsApp was affected. To check whether the version you have on your phone was part of those impacted by the breach, check out Facebook’s official advisory confirming the vulnerability, which outlines which versions were affected.

The messaging giant has not confirmed a specific number of targeted victims. Rather, it has only shared that a “select number of users were targeted through this vulnerability by an advanced cyber actor.”

What do I need to do now?
Since the vulnerability that caused the breach lies in the makeup of the app and not in an unsafe or negligent practice in the hands of a user, there is no way you could have prevented your device from being affected. However, now that the facts are on the table, you can take the recommended steps to keep your device safe from this vulnerability.

Since the breach was discovered, WhatsApp engineers have been working hard to close the app’s security vulnerability. The company has started installing a fix to servers and to private customers. It has also created an updated, safer version of the app that it has urged all users to employ on their devices as soon as possible.

Here’s a quick guide for updating your WhatsApp.

  • For iPhone users: Open the App Store, choose updates, select WhatsApp and then click Update.
  • For Android users: Open the Play Store, click the three lines in the upper left-hand corner, choose My Apps & Games, select WhatsApp and then hit Update.

If you haven’t yet updated your device, do it now. It only takes a few seconds of your time to make sure your WhatsApp is operating at its safest level.

You never know when those scammers are going to hit next. Practice safe measures by always using the latest version of any application or operating system, keeping yourself in the know about recent security breaches and never sharing sensitive information online.

Stay safe!

Your Turn:
How do you keep yourself safe from security breaches? Share your tips with us in the comments.

SOURCES:

https://www.iol.co.za/news/south-africa/gauteng/consumerwatch-what-you-should-know-about-whatsapp-breach-23607175

https://www.people.com/human-interest/whatsapp-security-breach-update-app/amp/

https://www.forbes.com/sites/zakdoffman/2019/05/14/whatsapps-cybersecurity-breach-phones-hit-with-israeli-spyware-over-voice-calls/amp/

What The Data Breaches At Uber And PayPal Tell Us

Uber Logo and PayPal logo on white backgroundQ: I’ve been hearing about security or data breaches at some large companies I do business with. I’m worried that something like this might result in harm to my credit. What exactly is a data breach and what can I do to protect myself?

A: As our digital world expands, so does cyber crime. Two companies that recently experienced major data breaches are Uber and PayPal. Chances are, you’ve done business with one or both of these companies. To protect yourself against these and future breaches, arm yourself with knowledge and good habits.

Just what is a data breach?
When a criminal gains access to data sources and sensitive information such as credit card numbers, passwords and license numbers, this constitutes a data breach. Such access can be physical, like when someone has access to your phone or computer. The information in your device can be copied (or ported) to another device. More often, and more nefarious, is virtual thievery accomplished by a number of means, such as bypassing the security measures put in place by you or a company that stores your info in some way. Cyber criminals at Uber and PayPal used this method to steal data.

What happened?
As more people are connected to the Internet and use online services, data breaches are increasingly more common. Uber’s breach exposed the personal information of 57 million customers and Uber workers in 2016. It included names, phone numbers, email addresses, and license numbers. While sensitive information like birth dates and credit card numbers were not exposed, many of these can be attained and paired to the exposed information. PayPal also had a large data breach that potentially impacted 1.6 million customers.

This stolen information can be then used in many ways, including setting up accounts to establish a new identity. It can also be used to use to steal a person’s identity.

How can you protect yourself?
No one who uses the Internet to transact business is completely secure from threats of breaches like these. However, experts in cyber security have some suggestions to lessen your vulnerability.

Do not log into accounts using Facebook. When you log in this way, you are allowing Facebook to access more information about you and you don’t have control over how this data is used.

Don’t give out too much information. The University of Western Australia’s Centre for Software Practices suggests not giving your age and birth date when filling out profiles. You can make up a birth date and even choose your opposite gender. When using social networks, limit the information you make available. Identity thieves can make quick use of your birth date and hometown. Don’t post these in your profile.

Use more than one email account. For social media, using more than one email account can help to keep your data from being accumulated in one place. If you have a large amount of data in one place, losing it all at one time can potentially do greater damage.
Be password smart. A surprising number of people use the same password for many sites. This is a problem because if one of your sites is compromised, hackers can try that password on other sites. While it may not be convenient, it is smart to use a different password for each site you use. Every password should be strong with a unique combination of letters, numbers, and symbols.

Another option is to use a password manager to generate passwords and store them in an encrypted database locally or remotely. An un-crackable password goes a long way to protect your data.

Limit your use of credit cards online. Ironically, given the subject of this article, using PayPal is safer than using credit cards when online. PayPal limits the information you are providing. In fact, no customers were harmed in the PayPal data breach.
Change identifying information. Pick a new birth year or change your gender on social media profiles. This helps to keep information about you from being linked with information from other sites.

Practice good data management. Check all of your account statements regularly. Look for suspicious items and set alerts to notify you when a large purchase is made.

Check to see if the apps you use are storing information. Some apps actually collect and sell information. Install updates for your apps because the updates typically include more advanced security, or close existing gaps that were recently discovered and exploited.

Your Turn:
Unfortunately, almost everyone has a nightmare story about a personal data breach situation. What is yours? How did you handle it?

SOURCES:
https://www.theguardian.com/technology/2017/nov/21/uber-data-hack-cyber-attack
http://www.zdnet.com/article/paypals-tio-networks-reveals-data-breach-impacted-1-6-million-users/
http://www.abc.net.au/triplej/programs/hack/how-to-protect-yourself-from-an-uber-hack/9181672