It’s getting old, we know.
But it never gets less nerve-wracking to hear an institution you’ve trusted with your information, was just breached. Or WAS breached last year and you’re JUST now hearing about it.
The latest large-scale breach happened last week, and it affected 100 million people.
What’s in your wallet? If it’s a Capital One credit card, your social security number and personal information could be circling Dark Web auction sites as we speak. Uh-oh.
So how do you know if you’ve been compromised?
Not all companies that experience a breach have told their affected customers. On occasions such as the recent CafePress data breach this week, an email was sent out urging customers to re-set their account passwords. If you’re ever asked to do the same thing, there is a possible chance it’s because of a hack. We advise re-setting your password regardless (just for safe measure).
However, if you hear that an institution you’ve used has been breached – visit their website, they most likely have a way to find out if you’ve been compromised already in place. In some cases, there is even a settlement for those who have had their information stolen, i.e. Equifax.
There are also websites you can access like www.haveibeenpwned.com that will tell you if your specific email was compromised and in which breach. Keep in mind this does not tell you if your information is on the Dark Web.
If you’d like to find out, DarkHound can run a complimentary Dark Web scan for an email or business domain and let you know within minutes. Visit www.darkhoundsecurity.com to get started.
So, you’re one of the unlucky millions in the US who has been compromised?
First of all…you’re not alone.
• Try to pin-point what information was leaked, email, social-security number, bank account information, credit card numbers etc. Then, as previously mentioned you will need to immediately change the passwords for all affected accounts – passwords are easily guessed or cracked so think about using a longer “phrase” rather than your dog’s name and birthday (did we guess it!?).
• If 2FA “two-factor authentication” is offered as additional security for any account, use it. An example is a security question (pick the hard ones, or type in your own) or a code sent as a text to your cell phone.
• A hacked email account can be dangerous because any time you hit “forget password” on a website, you’re sent an email to re-set it. See how that can snowball? Make sure you have more than one email address, just in case, and have each be the alternate contact for the other. A hacked email can also result in a lot spam, and some potentially irritating emails to contacts that wasn’t actually you asking for money (sorry Uncle Max).
• If it was a breach involving a financial institution or leaked credit card information, look for unexpected charges on your bill. Even the smallest unknown charge could be thief testing to see if it’s safe to use. Your bank may detect the fraudulent activity and decline it, or for peace of mind you can have a new card issued and sent to you within 5-7 business days. Also check credit-monitoring to ensure no one has opened a line of credit in your name without your knowledge – that can get messy.
• An open line of credit could mean a stolen Identity, which is both complicated to remediate and costly. After ordering your full credit report to understand what took place, you’ll need to make an official identity-theft report to The Federal Trade Commission www.ftc.gov.
This is a lot to take in!
We know all of this will take an investment of time (and involve diligence and a good password manager), but we promise you won’t regret the satisfaction of knowing your information has a better chance staying where it belongs.
If you need help with your managed security services contact DarkHound SecOps at [email protected].
–Emmy Seigler
Sources:
https://www.tomsguide.com/us/data-breach-to-dos,news-18007.html
https://www.pcmag.com/article/321338/what-to-do-when-youve-been-hacked