Data breaches have become uncomfortably common. In the past five years, more than six billion user accounts were hacked during the six biggest data breaches alone. With hacker attacks occurring every 39 seconds in the US, it’s easy to become despondent, and complacent about cybersecurity.
When that threat hits home, peoples’ lives change: Hackers steal $1.75 million from Catholic Church in Ohio (April 30, 2019)
Even though you may already be the victim of a data breach, you still need to stay vigilant every single day. After your data is stolen, it is often sold on the dark web.
These are the five key information targets during the biggest data breaches in modern history:
- Your full name
- Email address
- Physical address
- IP address (each computer on the internet has a unique numerical ID defining it's physical location.)
- Credit card information
We asked Norm Hinman, Roseville’s cybersecurity administrator, for his advice about staying safe in the face of seemingly endless cyber-dangers:
- After so many data breaches, is there any practical reason for users’ continued cybersecurity practices? Isn’t all my information already out there? Why should I care? You should care because every breach is different. If you haven’t switched to strong different passwords for every system you log into, the next breach or even a previous breach could provide thieves with the password needed to access your email and your bank, retirement accounts, credit card logins, etc. To help protect yourself, you can use sites like HaveIBeenPwned.com, Identityforce.com, or many of the ID theft protection subscriptions to notify if you are the victim of a new breach and to check if your email was involved in any previous breaches.
-
There’s been thousands of cyber-attacks in the past few years and I haven’t noticed any direct effect on my life or my family. Why should I be concerned? Much of the stolen data from these hacks and data breaches is up for sale on the Dark Web. Years after the initial breach, it can be purchased and used to attack you. Maintaining vigilance is essential to protect yourself should your data be used in a future attempt to steal your identity.
- OK - you’ve convinced me – what’s the best course of action for me moving forward? You can secure all of your existing logins by using different strong passwords on each system and by enabling a multi-factor authentication such as Google Authenticator. Going forward, continue to follow safe-computing practices for all new accounts you set up. You can’t change your past but you should care about how easy it is for strangers to access this existing data. Information about your past such as family history and past addresses can be used to steal your identity by enabling criminals to answer password reset questions, etc. For now, the US does not have laws to prevent data brokers from compiling and selling information about you. What you can do is request them to delete your information. There are many of these sites and each of them seems to have a different procedure to request deletion of your data, but it is worth doing to protect yourself. Here is a list of data brokers and links to their opt-out forms.