by LONDON (AP) – Data breaches like the latest one affecting millions of AT&T customers are becoming almost routine.
As more of our lives go online, our personal details such as email addresses, phone numbers, dates of birth and even passcodes are becoming increasingly vulnerable to theft or accidental disclosure.
In malicious breaches, cybercriminals can use stolen data to target people with phishing messages, or by taking out loans or credit cards in their name, a common and damaging form of identity theft.
Here are some tips to protect yourself.
Be informed
In the United States, there is no federal law that compels companies or organizations to notify individuals of data breaches, but it is standard practice for them to notify affected customers and often identity protection services provide, said Oren Arar, VP of consumer privacy at cybersecurity company Malwarebytes. .
The situation is better in the European Union, where the privacy regulations of the 27-nation bloc require certain types of breaches to be disclosed.
Even after a breach becomes public, cyber security experts say people need to be vigilant. Be on your guard for phishing and other social engineering attempts, in the form of emails or phone calls purporting to be from the hacked organization or from someone offering help. Contact the company or organization in question to see if they can confirm it. But use their official website, smartphone app or social media channels – don’t use links or contact details in any message sent to you.
Also see the Federal Trade Commission’s website for victims of identity theft, identitytheft.gov, which provides step-by-step advice on how to recover from various situations.
Change your password
If your details have been exposed, the first thing you should do is change your password for the account in question.
Use a strong password that includes letters, numbers and symbols. The longer the better – some experts say it should be 16 characters. Be sure to add multi-factor authentication, which adds a second layer of verification by requiring a code to be sent via text message or email, or by inserting a USB authenticator key into your device.
And if you’re using the same or similar login information for multiple websites or online accounts, make sure to change it. That’s because if hackers move your password from one service, they can try it on your other accounts and get into them all easily. If memorizing your various credentials is too difficult, consider a password manager.
“Just because your information is breached doesn’t mean someone stole your identity or your money. But it means you are at risk,” Arar said. “That’s why it’s smart to watch your credit for new accounts, change any passwords that are leaked, use multi-factor authentication, and have a separate ‘junk’ email for less important signatures.”
Keep monitoring
Data breaches are rampant and can be difficult to track through individual notifications. There are online services you can check, like Have I Been Pwned, a free website that shows if your email was involved in a data breach.
Malwarebytes Digital Tracking Portal does a similar job but can also check if your information has been posted on the dark web.
“When public data breaches happen, cybercriminals collect as much data as possible so they can sell it on the dark web,” said Darren Guccione, CEO of Keeper Security, which makes password protection software and offers a tool, BreachWatch , which scans the darkness. web to see if your personal information appears there.
Tell your bank and credit agencies
If card payment numbers have been stolen, notify your bank or credit card company, explaining that your card is at risk of fraud and asking them to notify you of any suspicious activity. They will probably issue a new card immediately. Some banking and credit card apps allow you to lock the account and freeze any transactions from the app.
You can also notify credit agencies – the three biggest are Equifax, Experian and TransUnion. They can freeze your credit, which restricts access to your credit report and makes it difficult to open new accounts or issue a fraud alert, a warning added to your credit report that prompts lenders to contact you before money to lend.
Be careful after telco hacks
Cybersecurity experts have warned that breaches involving a telephone company, like the AT&T case, leave customers vulnerable to having their phone numbers stolen, or “shimjacked”. Thieves could then use the hijacked number to access other accounts that use that number for multi-factor authentication via text messages.
To reduce that risk, AT&T also recommends setting up a unique passcode required to prevent significant account changes, such as transferring phone numbers to another carrier. Also, delete phone bills, bank statements and other messages with personal information from your email account, so that if criminals gain access to your inbox, they won’t be able to use that information to run security checks.
___
Need help with a technical challenge? Write to us at onetechtip@ap.org with your questions.
