Stan's World - Responding to a security breach
Over the past year, it’s likely you were mailed at least one letter from a major retailer advising you they were the victim of a security breach, and that your data was likely compromised. What’s also likely is either: (a) The letter went unopened because you assumed it was junk; or (b) You read the letter and tossed it into the trash, assuming there was nothing you could do about it. As with almost all things security-related, it’s probably time to change that behavior.
A recent article in the Wall Street Journal1 outlines steps we should all take when we receive one of those security-breach letters. (Hint: The decision to do nothing, or assume there’s nothing you can do, should no longer be an option.)
- Take each data-breach notification seriously. Start by changing the password for the affected account, and then change any other accounts you have with that same password. As we’ve previously noted, both John and I use a program called Dashlane to safeguard and store log-in information for all our accounts. One of the features of Dashlane is it tells you when a password has been reused, and for which accounts. Once a hacker learns one of your passwords, that same hacker will try to use it across all other accounts you may have (including bank accounts, Schwab, Amazon, etc.). If you don’t change your password, you’re daring hackers to find other accounts you have and then attempt to hack into them as well.
- Find out what kind of breach it is. If a hacker stole your music playlist, change your password. But if the theft involved a credit card or other personal information, you’ll need to step up your response. Hackers will use any information they collect to try to probe deeper into your personal life, including financial accounts. If your playlist, for example, included a lot of Bruce Springsteen music, a hacker program may assume the answer to a security question may be Bruce. Or perhaps a password is Bruce. Assume all points of information will be used against you because the programs hackers use are that good.
- Set up push notifications for financial data. When you’re notified of data breaches that involve credit cards or payment information, review the transactions on the affected accounts, going back to the previous payment period.” Regardless of whether you receive a letter regarding a security breach or not, you should still sign up now for “mobile push notifications for credit-card transactions.” Once enrolled, you’ll receive a text every time your credit card is used. It’s a great way to monitor your credit card, thereby quickly identifying inappropriate charges. (You can do the same for your checking account).
- Use free credit monitoring. Almost every time there is a security breach, victims are offered security monitoring for a period of a year or more. Sign up! Why wouldn’t you want to be notified if a hacker is opening a bank account in your name? Or a credit card? Or applying for a mortgage? In fact, “some credit cards and banking firms . . . provide free monitoring of consumer credit and provide monthly updates of noteworthy events and changes…Using these services is an easy way to identify and report fraudulent activity, as well as protect against identity theft.” If your information has been breached, you should routinely review your credit reports.
- Enable dual-factor authentication on all of your accounts. This is a good practice in general but is especially important for anyone affected by data breaches. With dual-factor authentication, you enter your password as usual but then confirm your identity using a personal device, typically a mobile phone. This limits someone from logging into the account with a stolen password.”
Security breaches can range from mere inconveniences to far worse. Take the time to take a few simple steps now before you’re forced to react to a more untimely and potentially far more costly situation.
1 Murthy, Rajendran. “Your Online Account May Have Been Breached? Don’t Just Sit There. Do Something.” The Wall Street Journal, 25 Sept. 2023.