Can you get a refund? What should you do? Keep up with the latest data breaches and learn what to do with our Data Breach Survival Guide
Recent data breaches involving the large credit bureau firm Equifax and Capital One bank have affected around 250 million people and made big news. But lost in the headlines is what it means for you, the consumer, and how you can protect yourself from data breaches in the first place.
It’s easy to see how the news of these data breaches could be confusing. The Equifax case alone has had many recent twists and turns. In late July the U.S. Federal Trade Commission reached a settlement with the company over its 2017 failure to protect the data of 147 million people. If you want more information about the settlement, go to ftc.gov/Equifax – scam websites have popped up spoofing the real thing.
But it turned out there isn’t enough money to pay each consumer the $125 initially indicated. “A large number of claims for cash… means only one thing: each person who takes the money option will wind up only getting a small amount of money. Nowhere near the $125 they could have gotten if there hadn’t been such an enormous number of claims filed,” the FTC said this week.
Some consumer advocates criticized the FTC for publicizing the potential $125 for consumers, then pulling back after a large response, The Washington Post reported. In order for the $31 million settlement to be divided into $125 payments, less than 2% of the 147 million victims would stake a claim, prompting the Post to ask in a headline: “Did someone forget to do the math?”
So what should you do about the Equifax settlement?
Another part of the settlement offered victims free credit monitoring, and the FTC urged consumers to take that instead of a small settlement because, “frankly, the free credit monitoring is worth a lot more.” The service monitors your credit report at all three nationwide credit reporting agencies, and comes with up to $1 million in identity theft insurance, the FTC told consumers.
Nevertheless, you can still file a claim here, and read the FAQ to find out more.
Capital One data breach
In mid-July, Capital One, a large U.S. bank with an extensive credit card business, reported that a hacker accessed the data of 100 million Americans and 6 million Canadians. Here is the latest information on that breach:
Capital One says it is contacting U.S. customers who lost the most sensitive data, including credit scores, Social Security numbers, and bank account numbers.
What should you do if you’re a Capital One customer?
Don’t engage with phone calls, emails or texts seeking information from you and purporting to be Capital One offering financial compensation. The company is warning against phishing websites and other scams. Find out more here, and report the scams to firstname.lastname@example.org. Like Equifax, Capital One is offering free credit monitoring for victims of the breach. The company also has tips for protecting yourself against credit card fraud. Canadian credit card customers can find out more here.
The criminal case against the hacking suspect is a fascinating look at the unstable life and erratic judgment of a hacker. If you’re curious, you can read more in this excellent Chicago Tribune article.
The larger issue of data breaches – and you
Let’s take a step back: What is a data breach, anyway? A data breach is when protected information is infiltrated. It’s that simple. A breach is an opening that is not supposed to be there — a hole in the bottom of a boat, a tear in a protective wall, or an exploitable crack in online security, to name a few. A data breach is when that unlawful opening leads to sensitive online information.
The data breached could include your:
- Email address
- Phone numbers
- Driver’s license info
- Credit card numbers
- Purchase history
- Bank account details
- Social Security number
How do you know if your data was breached?
The breached company should alert you right away when your data has been compromised, reporting when the breach happened and what data was exposed. This hasn’t always been the case. Equifax, for instance, sat on the news for a couple of months before alerting their client base. While it can’t show you information related to the recent Capital One breach, Avast’s Hack Check tool can show you if your passwords have been exposed in a prior data breach.
GDPR and data breaches
The biggest recent global reform on data breaches is the General Data Protection Regulations, a legal European Union code of law that focuses on digital privacy and security. It took effect in spring 2018 and applies to companies and individuals that keep digital data on EU citizens, regardless of where that company is located. It protects consumers by mandating that these companies maintain certain high security standards and divulge any breach info within 72 hours of discovery. If any company breaks these rules, they are fined up to 4% of their annual revenue or 20 million pounds ($24 million), whichever is larger.
Authorities continue to explore how wide-ranging GDPR enforcement can be. In May a German regulator fined a police officer €1,400 ($1,700) for calling a driver after looking up their mobile phone number using their license plate information.
What can cybercriminals do with the data they steal?
Cybercriminals often sell the info or exploit the information themselves to:
- Withdraw money from bank accounts
- Get new credit cards and buy expensive items
- Access tax filings
- Lock victims out of bank accounts and social media accounts
What if I’m the victim of a data breach?
Equifax and Capital One are hardly the only businesses with recent data breaches. Toyota, Lexus, Adventist Health, and the large medical records company Quest Diagnostics all had data breaches just in June, reports the nonprofit Identity Theft Resource Center, run in conjunction with the U.S. Department of Justice. If your personal information has been compromised, use the following data breach response checklist:
Determine what info was breached
Learn exactly what happened from the company that was breached. If they are not providing all the details, seek more information from the FTC, and take stock yourself of what you’ve shared with that company.
Change all passwords
Create strong new passwords, use a different password for your accounts, and two-factor authentication. Find strong password ideas here.
Beware of links in odd emails or texts
If you receive any emails or texts claiming to be related to the breach and providing a link to click or a file to download, do not click. These are often phishing attacks, cybercriminals attempting to capitalize on your confusion. Learn more about phishing emails here.
For credit and debit card theft, contact your bank
If your credit card or debit card numbers were stolen, contact your bank to get new numbers issued. Also change your PIN. Set text or email alerts to warn you about any strange charges, purchases, or withdrawals.
For Social Security info theft, contact a credit reporting agency
Your SSN allows cybercriminals to open new accounts in your name. To prevent this new account fraud, put a fraud alert on your name at one of the three major credit bureaus below. (Ironically, Equifax is one of these companies.) Sometimes the company that is breached offers free fraud alerts.
Periodically check your credit report over the next several years to make sure nothing suspicious pops up. Also consider getting a security freeze. It prevents anyone from seeing your credit report without your authorization. While this can delay some of your purchases (car loans, home loans, etc.), it does help prevent identity theft.
Driver’s license or personal ID theft
In the U.S., this is the state Department of Motor Vehicles. Ask the office for their recommendations and best practices to protect you. They may decide to issue you a new ID number or perhaps have certain fraud protection practices they recommend you follow.
Use an antivirus software
To protect yourself from malicious spam, infected links, and any type of malware, install an antivirus. Avast Free Antivirus is consistently rated “excellent” by industry experts, trusted by 400 million people worldwide, rated “Antivirus with the lowest impact on PC performance” by AV comparatives – and free.