It's a Trap! - Data Breach Fatigue

It seems like we cannot go a week without hearing about anew data breach that has compromised user accounts, credit cards, or healthinformation. The constant news about our personal information being stolen hasled to a phenomenon dubbed “data breach fatigue”. Simply defined, data breach fatigue is “the idea that consumers have becomeinured to the effects of data breaches and are less motivated to do anything toprotect themselves”. It’s the point where we simply accept that our informationis not safe and we stop having the expectation that companies we entrust ourdata to will keep it safe. According to PrivacyRights Clearinghouse, there have been more than 9,000 data breaches since2005, which equals about 1.77 data breaches per day, and those are just thedata breaches reported in the United States.

Data breach fatigue has become such an issue that 35% of people that have had their information compromisedin a data breach do not take any steps to change their passwords following thebreach. And over half of us have had our personal information stolen in a recentdata breach.

What Can Happen with Your Information

If your social security number is stolen, it can lead to notonly identity theft but also fraudulent tax returns and stolen tax refunds inyour name. It can even lead to medical fraud and health insurance fraud.

While fraud protection on credit cards can protect you if thecard number is stolen, those that have their debit card numbers stolen can facefinancial hardships as they go through the process of fraud report filings andtrying to get money taken directly from the bank account.

Besides fraud and monetary losses, there is the time andeffort to be considered when fighting identity theft; speaking to billcollectors, filing police reports, and submitting reports to credit monitoringagencies; none of which is fast, easy, or fun.

And if your name and email address are stolen, you can startreceiving specially crafted phishing emails that could lead to financial lossesor account compromise.

Data Breaches Can Affect Kids Too

Following the Equifax data breach checker, a family decidedto check their entire family’s information and were surprised to see that their7-year-oldson’s information had been compromised.

The theft of a child’s identity is lucrative to cyber-criminalsbecause the theft can remain undetected for years, if not decades. Withoutregular monitoring, a child’s identity that has been stolen may not bediscovered until they are preparing to go to college and start applying forstudent loans or get their first credit card. By then, the damage is done, andthe now that young adult will need to go through the pain of proving that theiridentity was indeed stolen.

A 2011report found that children are 51% more likely to be the victim of identitytheft than an adult. It was found that one of the victims was only five monthsold and another teenager had over $700,000 in debt in their name.

Last tax season, cyber-criminals on the DarkWeb were foundto be selling the socialsecurity numbers of infants for just $300 per social to be used onfraudulent tax returns. While data for children has been on sale for manyyears, it is the first known instance where hackers are specifically targetingnewborns and “fresh” social security numbers.

How Can You Protect Yourself?

There are several things you can do to protect yourself fromwidespread impacts of data breaches or if your information has been compromised.

1. Use unique passwords for each account – having adifferent password for each website or online account will help if one of thoseaccounts is compromised because it means that only that one account isaffected. We are notoriously bad about recycling and reusing passwords but witha trusted password manager such as KeePass or LastPass, you can easily trackand manage your passwords.
2. Use credit monitoring services – if yourinformation has been compromised, you are likely eligible to receive up to two (2)years of credit monitoring services free-of-charge. But even after the initialfree period, plans are fairly inexpensive, many ranging less than $20 per monthfor the entire family.
3. Provide only required information to websites –when asked optional information such as address or phone numbers, don’t feelobligated to provide them unless you want the company or its partners tocontact you,
4. Consider a credit-freeze – if you are not activelyopening credit card or loan accounts, you may want to consider placing a freezeon your credit. This will prevent fraudsters from being able to open accountsin your name and will alert you if there are attempts to open accounts. You caneasily remove the freeze if you need to apply for a new line of credit.
5. To protect yourself against phishing attacks, neverenter your personal information after following a link from an email. Instead,go directly to the website of the bank or company that sent you the email.