“There’s been a Data Breach!” (please imagine the grizzled voice of Taggart’s Detective Chief Inspector Burke).
Here in Australia, we’ve recently endured a data breach or two (that we know of) involving some of the largest companies doing business here.
Data stolen includes identification (passport and driver’s license numbers), credit card numbers, address details and even health information. As much as 80% of the population may be in a data breach, and some in of them in two or more!
Plus, there were delays in advising affected customers, the methods used to inform them were inadequate, and instructions on what to do next were missing completely.
So, what do you need to do when your identification is out there? What can you do to protect yourself?
And what if you’re not sure? The read below, and apply as many of the “fixes” that seem reasonable.
Identify and secure your most valuable accounts
Your most valuable accounts are things like bank accounts, share trading accounts, store accounts.
Reset your passwords (use a STRONG random password generator). Consider adding multi-factor authentication (MFA).
MFA is where one or more additional proofs of identity are required for access. These might be a secret question, access token, fingerprint, or SMS one-time passcode.
Delete credit card and banking details from online store accounts. If you think they’ve been fraudulently used, let the website know.
Amid the turmoil, you must be vigilant, be suspicious about all emails and texts that contain personal information.
They might try to trick you into giving more information, blackmail you with threats of releasing the information, or offering to help you remove your data… for a fee.
Tell your friends and family you’re in a breach and tell them not to assume a communication is from you.
Don’t click links and don’t assume someone claiming to be calling from an organisation is legitimate. Check the phone number in the phone book and call them back. Be very careful about what you say.
The stolen information may be used to gain access to other sources of information. Not just your social media and discussion forums, but the sites and accounts you use at work as well.
Check your email and phone number at Have I Been Pawned? (or your local equivalent) and subscribe to keep up to date. Be aware that your details might not be updated yet, or that the company may not have reported the hack.
Put a freeze or credit ban on yourself. It will be harder for you to open new accounts, but it might be enough to prevent other fraudulent activity.
Check your statements thoroughly.
Order a new passport, driver’s license and other identification. Tell the issuing organisation the numbers were part of a security breach to make sure they issued new numbers.
You may have to pay for this if you’re not caught up in a major data breach, but probably worthwhile for your peace of mind.
On a related note, shred bills, expired insurances, letters from your bank, etc. as these can contain valuable information about you.
When your mobile phone is compromised
Add a verbal PIN to your phone account to prevent third parties from accessing your information.
Update the security of your devices
Many people don’t regularly install the updates, so install them, but monitor for unusual activity. This could include batteries not lasting as long, and apps not properly shutting down.
Improve your cyber hygiene
Use different passwords for all your online access; the current “gold” standard is sixteen characters, a combination of upper and lowercase letters, numbers and special characters (*&@$).
Save them to a password manager, or securing them outside your email/online document storages. If written, keep the document securely.
Take an inventory of all your online accounts, and assess whether they’re necessary. For example, many shops allow guest check outs, so you don’t need to become a member. Get in touch and ask the site owner to close your account and delete your data.
If you use public computers, log out of your accounts and clear your browsing history.
If you find you’re a victim of identity theft, report to the relevant authorities.
If necessary, get a certificate identifying you as a victim of identity crime.
As you rebuild your life, limit the amount of information you share online, look for organisations with a clear commitment to cyber security, never share passwords, don’t open online accounts if they’re not necessary.
Sources for this blog post
Office of the Australian Information Commissioner, Respond to a data breach notification
Moneysmart.gov.au Identity theft: protect your personal information
Australian Cyber Security Centre, Data Breach
Williams, J.J, Foster, J, Watson, T. What does the Optus data breach mean for you and how can you protect yourself? A step-by-step guide.
Williams, J.J, Foster, J, Watson, T. The ‘Optus hacker’ claims they’ve deleted the data. Here’s what experts want you to know