Now everyone knows what’s in your wallet…
And by now, you’ve likely seen that meme—it was widely circulated on social media after the Capital One data breach came to light last month.
The breach grabbed headlines mainly because it was the handiwork of one hacker who managed to gain access to more than 100 million Capital One customer’s data. Of course, it was also notable because the cybercriminal was a woman, a rarity in the world of black hat hackers.
But for consumers and small businesses, the breach stood out for a different reason: they were its main targets.
The largest category of data accessed pertained to consumers and small businesses who applied for Capital One credit card products between 2005 and early 2019.
Paige Thompson, the alleged Capital One hacker – who has already been arrested by the FBI – exploited a misconfigured firewall in a cloud server used by Capital One and exfiltrated troves of personally identifiable data including names, addresses, birth dates, along with 140,000 Social Security Numbers and 80,000 bank account numbers. That put the Capital One data breach in a different category, said said Bryce Austin, CEO at cybersecurity consulting firm TCE Strategy.
“From a consumer standpoint, this breach is unique in that it literally contains all the information needed to apply for a credit card. So, if you're concerned that, ‘If my data has been stolen, can a criminal use that to take out credit in my name?’ the answer is yes,” Austin said.
Who’s spying on your computer?
However it happens -- whether through online hackers or not -- identity theft is skyrocketing. Nearly 60 million Americans have been affected by identity theft, according to a 2018 online survey by market research firm Harris Insights & Analytics.
The Capital One data breach was possible because the bank had misconfigured its Amazon server, but spyware is increasingly becoming a tool of choice for cybercrooks looking to target consumers and for commiting online identity theft.
Here’s some advice on how to prevent identity theft and what to do if you have been breached:
- Implement a credit freeze. This will prevent cybercrooks from opening a new line of credit in your name. Credit bureaus offer this service for free. Additionally, don’t forget to monitor your credit card and bank statements for fraudulent transactions. Also keep an eye on any medical bills that come in.
- Change login passwords for all your financial websites and apps, but do not reuse passwords. While it is important to set easy to remember passwords, refrain from setting passwords like “123456” or “password.” If managing passwords is not your forte, use a password manager program that generates, stores and retrieves passwords for you.
- If your cell phone number wasn’t compromised in a breach, make sure that you take necessary steps to protect your number. A cybercriminal who has access to either your address or date of birth can claim to be you and ask your mobile service provider to port out your number to a different SIM card or carrier. They will now be able to receive calls and texts meant for you.
- Invest in good antivirus software to protect yourself online. Webroot’s Internet Security Plus offers identity and privacy shields to help safeguard important and private data. It also uses real-time anti-phishing technology, which can identify and protect against fake websites that are designed to trick users into handing over sensitive information. Secure password management from LastPass is also included with Webroot Internet Security Plus.
- Practice basic cyber hygiene to stay safe and secure online. Use two-factor authentication or multi-factor authentication for all sensitive accounts. Configure your devices to install app updates automatically and keep your operating systems up to date. Also encrypt all devices that house sensitive data.
Backing up data is a key component of good cyber hygiene. It’s always a smart move to backup important files on an external hard drive or in the cloud. Features such as point-in-time restore will help shield you against data loss, especially if a hacker gains control over your devices. Carbonite Safe Backup works in the background automatically and continuously backing up your new and changed files to the cloud.