A Discouraging Trend in Data Breaches
Data breaches of our favorite businesses are becoming all too common. Walking through my local mall, I could identify over 10 companies that reported a data breach in the last 2 years. Most surprising of all, many of the incidents have not had to do with hackers, just the businesses own lack of security.
Most recently, First American Financial Corp., a title insurance and settlement services company, discovered a data breach of their own when Ben Shoval, a Real Estate developer from Washington, notified KrebsonSecurity of a loop hole on the First American website, firstam.com. What happened? 885 million documents had been made public to anyone who had an existing link to an online document. By simply changing the record number of the document included in the document link, you could view documents submitted around the same time as yours. This breach could be traced back to as early as 2017, with the oldest document available from 2003.
First American has since shut down that portion of their website, and are taking steps to “address the defect and restore external access”. While no report has yet indicated that hackers knew about the leak, this newest security breach is evidence that our data is too often exposed to unwanted eyes without our consent, when, in reality, it should never be.
A similar incident happened with Facebook earlier in 2019, who disclosed that they had not properly secured the passwords of around 600,000 users since 2012. Facebook employees could see the passwords, which were saved in plain text.
US DATA BREACH
Also worth mentioning is a data breach that was discovered on April 29, 2019. It was an unsecured database which exposed the information of over 80 million US households, including names, addresses, ages, dates of birth, and other information. The owner of the database is unknown.
Other major data breaches in 2019, intentional and unintentional, so far include Dunkin’ Donuts,WhatsApp, Dow Jones, and Docker Hub. Check here for an updated list of data breaches in 2019.
WHO’S TO BLAME?
While the companies are to blame for their lack of carefulness, the consumers are still the victims. Victims who don’t have many options. We can choose not to buy from them, but with the increasing amount of data breaches, we seem to be taking a chance any time we use our credit cards. The other options are to cut up our cards all together and go back to the old ways, or to just take the chance every time. And we aren’t just at risk when we use apps on our phones, and save our account information on online retailers’ websites, but even when we use our credit cards at a restaurant like Panera Bread, who reported a security breach in 2018 that leaked customer information from online orders (which included names, physical addresses, partial credit card numbers) for at least eight months before Panera Bread fixed the leak.
Anytime we choose to use a service, we weigh the chances of getting hacked, and decide it is worth it, because anytime we use a service, we are creating another way for hackers to find their way back to us. And chances are, they already have.
Here are some things that you can do to help protect yourself:
- Review your account statements. If you see anything suspicious, report it to the organization immediately.
- You can also request a free credit report at www.annualcreditreport.com, or call 1-877-322-8228.
- Be cautious in the services you use, and the accounts to which you give and save your information.
- Double check URLs, and use safer payment gateways, like Paypal.