1. Introduction
In 2024, major companies such as Ticketmaster, Advance Auto Parts, Santander Bank, AT&T, Bank of America, MOVEit, Trello, and Discord experienced significant data breaches. It’s easy to become desensitized to these reports due to their frequency. However, the Change Healthcare hack alone affected one-third of Americans, highlighting the serious impact of such breaches.
2. Immediate Steps to Take
2.1. List Exposed Data
Document the information that was compromised. This can be a note on your phone or a physical document. Be cautious of anyone referencing this data in unsolicited communications.
2.2. Monitor Financial Accounts
Update your PIN and banking login details. Even if your financial data wasn’t directly involved in the breach, hackers could use other personal information to access your accounts. Regularly review your bank and credit card statements.
2.3 Freeze Your Credit
Contact each of the three major credit bureaus to freeze your credit. This prevents scammers from opening new accounts in your name and is a strong defense against identity theft.
3. Long-Term Vigilance
3.1 Be Cautious with Emails
Even if an email request appears legitimate, take your time to verify it. If it’s unexpected, it’s probably not urgent. Be especially wary of requests for money or personal information.
3.2 Scrutinize Healthcare Requests
If you receive unexpected medical bills or explanations of benefits, contact your healthcare provider and insurance company immediately. Someone else may be using your identity to receive medical services.
3.3 Be Skeptical of Unexpected Messages
If you receive a message from an old friend or a stranger, be cautious. Hackers often pose as acquaintances to gain your trust. Ignore texts from unknown numbers pretending to have the wrong number and wanting to chat.
4. Dealing with Password Leaks
4.1 The RockYou2024 Leak
On July 4, a file named RockYou2024.txt containing nearly 10 billion passwords was posted on a dark web forum. This leak includes passwords from both old and new breaches, putting many at risk.
4.2 Credential Stuffing
This tactic involves using leaked passwords to access multiple accounts, hoping that users reused the same password across different services. Systems without protection against brute-force attacks are particularly vulnerable.
5. Next Steps
5.1 Check for Leaked Passwords
Use tools like Cybernews’ Leaked Password Checker or HaveIBeenPwned to see if your passwords were exposed. Enter your email address and check for compromised accounts.
5.2 Reset Compromised Passwords
Update passwords for any accounts associated with the leaked passwords. This may be tedious but is crucial for your security.
5.3 Utilize Browser Password Managers
5.3.1 Google Chrome
Password alerts are enabled by default. Visit Google’s Password Manager and run a Password Checkup to ensure your passwords are secure.
5.3.2 Microsoft Edge
Enable Edge’s Password Monitor. Go to Settings (the three-dot menu) > Settings > Profiles > Passwords. Toggle on the switch for Show alerts when passwords are found in an online leak.
5.3.3 Apple Safari
Password monitoring is enabled by default on macOS 14 or iOS 14 and later. Check for alerts and update compromised passwords by going to Settings > Passwords > Security Recommendations > Change Password on Website.
6. Important Reminder
Random two-factor authentication (2FA) codes received via email or text that you didn’t request may indicate an attempted account breach. Stay vigilant and secure your accounts.
7. Conclusion
Share these tips with friends and family to help them stay protected. Knowledge is the first step in defending against scams and data breaches. For more advice on digital security and privacy, tune in to the Kim Komando Show or visit her website.
