Millions of Americans have had their personal information, such as credit card numbers and online passwords, exposed in data breaches. Cybercriminals can use this information to profit at the expense of their victims. But there are steps you can take to protect your information, money and credit rating.
Data breaches can be annoyances that force you to change your passwords, or they can lead to fraud and identity theft that can drain your bank account or wreck your credit. They often involve large companies or organizations that collect and store your personal information such as passwords or credit card information.
They may happen through deliberate hacking or malware attacks, or from companies negligently storing your information in a way that others can access it.
It’s very likely some of your personal information has been exposed through a data breach. From 2005 through 2018, an estimated 9,700 data breaches exposed more than 1.5 billion records in the United States, according to Statista, an online portal for global statistics and market research.
A data breach happens when data is exposed from a company or organization’s computer system without the system’s owner authorizing it. The data may include people’s personal information such as email passwords and financial and medical information.
Data breaches can happen because of hacking or malware attacks, which use malicious software to take over a computer. But data breaches may also stem from: leaks inside an organization; skimming devices that steal credit card information; mistakes or negligence that inadvertently expose information; or the loss and theft of computers, drives or files.
The first data breach to compromise more than a million records happened in 2005. The number of breaches has grown significantly since then.
| BREACH | RECORDS EXPOSED | YEAR |
|---|---|---|
| Yahoo | 3 Billion | 2013-14 |
| Marriott International | 500 Million | 2014-18 |
| Friend Finder Networks | 412 Million | 2016 |
| 330 Million | 2018 | |
| Experian (Court Ventures Hack) | 200 Million | 2013 |
| Deep Root Analytics | 198 Million | 2015 |
| Massive American Business Hack | 160 Million | 2013 |
| Under Armour (MyFitnessPal) | 150 Million | 2018 |
| eBay | 145 Million | 2014 |
| Equifax | 143 Million | 2017 |
| Heartland Payment Systems | 134 Million | 2008 |
| Target Stores | 110 Million | 2013 |
| Quora | 100 Million | 2018 |
| Firebase (a service from Google) | 100 Million | 2018 |
In March 2019, Facebook announced that it had stored between 200 million and 600 million user passwords in a readable format. Cybersecurity journalist Brian Krebs reported that Facebook employees had been able to search the list since 2012. Many of those affected were users of Facebook Lite, which the company designed for users in areas with low connectivity.
Your personal information may be valuable to cybercriminals. Gathering enough information may allow someone to steal your identity to apply for loans or credit cards or take over one or more of your online accounts.
Many data breaches may expose only limited information. But the 2018 Marriott International data breach is an example of a treasure trove of personal information being exposed.
The Washington Post reported in 2018 that the breach included passport numbers and other travel information for 500 million guests at the company’s various hotel chains. It included where people traveled and who they traveled with.
You can take steps to minimize damage and protect your online privacy ahead of a data breach. Having a different username and password combination for every online site you use is one of the most effective safeguards. If you use the same password for every site, a data breach in one could compromise the security of the others.
Strings of meaningless words along with symbols and numbers make for the safest passwords. Sites such as CorrectHorseBatteryStaple.net can generate these kinds of passwords for you.
Remembering several different complex passwords can be difficult or even impossible. A password manager can store your passwords, so you need to remember only your master password.
It’s also a good idea to activate two-factor verification if your online accounts offer it. It requires a code be sent to your phone or email to access an account from a new device.
Also consider using digital wallets such as PayPal, Apple Pay or Google Pay to make online payments. Digital wallets allow you to make secure payments and don’t store your credit or debit card information online.
While some states require companies to notify people affected by data breaches, there is still no formal way to see whether your information has been affected by a breach. Some companies may wait months or years before telling people their information has been compromised.
But if you do learn of a breach that involves your data, you should immediately take steps to minimize the damage.
Determine exactly what was exposed. Names and street address are the least harmful losses. But email addresses and passwords or credit and debit card information can be much more harmful. Consider requesting replacement cards.
Change your password on the affected account. If you use the same password elsewhere, change it on every website where you use it. Cybercriminals may try to use it elsewhere if they have your email address as well.
You should also monitor your credit report to spot suspicious or fraudulent activity. If the affected company offers you free credit monitoring, take it. But make sure you actually use the service. Be sure to check your credit report with all three major credit bureaus: Experian, Equifax and Transunion.
If you see suspicious activity, you should consider requesting the credit bureau to place a freeze on your credit reports. It will cost around $5 to $10, but it will not affect your credit score and it will prevent a thief from making charges to your accounts. You should still continue monitoring your credit reports.
Beware of phishing, spam and other fraud and scams following data breaches. Cybercriminals often attempt to trick people who may be affected by a data breach to give up more information. They may send emails with links to fake sites that look like webpages belonging to the affected company. Check the email address of the sender or the URL of any website to which it links to make sure it is legitimate. Or avoid the link entirely and go directly to the company’s website to search for information. Never give out your account password over the phone or by email.
Also consider filing your taxes early. If your Social Security number has been stolen, cybercriminals may file a fake return to get a refund in your name. Filing early can help you beat them to the punch.
Consumernotice.org adheres to the highest ethical standards for content production and references only credible sources of information, including government reports, interviews with experts, highly regarded nonprofit organizations, peer-reviewed journals, court records and academic organizations. You can learn more about our dedication to relevance, accuracy and transparency by reading our editorial policy.
Calling this number connects you with a Consumer Notice, LLC representative. We will direct you to one of our trusted legal partners for a free case review.
Consumer Notice, LLC's trusted legal partners support the organization's mission to keep people safe from dangerous drugs and medical devices. For more information, visit our partners page.
844-420-1914