data breach

All You Need to Know About Data Breaches

/ destinationscreditunion / Leave a comment

If you follow the news, you’ll note that there seems to be another major data breach person typing on keyboard with graphic locks over the imagemonopolizing headlines every week. The details vary, but in each breach, thousands, millions or even billions of victims’ sensitive information is compromised, and they’re now vulnerable to identity theft unless they take immediate action.

Here at Destinations CU, your financial success and safety is our primary goal. To help keep your information and your finances secure, we’ve compiled a comprehensive guide on data breaches.

What is a data breach?

Data breaches occur when sensitive information is accessed or used without authorization. Factors like a wealth of online data and sophisticated hacking tools have spurred a steep increase in data breaches in recent years, causing tremendous damage to individual consumers and businesses across every industry.

Data breaches occur by exploiting vulnerabilities in a company’s security system. Alternatively, an employee can be tricked into giving a cybercriminal access to the company’s network.

The goal of most data breaches is to obtain personal information, like names, email addresses and passwords, as well as financial information, like credit card numbers and account details. This information is used by criminals to steal identities and empty accounts, or sold to other criminals who will then do so.

While major data breaches make headlines, according to the Identity Theft Resource Center, there is an average of three data breaches each day, most of which will never even make the news.

After a data breach

Whenever you hear about a major data breach that can possibly affect you, it’s best to monitor your accounts for suspicious activity. In most cases, you will be notified by the victimized company if your data has been compromised; however, it helps to keep an eye on your accounts even if you haven’t been contacted so you can minimize your loss by acting quickly if your are among the unfortunate victims.

If you’ve been victimized by a breach

If you’ve been informed your information is compromised by a data breach, take the following steps immediately:

1. Freeze your credit
Placing a freeze on your credit is the most crucial step you can take to stop scammers from getting at your information. A credit freeze will not bring down your credit score, but it will serve as a red flag for lenders and credit companies by alerting them to the fact that you may have been a victim of fraud. This added layer of protection will make it difficult, or impossible, for hackers to open a new credit line or loan in your name.
You can freeze your credit at no cost at all three of the major credit bureaus, Equifax, Transunion and Experian. You’ll need to provide some basic information and you’ll receive a PIN for the freeze. Use this number to lift the freeze when you believe it is safe to do so.

2. Change your passwords
Most people are on the alert following a major data breach, but they tend to let their guard down once the heat is off and things calm down. Hackers know this, and they’ll often hold onto victims’ information immediately following a data breach and then sell it months down the line to other identity thieves. To protect your accounts from a delayed-reaction hack, change all of your passwords after a breach that possibly has affected you.

3. File an identity theft report
Unfortunately, these protective measures can sometimes be too little, too late. If your accounts have been compromised, and you believe your identity has been stolen, file an identity theft report with the Federal Trade Commission (FTC) as soon as possible. This will assist the feds in tracking down your hacker(s) and returning your finances to their usual state as quickly as possible.

Protecting your information

There’s no fool-proof way to protect yourself from a data breach, but following these simple steps can help keep your information as safe as possible:

Monitor your credit. Check your credit accounts for suspicious activity on a regular basis. You can request a free credit report from each of the three major credit bureaus once a year at AnnualCreditReport.com. You may also want to consider signing up for credit monitoring, a service that will cost you $10-30 a month for the promise of notifying you immediately about any suspicious activity on your accounts.

Use strong, unique passwords. Use a different password for each account, and choose codes that are at least eight characters long. Also, use a variety of numbers, letters and symbols. Vary your capitalization use as well, and don’t utilize any portion of your name, phone number or a common phrase as your password. Using a password manager like Dashlane or iPassword can also help keep your information safe. It’s also a good idea to choose two-factor authentication when possible, and non-password authentication, such as face recognition or fingerprint sign-in, for stronger protection.

Browse safely. Never share sensitive information online and always keep your security and spam settings at their strongest levels. Make sure your devices are fully updated at all times. It’s also a good idea to keep your social media accounts as private as possible.

Destinations Credit Union has tools to help you prevent unauthorized use of your account.  In our mobile app, you can sign up for card controls and get notified each time your debit or credit card is used.  In addition, you can get group pricing, as a Destinations Credit Union member, on ID Shield, which helps restore your identity in the event of a theft.

Hackers never stop trying to get at your data, but with the right protective measures in place, you can keep them from seeing success.

Your Turn: How do you protect yourself from data breaches? Share your tips with us in the comments.

Sources:
https://www.forbes.com/sites/nicolemartin1/2019/02/25/what-is-a-data-breach/amp/
https://www.malwarebytes.com/data-breach/
https://www.experian.com/blogs/ask-experian/what-is-a-data-breach/

 

All You Need To Know About The Ticketmaster Breach

/ destinationscreditunion / Leave a comment

Hackers are at it again! This time, they’re skimming information on third-party sites in Ticket master logowhat may be the largest credit breach ever.

To that end, in late June, Ticketmaster announced that several of its sites had been compromised. Recent research, though, has revealed that this breach was only a small part of a massive credit card-skimming hack that may have affected more than 800 e-commerce sites.

Here’s what you need to know about the Ticketmaster breach:

What happened?

Ticketmaster revealed that customer information on several of its sites was compromised. The ticket-selling giant claimed no U.S. sites – or customers – had been hacked.

However, cybersecurity firm RiskIQ has said that more than 800 international e-commerce sites have been compromised in this hack.

Sites like Ticketmaster often rely on a third-party code that’s hosted on other sites to support their own payment systems. Third-party codes present a single point of failure. That means, if this code is breached on its host site, every site that uses the code will then be compromised.

That’s exactly what happened with Ticketmaster. Several of the ticket giant’s websites ran code from Inbenta, a customer support software company. When Inbenta was hacked, the sensitive information of these customers was compromised.

Though Inbenta claimed only these Ticketmaster customers had been affected by the hack, RiskIQ has found that some of Ticketmaster’s global sites – including its U.S. site – was running code from SocialPlus, another third-party that had been compromised by the same group that hacked Inbenta.

The breach gets even worse: All websites that relied on code hosted on Inbenta or SocialPlus were also compromised. The number of hacked sites has been estimated to reach 800.

The hack was executed quietly and efficiently. Scammers changed the code on the host sites to skim the credit card information being entered at checkout on the e-commerce sites. Since each code can be used on numerous sites, compromising this point can give hackers instant access to the information of 10,000 victims.

Who is behind the attack?

RiskIQ has identified Magecart as the hacking group behind the attacks. This group has been active since December 2016, and RiskIQ has been tracking them for nearly as long.

The hacking group targets software companies that provide codes for e-commerce websites. By altering these codes, the hackers can skim information from millions of customers every day.

According to Yonathan Klijnsma, a threat researcher at RiskIQ, the Ticketmaster breach has a larger impact than any other credit card breach to date.

While the cybersecurity firm did not name specific compromised sites beyond Ticketmaster, it did disclose that close to 100 top-tier sites have been breached, including large brands and popular online retailers.

What should I do if my information has been compromised?

Unfortunately, with the point of failure in this hack taking place at a third-party site, there’s not much you can do to protect your information from being compromised. However, by taking immediate action if you’ve been hacked, you can mitigate the damage to your credit and help law enforcement agents apprehend the hackers as quickly as possible.

If your information has been compromised, take the following steps:

  • Place a fraud alert on your credit accounts. This will warn creditors that you may have been victimized by identity theft and make it harder for a scammer to use your credit identity.
  • Consider a credit freeze. This will make it impossible for a hacker to open new credit in your name.
  • Alert the Federal Trade Commission. Let the FTC know you’ve been hacked at ftc.gov.
  • Tell Destinations Credit Union. Don’t forget to tell us that your information has been compromised. We’ll help you determine your next step and guide you until your credit has been cleared.
  • Dispute fraudulent charges. If you find any suspicious charges on your credit account, dispute them immediately. To do this, contact the associated financial institution and file a police report as well.

Scammers never take a break. Make sure you know what to do if your information has been hacked!

Your Turn: Have you ever been the victim of a credit breach? Share your experience with us in the comments.

SOURCES:
https://www.nafcu.org/newsroom/more-800-e-commerce-sites-targeted-cyber-attack?utm_source=NAFCU+Today&utm_medium=Email&utm_campaign=daily+news
http://www.nbc-2.com/story/38649397/ticketmaster-data-breach-part-of-larger-credit-card-scheme-report-finds
https://www.google.com/amp/s/www.zdnet.com/google-amp/article/ticketmaster-breach-was-part-of-a-larger-credit-card-skimming-effort-analysis-shows/
https://www.riskiq.com/blog/labs/magecart-ticketmaster-breach/

What The Data Breaches At Uber And PayPal Tell Us

/ destinationscreditunion / Leave a comment

Q: I’ve been hearing about security or data breaches at some large companies I do Uber and PayPal logosbusiness with. I’m worried that something like this might result in harm to my credit. What exactly is a data breach and what can I do to protect myself?

A: As our digital world expands, so does cyber crime. Two companies that recently experienced major data breaches are Uber and PayPal. Chances are, you’ve done business with one or both of these companies. To protect yourself against these and future breaches, arm yourself with knowledge and good habits.

Just what is a data breach?

When a criminal gains access to data sources and sensitive information such as credit card numbers, passwords and license numbers, this constitutes a data breach. Such access can be physical, like when someone has access to your phone or computer. The information in your device can be copied (or ported) to another device. More often, and more nefarious, is virtual thievery accomplished by a number of means, such as bypassing the security measures put in place by you or a company that stores your info in some way. Cyber criminals at Uber and PayPal used this method to steal data.

What happened?

As more people are connected to the Internet and use online services, data breaches are increasingly more common. Uber’s breach exposed the personal information of 57 million customers and Uber workers in 2016. It included names, phone numbers, email addresses, and license numbers. While sensitive information like birth dates and credit card numbers were not exposed, many of these can be attained and paired to the exposed information. PayPal also had a large data breach that potentially impacted 1.6 million customers.

This stolen information can be then used in many ways, including setting up accounts to establish a new identity. It can also be used to use to steal a person’s identity.

How can you protect yourself?

No one who uses the Internet to transact business is completely secure from threats of breaches like these. However, experts in cyber security have some suggestions to lessen your vulnerability.

  • Do not log into accounts using Facebook. When you log in this way, you are allowing Facebook to access more information about you and you don’t have control over how this data is used.
  • Don’t give out too much information. The University of Western Australia’s Centre for Software Practices suggests not giving your age and birth date when filling out profiles. You can make up a birth date and even choose your opposite gender. When using social networks, limit the information you make available. Identity thieves can make quick use of your birth date and hometown. Don’t post these in your profile.
  • Use more than one email account. For social media, using more than one email account can help to keep your data from being accumulated in one place. If you have a large amount of data in one place, losing it all at one time can potentially do greater damage.
  • Be password smart. A surprising number of people use the same password for many sites. This is a problem because if one of your sites is compromised, hackers can try that password on other sites. While it may not be convenient, it is smart to use a different password for each site you use. Every password should be strong with a unique combination of letters, numbers, and symbols.

    Another option is to use a password manager to generate passwords and store them in an encrypted database locally or remotely. An uncrackable password goes a long way to protect your data.

  • Limit your use of credit cards online. Ironically, given the subject of this article, using PayPal is safer than using credit cards when online. PayPal limits the information you are providing. In fact, no customers were harmed in the PayPal data breach.
  • Change identifying information. Pick a new birth year or change your gender on social media profiles. This helps to keep information about you from being linked with information from other sites.
  • Practice good data management. Ceck all of your account statements regularly. Look for suspicious items and set alerts to notify you when a large purchase is made.
  • Check to see if the apps you use are storing information. Some apps actually collect and sell information. Install updates for your apps because the updates typically include more advanced security, or close existing gaps that were recently discovered and exploited.

Your Turn: Unfortunately, almost everyone has a nightmare story about a personal data breach situation. What is yours? How did you handle it?

SOURCES:
https://www.theguardian.com/technology/2017/nov/21/uber-data-hack-cyber-attack  
http://www.zdnet.com/article/paypals-tio-networks-reveals-data-breach-impacted-1-6-million-users/
http://www.abc.net.au/triplej/programs/hack/how-to-protect-yourself-from-an-uber-hack/9181672

The Story Behind the Sonic Breach

/ destinationscreditunion / Leave a comment

It’s been a rough go of things when it comes to the security of debit and credit card as sonicwell as personal information. The massive Equifax breach has already left many Americans feeling unprotected and insecure while Yahoo experienced yet another breach soon afterward. To top it all off, the popular burger chain Sonic Drive-in announced in late September that its payment portals had been compromised.

Experts estimate that information for millions of cards was hacked from the nearly 3,600 Sonic locations across 45 states. The card numbers and details are now up for sale on the darknet.

Here’s what you need to know about the latest in a long line of nationwide security breaches:

What happened?

The breach became a reality when Sonic’s card processing company reported “unusual activity” on a large number of cards that had been recently used at Sonic. Further investigation uncovered a tremendous data breach with the potential to affect millions of consumers.

Sonic utilizes a single point-of-sale system that is deployed at the majority of its locations. Using sophisticated malware, hackers were able to access the system. The malware copied the information on every card that was swiped in the payment terminal, and then sent it back to the hackers.

The hackers then put this information up for sale online, where buyers can use the card details to rack up huge bills, empty accounts or even steal victims’ identities.

While Sonic was quick to share this basic information with the public, it can be months before more details are known and shared with concerned customers.

This breach is similar to the one that hit Wendy’s last year, lasting nine months and affecting 300 restaurants. It took that long to determine the issue and resolve it because many of Wendy’s locations are franchises. Approximately 90% of Sonic’s joints are franchises as well, thus adding to the delay.

Who was affected?

Anyone who’s used a debit or credit card at any of Sonic’s locations during the last year may have been a victim in the breach. It is still unclear exactly how many customers were affected by the breach, though it is estimated that there may be as many as five million victims in this malware attack.

While most cards with compromised info were linked to activity at one of Sonic’s locations, it is possible that other companies’ security systems were also breached.

How did Sonic react to the attack?

Sonic has announced that it will offer all customers 24 months of complimentary fraud protection through Experian’s IdentityWorks program.

Sonic was also quick to hire third-party forensic experts to help investigate the attack and identify the hackers. They have also promised to research ways for improving their current system to better protect customers in the future.

How can you protect yourself from this and all future data breaches?

1.)   Find out if you were affected: If you’re a regular, or even an occasional, Sonic customer, find out if you were affected by the breach. Review your recent account information on all your cards. If you spot suspicious activity, alert your card issuer and place a freeze on your account. You can also place a fraud alert with the credit bureaus. This will warn creditors that you’ve recently been targeted in a hack, alerting them to verify that anyone seeking credit in your name is actually you. Lastly, accept Sonic’s offer of two years of free fraud protection.

2.)   Use fraud protection: Even if you haven’t been affected by this breach, it’s a good idea to sign up for fraud protection. These services don’t usually come free, although, in light of its recent data breach, Equifax is now offering a full year of protection with their TrustedID program, free of charge. Fraud protection services will ease the stress of monitoring your credit for fraudulent activity and unusual behavior.

3.)   Monitor your accounts: It’s always wise to keep a sharp eye on your money – and that means more than just checking that your wallet is safe. Review all checking account activity several times a week to determine whether your account information or debit card has been hacked or stolen. Also, never throw away a credit card statement without carefully reviewing it to be sure every transaction belongs to you. Additionally, it’s wise to shred such paperwork rather than throwing it in the trash. Finally, request a credit report from the three major credit reporting agencies once a year to see if anyone is using your name to rack up a huge bill or take out a generous loan.

4.)   Set up alerts: You can receive notice about suspicious activity almost as soon as they happen by signing up for alerts. Place a maximum transaction amount on your credit and debit card so a thief won’t get away with a huge purchase. You can also limit your transactions to a specific area or region of the country so long-distance hacking won’t work.

Your Turn: How do you protect yourself from data breaches? Share your best tips with us in the comments!

SOURCES:
https://thepointsguy.com/2017/09/credit-card-security-breach-sonic/ 
https://www.google.com/amp/s/amp.usatoday.com/story/708850001/  https://www.google.com/amp/s/www.cnbc.com/amp/2017/10/04/sonic-shares-dip-on-news-of-payment-breach.html 
https://www.google.com/amp/s/amp.businessinsider.com/report-sonic-security-breach-could-affect-millions-2017-9