Another week, another breach.
Or perhaps four?
In what must surely be a busy week for information security professionals hampered by a lack of suitable candidates entering the field, we have already seen four high profile breaches.
The biggest involved the hacking of Experian’s servers and the theft of information concerning 15 million people who applied for T-Mobile contracts in the US which saw usernames, dates of birth, home addresses, encrypted social security numbers and more information fall into the wrong hands. (Observation: only T-Mobile customers were affected which suggests Experian are segregating customer data which is good to see).
Then there was the Patreon hack which led to a whopping 13.7GB of personal data being dumped online. While benefactors of the site that helps online creators and charities can probably breathe easy knowing that social security numbers and tax information were well encrypted, the fact that other personal details such as names and email addresses were leaked is probably not so welcome. Even more concerning may be the news that some messages were leaked in their entirety – something that may well be a cause of concern for some members.
Likewise, customers of Kmart Australia may also be feeling concerned right now after the company told its online customers that their accounts had been compromised by an “external privacy breach” which saw names, email addresses, delivery addresses, telephone numbers and purchase info disappear into the criminal underground.
And, finally, posh Aussie retailer David Jones has also been hacked via a vulnerability in its website. The company, which has declined to put a number on how many of its customers have been affected by the breach, says the usual data has been swiped – names, addresses, email addresses, etc. – but not credit card details.
That’s a whole lot of breaches for one week.
No-one saw unencrypted payment card data swiped… as far as we know.
So all’s well that ends well then?
No, not exactly.
Even though the most sensitive of data appears to be safe, customers affected by these four breaches still need to be very much on their guard as the information that has been taken could be used against them in phishing attacks, for identity theft, or for other malicious purposes.
While most people have a sufficient level of security awareness (if you don’t, October’s National Cyber Security Awareness Month is as good a time as any to check out the free resources offered by Securing The Human) to avoid falling for the most obvious of random scams that arrive in their inboxes, targeted emails (or phone calls) that include their real names and other private data can prove infinitely more successful when it comes to duping them.
So what can someone affected by these, or other, breaches do to lessen the risks posed by having their information in the wild?
Beyond being aware of what has happened and how that information could be used against them – which is a vital first step – other good practices should include the changing of passwords if any that have been compromised have been reused elsewhere, frequent checking of bank and credit card statements and, perhaps, the signing up to a credit checking agency, though perhaps not Experian, despite its offer of two years of free credit and identity monitoring?