So you’re caught in a data breach. Now what?

data breach

Reacting to a data breach can feel like you’re shuffling deck chairs on the Titanic or slamming the barn door after the horses have bolted. But there are some concrete steps you can take to minimize the harm from breaches and make yourself safer in case it happens again.

Last week, we found out when a hacker started selling a massive database of LinkedIn customer information that a 2012 data breach affected 167 million accounts, 161 million more accounts than originally reported. Other major breaches include those of Target in 2013JPMorgan Chase in 2014, and the U.S. government’sOffice of Personnel Management in 2015.

Many of the steps you can take after learning that your data has been involved in a breach might feel ineffective, says Paul Stephens of the Privacy Rights Clearinghouse, a consumer advocacy organization. But consumers are not as powerless as they might feel, he adds.

“Consumers need to get in the mindset that you assume that you’ve been breached and [are] proactive to begin with,” he says. “If you go with that premise, then I think a lot of the breach fatigue will be eliminated.”

Think of having your personal information stolen in a data breach like getting sick. You don’t (or at least shouldn’t) just roll over and moan until it goes away: To prevent it from getting worse as your body recovers, you take some medication or homeopathic remedies. If you find that your data is part of a breach, you can do certain things to recover faster and make it harder for hackers to harm you after future breaches.

A Data Breach, also known as security breaches, take on various forms. Someone could have stolen your credit card information from a point-of-sale terminal through a scheme known as skimming. Someone could have stolen information about you from a computer, phone, or hard drive. Or, more commonly, someone could have hacked into a massive customer database containing information about you.

Responding to  a data breach is complicated, in no small part because of the patchwork of state and federal laws governing how companies that have been breached are required to notify you. In the United States, 47 states require varying degrees of notification. You may not immediately or even directly learn that your data has been involved in a breach. You might receive a notification via email or a physical letter, or read or listen to a news report about it.

“Often, consumers aren’t given accurate information by the entity that was breached,” Stephens says. “Checking your credit report is not going to do a thing if the only thing that was in the breach was your credit card number.”

Taking the correct action for the kind of breach you’re involved in, and making sure that your accounts are as secure as possible before another breach occurs, can go a long way. Here are five things to do, if you hear that your information has been involved in a data breach.

DETERMINE WHETHER IT’S LEGIT

Make sure that the breach actually happened, and that you’re not falling prey to a phishing attack or other scam to get you to hand over your vital data. Contact the organization, which can include looking for a message about the breach on its website, looking up its phone number (not the one in the email sent to you) and calling it directly, or keeping an eye out for media reports of the breach.

Do not respond to the email, call the phone number included in the email, or click any links in the email, as the email could be an attempt to steal your personal information known as phishing. If you’re concerned about the veracity of the breach notification, we’ve compiled some tips to avoid phishing scams and phone call scams.

FIGURE OUT WHAT WAS STOLEN

The actions you take depend on the information stolen. Was it a credit or debit card number? A username or password? Or was it something more closely related to your identity, such as your date of birth, Social Security number, driver’s license number, or passport number? Your next actions depend on what’s been pilfered.

UPDATE YOUR AUTHENTICATION METHOD

Don’t let accounts with potentially compromised passwords linger. Compromised accounts can lead to more fraudulent activity in your name, and they can be used to send even more phishing spam. Wherever possible, choose new passwords at least 16 characters in length that include uppercase and lowercase letters, as well as numbers, symbols, and spaces. Do not reuse passwords.

Also, wherever possible, take advantage of two-factor authentication, which provides an extra layer of security to your accounts. So even if someone steals your password, he or she can’t access your account. Here’s our regularly updated guide to two-factor authentication.

And when answering identity verification questions such as, “What is your mother’s maiden name?” or “What was your first car?” you should lie. Make the lie easy for you to remember and hard for others to guess—the answer to the question about your mother’s maiden name could be something like, “Donald Trump is scary.”

REPLACE YOUR CARD(S), AND MONITOR YOUR CREDIT

If the breach involves your bank or credit card information, contact the financial institution immediately. It will guide you through fraud protection, a process that most likely will place a hold on your account until it can issue you a new card or account number.

Ask the institution to watch for fraudulent activity on your account, and ask a major credit-reporting agency (Equifax, Experian, or Trans Union) to monitor your account for fraud. If you’ve been offered free credit monitoring as part of a breach notification, take advantage of it.

CONTACT THE GOVERNMENT

If the stolen data includes government-issued identification, such as your Social Security number, or identity numbers that can’t be changed, such as your birth date, get in touch with the authorities. The U.S. government has a site dedicated to helping people who need to change their government-issued identification numbers at IdentityTheft.gov.

There are pre-emptive steps you can take too. For example, the IRS offers residents of some states a unique identification number to cut down on tax return fraud.

REGISTER FOR FUTURE DATA BREACH NOTIFICATION

Security expert Troy Hunt runs a free subscription site called Have I Been Pwned, which will notify you by email if your information has been stolen as part of a data breach.

If your email has been part of a breach, and you’re using the same password as before the breach, it’s likely been compromised and you need to change it immediately.

Although it can be easy to slip into “breach fatigue,” it’s not enough for consumers to presume they’ve been breached. “Why wait for the breach to happen?” asks Stephens, who encourages consumers to take action “before it occurs.”

Article Provided By: The Paralla

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com

 

PCI Compliance

Here is a blog every online business should take a moment to read.(PCI Compliance)

2015 will be a defining year for data security

President Obama’s State of the Union address this week launched a new emphasis on an ever-present threat in our daily lives – cyberattacks, kicking off what will be a defining year for cybersecurity protection, and for us at the PCI Security Standards Council, pivotal in improving the protection of consumers’ payment information globally.

Public-private collaboration and information sharing, education and awareness and leveraging the most secure technology as emphasized by the president are critical to protect customers against the type of massive breaches we saw in 2014.  As the standard setting organization for payment security, we are leading the charge to provide the standards and resources to help businesses secure this information.

Too many CEO’s are learning this lesson the hard way.  For American corporate executives moving forward, data security is job security.  Companies that fail to make data protection an everyday priority run the risk of losing money, losing business and destroying their reputations.

The good news is we know what works and what doesn’t.  In recent years, we at PCI have not seen any data breaches that weren’t predictable.  On the contrary, problems arise from a failure to maintain key security controls and a lack of vigilance.  Simply put, most data security breaches involving credit card data are not sophisticated attacks at all, nor are they new tactics.  Far too many of the recent major breaches we have seen in the United States were entirely preventable.

Something as simple as a password can cause problems. A recent study by Trustwave reported that the most popular numeric password used by the American business community is 123456.  The word ‘password’ remains one of the most commonly used passwords.  It wouldn’t take a very sophisticated hacker to crack that code

Fortunately, data security is now becoming a top level issue, from the White House to Congress to corporate suites across America. President Obama’s speech this week will further drive the national conversation

Many companies need to change the way they view security issues. Passing a PCI Standards assessment is a first step, but properly following security standards 24/7 is required to prevent data breaches. Not all companies do that, thinking instead that once they check the box of passing a data security assessment their work is over. This kind of thinking is a major problem.  Data security cannot just be a “box you check” once or twice a year.  It has to be an all-day, everyday priority.  Protecting data is no longer a simple task that companies can just leave to the IT Department.

EMV Chip Technology

In 2015 America will take a major step by implementing EMV chip technology for consumers.  This is a critical step forward and will provide better data protection by adding a new additional layer of security.  EMV chip technology, which is already in use throughout much of the advanced world, provides consumers with strong security features. It helps businesses lock down their point of sale and provides protection against fraudulent transactions in face-to-face shopping environments.  However, while EMV chip technology is an additional layer in data security protection, it doesn’t solve every problem.  We should not be fooled into believing it is the magical technology that eliminates data security threats.  It isn’t.

EMV chip technology will not prevent fraud when a card is used online or in mail and telephone order purchases.  EMV technology also would not prevent breaches that involve targeted malware.

No one single technology is the answer. As we look towards the White House Cyber Security Summit at Stanford University next month, it is important for American businesses to prioritize strong security principles by maintaining a multi-layer security approach that involves people, process and technology working together to protect consumers.

It’s time for a change in the mindset about data security. Vigilance must be an everyday priority.

If you would like liquidvideotechnologies.com to discuss developing your logo, web site, web application, need custom programming, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at dwerne@mojoe.net

Article Provided by The Hill

Zaxby’s Data Breach – PCI Compliant

ATHENS, Ga. — Zaxby’s Franchising Inc. says a computer data breach has occurred at a number of its stores, including more than 40 in Georgia, and that malware files could have been used to export guest names and credit and debit card numbers.

The Athens, Ga.-based restaurant chain said in a press release on its website that credit card processing companies identified certain Zaxby’s locations as common points of purchase for some fraudulent credit card activity.

RELATED | Zaxby’s named 5th largest ‘fast casual’ chain in U.S.

Affected locations include Zaxby’s restaurants in Alpharetta, Atlanta, Braselton, Bremen, Buford, Canton, Conyers, Dacula, Dalton, Dawsonville, Fairburn, Fayetteville, Kennesaw, Lithia Springs, Lithonia, Marietta, Milton, Norcross, Powder Springs, Roswell, Tucker and Villa Rica.

See a complete list of affected stores.

The press release says, “Zaxby’s Franchising, Inc. assisted those stores in reviewing the issue, and during the course of the investigation identified some suspicious malware files on the licensees’ computer systems at several Zaxby’s locations. Because those malware files could have been used to export guest names and credit and debit card numbers, Zaxby’s Franchising, Inc. informed appropriate law enforcement authorities of the potential criminal activity. Zaxby’s Franchising, Inc. is working with all of its store locations to implement additional security measures to prevent further intrusions.”

(Atlanta Business Chronicle)