When is the last time you shopped at Target and used your credit card? There’s a pretty good chance your personal information and credit card information is sitting in the hands of a hacking group, right now.
In December, Target initially reported that about 40 million people who use credit or debit cards at its stores November 27th to December 15th had their information compromised. Just today, Target disclosed that up to 110 million customers were hit, because it has extended the breach to include the names, mailing addresses, phone numbers or email addresses for up to 70 million individuals, apart from the 40 million payment card accounts previously disclosed, was stolen during the data breach.making it one of the largest security breaches of it’s kind.
Similarly, in November, Adobe reported the breach of more than 3 million customers’ information (including password-identifying information). It then upped the number to 38 million. In December,
it got a whole lot worse when an outside company found the data of some 152 million Adobe customers on a site frequented by cybercriminals. That could mean that the Adobe hack is the largest in history.
This hack of Adobe’s internal database isn’t just bad news — it’s scary. It is increasingly inevitable that every business will suffer some kind of data breach — and that each of us will be a victim of identity theft, possibly as a result of one of those breaches. Suddenly, just being careful about your own information is no longer enough to keep yourself safe. While compromised websites will generally inform you of the leak and have you change your password immediately, this won’t help much if you’re using the same password on many other websites.
If there is one universal truth about identity theft, it’s that you’ll never know how bad it is until long after you’ve been put in danger (if you ever really know). The massive Target and Adobe security failures just illustrate the growing problem with identity theft and how ordinary people are often the real targets of hackers who target big companies.
Basically, we see two possible scenarios for everyone.
- Hackers will again breach a major web site and obtain your important data such as your passwords and personal information that you may be using to access other sites. This network of cyber criminals then have ways to discover other sites that you may use these same passwords on and access your data on a myriad of sites.
- A security breach at one of your often-used sites will leak your financial information and compromise your credit history, identity and a myriad of other devastating scenarios.
At AllConnected, we take both your personal and corporate network very seriously. We’ll continue to update you on the latest trends in network intrusion prevention throughout the year. For now, we’d like to start out the New Year and suggest that you take immediate steps to protect your personal and financial information through password management. To protect yourself against password fraud or intrusion, you have a couple of options.
- You can you use different passwords on each website. Make sure they are long, strong passwords. Remember, like the Target and Adobe fiasco, a compromise at one website could lead to your accounts elsewhere being compromised. In fact, within minutes, your compromised password could be used to test authentication to Amazon, eBay, Google Gmail, and anything else you can think of. Remembering unique passwords for all the different websites we use can be difficult.
- Password manager are now becoming a very useful tool. Tools such as LastPass and KeePass, will generate unique and random passwords for each of your accounts and then keep track of each of those passwords. Each of these products are available for your smart phone so you can always have your password management at your fingertips.
If you are concerned if your passwords and identity may have already been compromised through hacks such as Target and Adobe. You can find out whether your email address appears on a leaked password lists, you can use a tool that quickly checks for you. LastPass now uses PwnedList to monitor whether LastPass account email addresses become compromised. For example, if your LastPass account email address firstname.lastname@example.org, you’ll get a notification if email@example.com appears on any lists of leaked email addresses and passwords.
For your business sites, if you maintain user names and passwords for your customers and employees, you are taking on a huge responsibility – one of maintaining adequate security methodologies that protect your customers and employees against hackers and malicious activity. Use of tools that help you encrypt your data, adequate firewalls and security devices will help safeguard your company, your employees and your customers. At AllConnected, we’re here to help you. Contact us for a security assessment and we’ll be happy to help you employ and maintain security measures.