When Target announced in 2013 that up to 40 million customers had their credit card information stolen, the world was shocked. Five years later, data breach hacks have become routine and people have grown ‘fatigued’ to the news.
In the last month alone, the Dayton Daily News has reported on three cyber breaches that could have left the personal information for area people exposed for malicious use — a growing trend that often is at no fault of the victim.
“With the technology evolving — and every day it gets better — it makes our lives so much easier because we have access to everything with the touch of a finger. But it also makes it very easy for scammers and people that are operating less than legitimately to get access to our information,” said John North, president and CEO of the Dayton Better Business Bureau.
Early last month the third party patient eligibility and billing service provider for Premier Health, Nemadji Research Corporation, said that patients of the local hospital system could have had their information exposed after an employee with the research firm fell victim to a phishing email.
When Equifax reached a $700 million settlement of its March 2017 breach in mid-July, many Americans, including in this region, found out for the first time that their information was accessed during the breach. It’s still unclear who stole the information and what has been done with it.
And last Monday, Capital One announced that 100 million credit card applications and 140,000 Social Security numbers were accessed in a hack when its own software engineer Paige Thompson allegedly exploited a “configuration vulnerability.”
“The old theory…was the larger the organization, the more money that they invest in security, the more secure my data should be. And it’s turning out that it’s almost the complete opposite,” said Shawn Waldman, CEO and founder of Miamisburg-based Secure Cyber Defense.
Instead, those organizations that are most trusted by consumers are a bigger target because cyber thieves have more to gain, and larger organizations have so much data they have trouble keeping track of it all.
“As a protector of the system… I’m basically defending multiple fronts, and (hackers) are only having to attack me on one front. And I won’t know what that is until they break it,” said Tom Skill, chief information officer at the University of Dayton.
Even before the Target hack in 2013, Heartland Payment Systems had a 2009 breach that affected 130 million and Sony’s 2011 breach impacted 100 million.
“We’ve gone almost 10 years of continuous compromises of data,” Waldman said. “The world has become immune to it. I think we see it in the news and we go ‘oh, okay. My data’s been compromised again.’”
»BIZ BEAT: Golden Nugget gives upate on restaurant sale
In 2014, 76 million households and 7 million small businesses were impacted by a J.P. Morgan breach, followed by 79 million at Anthem in 2015, 117 million at LinkedIn and 3 billion at Yahoo in 2017, 148 million at Equifax in 2017, 339 million at Marriott in 2018 and 106 million at Capital One this year.
Several other smaller breaches happen every single day, Waldman said.
The number of cyber attacks have grown so much in the last decade that cyber crime damages are expected to reach $6 trillion annually by 2021,up from $3 trillion annually in 2015, according to a report from Cybersecurity ventures. Spending on cyber security is expected to reach a $1 trillion total cumulatively from 2017 to 2021.
The running line of stolen information has resulted in what Natalie Dunlevey, president and owner of National Processing Solutions, and other experts call “hacking fatigue.” That fatigue can lead to a false feeling of security, knowing that data has been out there for years but hasn’t been used maliciously and thinking there’s no way to stop it, Waldman said. But that doesn’t mean there’s nothing that can be done.
“Just assume your data was stolen,” Dunlevey said. “Be vigilant. They’re not going to stop.”
What can help?
Living without credit cards that are often a source of scams, along with loans and other forms of credit, would drastically change life, and isn’t a change people will make, North said. But that doesn’t mean they have to accept that they’re always at risk.
“Majority of consumers don’t do the proactive measures,” Waldman said. “I don’t know if it’s because of the false sense of security or the ‘I’m going to give up’ type thing,’ that they don’t do it, but consumers should practice the basics.”
The first step, whether someone has credit or is young and hasn’t opened any cards or taken loans, is to find out what information is out there, North said. Free credit reports can be pulled online once a year from each of the major credit reporting agencies and there are also free online tools like Credit Karma that show updated scores.
“Even if you don’t have credit, you should go on one of the free sites and get that credit information…to make sure that there’s not any incorrect, erroneous information out there on you,” North said.
If there is wrong information, credit reporting companies won’t know that and it will be a long process to sort it out, he said.
When starting to search for cards, Dunlevey said to make sure consumers only provide information on websites that have an SSL certification indicated with a padlock and https in the web address bar.
“You want to make sure that you understand first how that personal information is going to be used. You want to make sure that there are safeguards in place to protect that information. You want to be sure that the company that you’re providing that information has the proper technology,” North said. “Then it’s up to the consumer.”
Consumers should regularly monitor their credit, whether on sites like Credit Karma or with a service. Both Capital One and Equifax are offering free credit monitoring services to those affected by the breeches, or a refund of up to $125 for those who purchased the service themselves after the Equifax hack, Dunlevey said.
It’s also important to watch credit statements closely, Waldman said. It’s easier to dispute purchases immediately than waiting. Debit cards can be a major concern because that money isn’t as easily returned as on credit cards, Skill said.
“The one thing that I think people should really consider doing is going ahead and freezing their credit information,” Skill said. “By doing that, regardless of whether or not people get your Social Security number, your date of birth, they cannot go in and do any kind of financial activity using your name of identity without having the special code you get that is unique to you.”
Credit freezes can be inconvenient because every time a consumer wants to request an additional credit line, they have to find out what credit reporting agency the company will get a report from and call it to unfreeze the account. But it’s also the best way to make sure no one else is using your identity, Skill said.
After hearing about the Capital One breech this week and getting an alert that someone else tried to spend more than $4,000 on his credit card, Scott Drew of Greenville decided to freeze his credit. He isn’t aware of being impacted by any of the hacks, but said now it doesn’t matter as much because thieves can’t use his information to open other accounts.
“You can put safeguards in place and all you do is make smarter criminals out of that because they find their way around it. And that’s just the way it has been,” Drew said. “But I think everybody should be proactive and do everything they can. I would rather make myself as hard a victim to get to as possible and instead of working on me they’ll go somebody else.”
Additional tips include using firewall, anti virus, strong and unique passwords, avoiding phishing scams by learning the signs, updating software and not giving any personal information over phone or email unless the receiving end has been verified as legitimate, Waldman said.
Staying vigilant will remain increasingly important as the hackers continue to develop new techniques, Dunlevey said.
“I think it’s going to continue to ramp up. I don’t think of Capital One as a lackadaisical company. They had a bad actor working for them and it could happen everywhere,” Dunlevey said.
And the increased attention to data hacks is like a “dinner bell for thieves,” she said.
Consumers now need to beware of increasing scam calls and emails claiming to be from Equifax or Capital One, asking for information to verify the consumer in order to set up repayment or free security monitoring. Those calls are likely scammers, Dunlevey said. Credit card companies, the IRS and banks already have your information and will never call or email to verify it, she said.
The stolen information can also sometimes take years to work its way through the Dark Web and other illegal channels, Waldman said. While credit card numbers are often sold and used immediately, Social Security numbers, mothers’ maiden names and driver’s license numbers often have a far longer shelf life.
“As long as money drives what we all do, at the end of the day that’s what this is all about. If I’m stealing your identity, I’m doing it for financial gain. If I’m getting your credit I’m doing it for financial gain. It’s all driven by money,” Waldman said.
FIVE FAST READS
Thank you for reading the Springfield News-Sun and for supporting local journalism. Subscribers: log in for access to your daily ePaper and premium newsletters.
Thank you for supporting in-depth local journalism with your subscription to the Springfield News-Sun. Get more news when you want it with email newsletters just for subscribers. Sign up here.