On Thursday, September 22, Yahoo confirmed data associated with at least 500 million user’s email accounts was breached in 2014 in what may be one of the largest data breaches ever. Some security experts think between 1 billion and 3 billion accounts may have been hacked by cyber criminals who sold the compromised date to an Eastern European nation state.
The data obtained from the breach includes usernames, hashed passwords, birthdates, phone numbers, and unencrypted security answers. To date, Yahoo has not released when it learned of the data breach nor why it took 2 years to discover and announce it. This latest breach, along with the one from LinkedIn, are much different than past cyber thefts of credit card data from Target, Home Depot, etc. as this one is about identity theft. It raises some interesting thoughts individuals and businesses should address.
Individuals: If you have a Yahoo or att.net email account and haven’t already changed your password, do so now. Also change the security answers on the account page too, and remove any personal information stored in folders. Here are a couple of recommendations when it comes to passwords, because we all use them on multiple websites regularly.
- Use a different password for email than you do on any financially related websites such as banking, insurance, investments, etc.
- Passwords should be at least 8 characters long and use letters of different cases, numbers, and punctuation characters
- Passwords should be changed at least quarterly
- Use different security answers in each website for password recovery
- Don’t write passwords down or store on-line
Additional recommendations are:
- Have your credit monitored so you’ll be alerted if new accounts are opened in your name that you didn’t initiate
- Consider adding identity theft coverage to your home or renter’s insurance policy to reduce the cost of responding to a breach
- Review your banking and credit card statements monthly looking for charges you didn’t make
- Develop a personal plan on what you need to do if your data is compromised
Businesses: The Yahoo data breach may or may not impact their sale to Verizon, but it will have financial repercussions. If they are required to offer credit monitoring to a minimum of 500 million individuals, that’s one heck of an expense! Here are some more recommendations owners should consider
- Examine what client data do you have in your system and determine if it contains identity theft related information (name, date of birth, social security information, etc.) or credit card related information
- Is it stored all on one system or server and can it be separated making it more secure
- Can you encrypt client data to protect it in the event of a breach
- Hire a security analyst to review your systems and recommend changes
- Install a firewall to provide another level of protection between company systems and the internet
- Purchase data breach insurance to protect you in the event client data is stolen
- Know what the data breach response laws are for your state and develop a response plan
Data breaches have happened too many times for individuals and businesses to stick their head in the sand and pretend it won’t happen to them. Taking a few steps better secures your data and provides more identity theft protection than if you do nothing. Let me know what you’re doing to protect your identity and data. Share your comments, questions, and experiences with me on my Facebook, Google +, and LinkedIn pages. I’d love to hear from you!