Another day, another report that a company is exposing customers' personal information to hackers and other unintended viewers.
On Wednesday, Panda Restaurant Group (parent company of Panda Express, Panda Inn, and Hibachi Sun) revealed that hackers had obtained personal data of an unknown number of restaurants. In recent weeks, Kaiser Permanente and AT&T have announced fraudulent data disclosures affecting millions of customers.
For the record:
May 2, 2024 10:10amA previous version of the article stated that customers were affected by the Panda Restaurant Group data breach. The breach exposed data of current and former Panda employees.
Details about what information is exposed in such events vary, but even the most mundane information companies collect can be useful to hackers, fraudsters, and data brokers.
Panda said the breach occurred in early March and only affected its internal systems and did not affect store operations. The leaked data consisted of first and last names and driver's license numbers or non-driver identification of current and former employees.
Kaiser informed its 13.4 million members that some data about searches for medical information made by patients on Kaiser's website may have been inadvertently sent to Google and other search engines and media platforms. reported. Other information that may have been compromised includes IP addresses, account usernames, and data about how members use Kaiser websites.
“These kernels of information are entered into databases that tell us a lot about you,” said Teresa Murray, director of consumer surveillance at the U.S. Public Interest Research Group.
Murray said the information collected will be aggregated to create personal profiles that will be sold.
Although data breaches can occur instantly, the effects of stolen information can take time to manifest. Murray said it could be weeks, months or even a year before stolen credit card information is used to make unauthorized purchases.
In mid-March, AT&T notified 7.6 million current customers and 65.4 million former customers that their data from before 2019 had been published on the dark web. AT&T said the leaked information did not include personal financial information or call history.
Murray said major online data breaches have been going on for more than a decade, starting around 2013 when credit and debit card information was compromised at Target and Home Depot.
The big change is how much of Internet users' personal information is retrieved from corporate servers and aggregated. Hackers exhaustively collect various data points about people, including their email addresses, bank account information, social security numbers, and locations.
Iskander Sánchez Laura, director of privacy innovation at Cyber ​​Safety Network Gen., said the average computer, smartphone and smart device user posts too much information online, making them vulnerable to hackers. He said that this is happening because of the situation.
Retailers and service providers cannot resolve the situation by requesting too much personal information from their customers when they create an online account. If a company's servers are compromised, all of its information is vulnerable.
According to experts, when signing up for an account, provide only the necessary information. If the field is optional, leave it blank.
But what should you do if you've been affected by a data breach? Iskander Sánchez Laura said the first thing to do is remain calm.
It can be scary and overwhelming to hear that your information is on the dark web, but Sánchez-Lola says it's very likely that you or someone close to you has been exposed to a data breach before. He says that knowing this will give you peace of mind. In other words, you're not a new victim, you're probably already a victim.
Security experts say there are other steps to take after receiving notification of a data breach to prevent hackers and fraudsters from using that information for fraudulent activities. Here are their tips.
Make sure your infringement notification is legitimate
When you sign up with a service provider, you typically tell the company how to alert you to fraud or data breaches. Messages may come by phone, email, text, or mailed document.
The problem is that scammers can easily impersonate your company and try to contact you using any of these communication modes.
Fake letters and emails may use the same logo as the company you do business with. Since hackers have your personal information, fake notifications can include information you're familiar with, Sánchez-Lola said.
Experts say the best way to check if a notice is legitimate is to contact the company that allegedly sent it. If you receive an email or text message that your credit card or banking information has been stolen, pick up your credit or debit card, call the customer service line on the back, and ask to speak to our fraud department. please.
If the notification is from a retailer or service provider, do not click on any links in the note or call the provider's phone number. Visit the company's website on your own, find customer service contact information, and contact them directly.
When searching online, don't just take the first number that appears in Google search results, as it may be inaccurate or fraudulent, says Sanchez-Rolla.
Your information has been stolen. What happens next?
Once you confirm that your information has been exposed, or if you want to protect yourself from future breaches, Murray and Sanchez-Rola suggested taking the following steps:
Please update your contact information. If you move, change jobs, or get a new phone number, call your bank, credit card company, investment company, or other financial institution and give them your current contact information. If fraud occurs, these financial institutions should be reported immediately.
Sign up for bank alerts. Most major banks and credit unions will alert you by text or email when you make a large purchase or when someone tries to open a new bank or credit account in your name.
Update your password. Bank, email, and other sensitive accounts should have unique passwords. Using the same password, or one variation of a password, for all your online accounts makes all your accounts vulnerable.
If you can provide an additional layer of security beyond passwords, you should set up two-factor authentication. This option allows you to verify who you are, usually by text or using an authenticator app. Using an authenticator app is a slightly less convenient, but more secure approach.
Freeze your credit report. A security freeze prevents new lines of credit from being opened in your name without using the personal identification number issued at the time of initiation.
A security freeze may require you to provide identifying information to the three major credit bureaus: Equifax, Experian, and TransUnion, including your name, Social Security number, date of birth, and current and previous addresses. there is. A copy of your state-issued ID and a recent utility bill, bank statement, or phone bill.
The only downside to a security freeze is that it can delay getting credit for goods and services that require a credit report, such as when trying to rent a new apartment. To resolve this issue, you will need to temporarily unfreeze it.
Set up fraud alerts. If you've been alerted that you may be the victim of a scam, you can set up a scam alert. You can establish a credit bureau with one of the three major credit bureaus. This requires lenders to take additional steps to verify your identity before granting you new credit. Your first fraud alert is free and will remain on your credit file for at least 90 days.
If you are a victim of fraud or identity theft, you should file a police report and provide the police with a copy of your credit report, any related correspondence, and copies of any disputed bills.
Keep records of your conversations with creditors, law enforcement officials, and other parties for your records.
Check your credit report. The Federal Trade Commission recommends that you regularly check your credit report and account statements. You can obtain a copy of your credit report every 12 months directly from Equifax, Experian, or TransUnion, by visiting annualcreditreport.com, or by calling (877) 322-8228.
Once you receive your report, check for credit reports you didn't initiate or don't recognize, as well as inaccuracies such as an incorrect home address or Social Security number. .
When you review your report, if you see something you don't understand, call the credit bureau at the number on the report.
If you discover suspicious activity on your account, you should immediately notify your financial institution or the company that manages your account. You should also report any incidents of suspected fraud or identity theft to law enforcement.