Data breaches are a common pain point for businesses and individuals. Last month, a notorious ransomware group hacked a division of insurance giant UnitedHealth Group, causing chaos for pharmacies and patients, some of whom temporarily lost coverage for life-saving medications. According to the Identity Theft Resource Center, last year saw more than 3,000 data breaches, the highest ever for a data breach in the United States.
In some cases, companies can be so desperate to hide the scope of a breach that customers are left in the dark about how to protect their information after a hack.
AmEx recommended that cardholders regularly monitor their accounts for unexpected charges over the next one to two years. You can also sign up to receive alerts about suspicious activity by turning on notifications in the American Express app or at americanexpress.com/accountalerts. The company did not immediately respond to The Washington Post's questions about the scope of the breach.
Here are other steps you can take to protect yourself if you think you may have been the victim of a hack.
If you notice suspicious activity or confirm that you have been hacked, choose a new password immediately. It's not uncommon to reuse the same password for multiple sites and services. If this sounds like you, act now.
Ideally, you should use a different and strong password every time, and password manager apps like Dashlane and 1Password can be very helpful. Once these are installed, you can use them to create secure passwords and save them for later use. All you need to do is remember one master password to enter into those apps.
Thankfully, it's very easy to tell if one of your passwords has been compromised. Web browsers such as Google Chrome and Apple's Safari automatically detect when one of your saved passwords was previously exposed through a hack or data breach and change your login credentials to new, more secure ones. I suggest that. Apple's iOS and iPadOS software includes a security recommendation tool ([è¨å®š]->[パスワード]->[ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£æŽ¨å¥¨äº‹é …]) is also available.
Use the right type of two-factor authentication
Fixing your password is just the beginning. You can also add another layer of protection: two-factor authentication.
The most common form of two-factor authentication (2FA) relies on text messages. If you've ever been asked to enter a code sent via text message to your mobile phone when logging into a website or service, you probably already have experience with 2FA.
This kind of authentication is better than nothing, but it's not unbreakable. If someone gains access to your wireless carrier account, they can perform a so-called SIM swap attack. When that happens, all text messages that would normally be delivered to your phone will be sent to the hacker, including your security code. If possible, use an app like Authy or Google Authenticator instead. Rather than relying on text messages, these apps can generate one-time codes that allow you to securely log into your account.
Start account recovery
Once you have locked other accounts, start trying to recover the accounts you may have lost control of. Many commonly used services offer tools to help verify your identity and regain access to your account, but some are easier than others. Here's how recovery works for some of the services I use.
Google: The company allows you to verify your identity by contacting other devices connected to your account. On your Android phone, you'll see a notification where you can tap Yes to prove you're the account owner. If you use an iPhone or iPad, Google makes that confirmation message available in his Gmail app. If all else fails, and you previously provided a backup email address, Google will send a recovery email to that address. Click here to get started.
apple: If someone has compromised your Apple ID, the first place to start is iforgot.apple.com. From there, Apple will ask you to verify your phone number and send a notification to your other Apple devices to reset your password. However, that only happens after you verify your identity by entering your Mac password or iPad or iPhone passcode. .
Amazon: First, Amazon will try to verify your identity by sending a verification code to your phone. If that's not possible, for example if someone else controls your phone number, your best bet is to call Amazon customer service. As part of the process, you may be asked to upload a scan of your driver's license, state ID card, or voter registration card to verify your identity.
Microsoft: Visit your company's account recovery site and enter the email address associated with your Microsoft account. If you have already created an account recovery code, you will be asked to provide it to Microsoft. If not, you will need to fill out a short form requesting an alternative email address. The company will send his 4-digit code to that email address. Once you have verified your code, fill out another short form to begin the recovery process.
If in doubt, call the company's customer service line. Unfortunately, in some cases, it's nearly impossible to get a human to resolve your issue over the phone. This is especially true for social media services such as Facebook and Instagram. But when I tried to call, a prerecorded voice message told me to go to Facebook's Help Center instead to begin the recovery process.
Consider freezing your credit
Some hacks not only reveal usernames and passwords, but also very personal information such as social security numbers. The most high-profile example is T-Mobile, where it was confirmed that personal data belonging to millions of past and present customers, including their SSNs, driver's license information, and dates of birth, was compromised in a hack. .
If you have reason to believe that someone obtained your Social Security number due to a data breach, take a deep breath and act immediately. Your best bet is to freeze your credit report immediately. This is essentially a process that prevents anyone, including yourself, from opening a new line of credit without first “unzipping” your credit report.
Thankfully, this process isn't as difficult as you might think. You can get started by visiting the Equifax, Experian, and TransUnion websites. Each service takes only about 10 minutes.
You should also make sure that all the gadgets you use are running the latest software, even if you don't use them often. Gadget manufacturers like Apple, Google, and Samsung regularly release updates aimed at fixing security flaws.
For example, in September, Apple released a security patch aimed at fixing a vulnerability that allowed NSO Group to install Pegasus spyware on targeted phones. This week, Apple introduced security adjustments to iOS 17.4 and his iPadOS 17.4.