Hackers are prevalent and there is an announcement of a data breach every time you turn around. At this point we are becoming a bit calloused to it. We no longer think about hacking like it’s from a spy movie, but more as just a part of life now.
Yes, it’s still very important and devastating as people’s information is stolen from some company or another. Usually, the bigger names make the news, but it’s all over the place and the smaller companies get hit just as hard (if not harder).
Many times, a hacker can make a breach and gain your personal information long before you know it. Months long. Statistically, a breach has been made 3 months before it is noticed, and then there is a delay from that point until you (as a customer) are notified. Those notifications tend to be very sterile and not detailed either.
The onus falls on you to protect your own data.
There are ways to have your credentials checked to see if they have been breached. You can check your email or phone number right on our website to see if it’s been in a known breach. Some browser tools in Chrome, Firefox, and Edge also check your credentials in a similar way as you log into accounts.
The tough part is that you need to constantly check, which you probably don’t. Therefore, it’s best to stay aware of the news and recent breaches to see if you have done business with one of those breached companies.
Here are some recent breaches as of this writing that you should be aware of.
LastPass Breach
In November, password manager LastPass revealed they were breached. This included customers’ password vaults – though they were encrypted. Near the end of the year, they updated the announcement to detail that the data contained both encrypted and unencrypted vault data, but that the data was stored in a proprietary binary format. They also stole customer information including names, email addresses, phone numbers, and billing information.
Password managers are a good thing, but in this situation you are only as protected as the strength of your master password and the binary formatting that LastPass is using.
Dropbox Breach
On October 14, 2022, Dropbox suffered a data breach via a phishing attack. The data wasn’t directly from the Dropbox servers, but rather from stored code they had on another site. That code included some credentials and API keys used by developers. As such, it included a few thousand names and email addresses of Dropbox employees, current and past customers, sales leads, and vendors.
Microsoft Server Breach
Also during last October, Microsoft announced a server breach that exposed the data of customers and prospective customers. This breach was due to a misconfigured server and Microsoft was notified of the leak on September 24th. Their public announcement was made October 19th, nearly a month later.
Microsoft has not given details of what data was stolen, but the company that found and notified Microsoft of the breach claims it contained sensitive information of 65,000 entities dating from 2017 to 2022.
Student Loan Breach
In June of 2022, the Oklahoma Student Loan Authority (OSLA) and EdFinancial were breached via a web portal provided by Nelnet Servicing. This hack exposed 2.5 million peoples information who have student loan accounts. The hackers remained on the Nelnet systems for a month, stealing information regarding loanees. This information consists of name, address, email address, phone number, and social security number.
U-Haul Data Breach
U-Haul announced a data breach on September 22, 2022. The specific date of this breach was not given, but their investigation began at least on August 1 and lasted until September 7. The data breached were contracts from November 5, 2021 and April 5, 2022. In this information; the name and driver’s license ID number of affected customers were stolen.
Neopets Breach
Do you know what a Neopet is? (Yes this is an age check) Neopets are virtual pets you play with online, and have been around for 23 years. That’s a lot of kids playing with virtual pets. Over 69 Million apparently. That’s the number of people that got their data stolen last June. The affected data is essentially everything. Names, emails, passwords, and other personal information such as age and gender.
The ”complete database and source code” for Neopets is currently for sale on the dark web for about $100k.
Marriott Hotel Breach
Marriott has been breached multiple times before, and it happened again. Announced June 28, Marriott systems were accessed by tricking one associate with social engineering. 20GB of data were stolen, including internal documents and guest credit card information.
While this particular breach seems to be confined to the Baltimore, MD (BWI) Airport Mariott, there have been 3 breaches within the last 5 years. 2018 included information of 500 million guests. 2019 affected the data (including social security numbers) of Marriott associates. And 2020 affected 5.2 million guests.
Shields Health
In July, Shields Health Care Group announced that it had been breached back in March. This data breach accessed 2 million patient accounts. This includes; name, birthdate, social security number, address, medical diagnosis, provider information, billing information, insurance information, medical record number, patient ID, and treatment information.
Block (Formerly Square) Breach
Block announced in April that it was breached by a former employee. They accessed customer names and brokerage account information for 8.2 million current and former customers.
Are you affected by these data breaches?
Hopefully not. Again, you can check your email against known breaches on our website.
On top of that be aware that with any information leak threat actors might engage you with phishing attacks, impersonation, and social engineering schemes. Be on guard.
There are many solutions to help protect you and your data and your passwords. To learn more, get in touch for a no-obligation consultation.