It’s typically months after your information may already be for sale on the Dark Web that you’re notified. It’s not uncommon for notifications to come 6 months or more after a breach has happened.
It takes on average 279 days for a company to identify and contain a data breach. (IBM Security)
Several factors go into the length of time it takes to identify breaches of information, these include:
- New malware never seen before (aka: Zero Day)
- The stealth nature of certain types of malware
- Lack of manpower to monitor all threats
But just because you may get a breach notification months after that breach happened. It doesn’t meant that there aren’t steps you and your employees can take to protect your data and your own IT security.
We’ll go over the newest major data breaches need to know about and then provide tips on what you should do if your data has been exposed.
Which Companies Have Recently Had a Data Breach?
It seems that any size organization can be hit by a data breach, even those you think would have strong cybersecurity measures in place. The battle over personal data has only gotten more fierce over the last few years, with over 6500 data breaches reported in 2018 (and most likely many more unreported).
Here are the most recent ones that you should have on your radar.
Capital One Data Breach
Major bank and credit card issuer Capital One suffered a breach exposing the credit card applications and accounts of 100 million US customers and 6 million Canadian customers.
The breach occurred on March 22-23, 2019. It was identified on July 19, 2019.
Exposed records include applications as far back as 2005.
The company said that “no credit card account numbers or login-credentials were compromised and over 99% of Social Security number were not compromised.” In the other 1%, were 140,000 people with their SSNs stolen.
Café Press Data Breach
A popular online shop for businesses to use to have their logo printed on mugs, t-shirts, and other items suffered a major data breach on or about February 19, 2019. It exposed personal details over 23 million people.
Notification letters of the breach began appearing in the mailboxes of Café Press customers in early September 2019, over 6 months later, outlining the information that was exposed.
The exposed information included, names, email addresses, passwords, physical address, phone number. In a small number of cases ,the last four digits of the users’ credit card number and expiration date. Also included were. SSNs and Tax Identification numbers
Dunkin’ Donuts Data Breach
If you’re a DD Perks rewards member with Dunkin’ Donuts, it’s no surprise if you’re getting a little frustrated. Back in February 2019, they announced an attack to gain access to customer accounts. It came just three months after an earlier breach.
Related: What is Cyber Insurance & Why Do You Need It?
The first “credentials stuffing” attack (where hackers use credentials leaked at other sites to gain access to other accounts) happened on October 31, 2018 and the new one happened January 10, 2019.
Information leaked included names, email addresses, passwords, and their DD Perks account number and QR code. The purpose of the hack, according to ZDNet was to sell this information on the Dark Web.
Equifax Data Breach
The last Equifax breach was announced in September of 2017. Many consumers are still feeling the impact due to the shear volume of records exposed. 147 million people had their personal data exposed as part of the latest data breaches and compromising of data.
Hackers breached their network from mid-May through July of 2017. The data exposed included names. SSNs, birth dates, addresses, and Driver’s license numbers. The FTC has a website where consumers that were affected can file a claim for compensation.
Fortnite Data breach
In January of 2019 the maker of the popular online game Fortnite, Epic Games, announced they discovered a major breach of their network. It allowed hackers to login as players. Purchase in-game currency using their credit cards on file.
The breach was due to a flaw in their login system. Unauthorized access of user accounts had been going on for months prior. Approximately 80 million people play Fortnite monthly and as many as 200 million have accounts.
What To Do If Your Data Has Been Compromised?
No one wants to find out their personal information has been exposed by a retailer or company they trust. There’s a feeling of helplessness. Betrayed because you trusted them to keep your details safe.
You do not want to be part of the latest data breaches and compromising of data. once the “toothpaste is out of the tube” there are steps you can take to safeguard yourself after a security breach.
- Identity what information has been breached (credit card number? Username/password?)
- Change your password on the breached site and anywhere else you use the same or similar password
- Check the hacked company’s site for any offers of free credit monitoring
- Find if credit card numbers were breached. Go through your bank to freeze your card and have a new one re-issued
- Monitor your credit report (you can get a free one here) for any unusual activity
- You may wish to use a Dark Web scanning service so that just know these have limited reach when it comes to the vastness of the Dark Web
Is Your Company Properly Protected from a Data Breaches?
Large companies may get their names in the paper. Many small and medium-sized businesses are targets of data breaches. Many never recover from them. Protect our network and files with 24/7 security monitoring.
Call RCOR today or learn more at 919-263-5570 or request a security audit online.
