Imagine this (fairly) normal scenario: You go to the dentist for a crown (which is aptly named considering only royalty can afford it). On your way back, you buy a smoothie (aka adult baby food). At home, you rent a funny movie to stream on TV. Then you check your bank account. Next thing you know, someone’s got your personal info and is spending your money like Louis XIV (who ironically could afford a crown).
Which activity opened the door for hackers? Try all four—including visiting the dentist! How’s that possible? The worst incident in recent data breach history is to blame. In December 2021, someone noticed a flaw in Apache Log4j, a bit of software that’s in everything from medical equipment to TVs to cloud services. The flaw allowed hackers to take over any device using it, opening the door to a catastrophic number of data breaches.
Making things worse, the problem was announced before it was fixed—before anyone even had a solution to the problem. So the bad guys knew—just like everyone else—it was open season on sensitive data. Officials said everyone should assume they were exposed.1 Yikes!
This vulnerability put countless individuals, businesses and even countries in the crosshairs of hackers. At one point, one cybersecurity company counted 10 million attempts per hour by hackers to take advantage of the flaw.2 Businesses and governments furiously worked to patch the flaw (coder speak for “fix the problem”), but experts say we’ll be dealing with the problem for a decade because Apache Log4j is used in so many things.3
But here’s the thing: Data breaches aren’t unusual (cue Tom Jones’ “It’s Not Unusual”). In fact, they appear to be on the rise. While being a part of a data breach doesn’t automatically mean your identity will be stolen, it does put you more at risk of becoming a victim of identity theft. The smartest way to protect yourself from these unsavory intruders is to make sure you’re covered with identity theft protection.
What Is a Data Breach?
A data breach is a security incident where personal and confidential information is stolen by another individual. The information compromised can include things like your name, birth date, street address, health care history, customer lists, Social Security number and bank account information. If the company or organization discovers an unauthorized individual has viewed that information, they’ve had a data breach.
Data Breach vs. Data Leak
So, we’ve mentioned a data breach, but what is a data leak, you ask? Is there a difference? Yep. While a breach involves an outsider like a hacker (think the dude in movies who's always in a sitting in a van with computers and saying things like, "Alright, I'm in!") breaking in and stealing information, a leak doesn’t start with a cyberattack—a company basically just leaves the door open by mistake so anyone can come in and have a gander at your info.
Just because a company has a data leak doesn’t mean someone accessed the information. But just like you need to cancel your debit card if you left it out in a parking lot for a day because you don’t know if someone saw it, when a data leak happens, there’s no way to know who—if anyone—saw it either.
How Is a Data Breach Different From Identity Theft?
Identity theft involves someone actually using your private information—usually for their own financial gain or to impersonate you.
Take our identity theft risk assessment.
I’ve personally experienced this, and let me tell you, it was not a good time. Someone got a hold of my Social Security number, phone number and an old address, and ended up opening multiple cell phone accounts across the country under my name and racked up a whole bunch of debt.
I found out about it when a debt collector called me to collect on the money owed. As you can imagine, confusion and chaos ensued as I tried to tidy the mess up for months. So yeah, that’s identity theft. You might think you qualify as an identity theft victim if your personal information was exposed in a data breach—but the good news is, that’s not always the case! So breathe easy.
Recent Data Breaches
Some data breaches seem more “minor” in nature because the information they gather feels less significant (like Facebook’s misuse of private data that impacted a potential 87 million users).4
Sure, gaining access to information like names, email addresses, and passwords might not seem as harmful as someone having your Social Security number. But any data breach can leave you at risk of identity theft if the hackers want to use that information against you. Even a breach of less sensitive information like the one with Under Armour’s MyFitnessPal users can still affect millions of people—150 million, to be exact.5 On a positive note, I’m honestly impressed that there are 150 million people out there attempting to get in shape. Way to go, guys.
Just reading the words data breach probably makes you think of one of the most infamous breaches in recent history. It’s hard to forget the far-reaching Equifax blunder that exposed Social Security numbers, birth dates, home addresses, tax ID numbers and driver’s license information of potentially 148 million people.6
The sad truth is, a lot of the industries we trust to keep personal information safe are prone to being hacked.
|
Company |
Date |
Potential People Impacted |
|
TransUnion7 |
Nov. 2022 |
Unknown |
|
Uber8 |
Sept. 2022 |
Unknown |
|
U-Haul9 |
July 2022 |
2.2 million |
|
Twitter10 |
July 2022 |
5.4 million |
|
Apache Log4j11 |
Dec. 2021 |
Everyone |
|
Whole Foods Market12 |
Oct. 2021 |
82 million |
|
GetHealth13 |
Sept. 2021 |
61 million |
|
Neiman Marcus14 |
Sept. 2021 |
4.6 million |
|
Microsoft Power Apps15 |
Aug. 2021 |
38 million |
|
OneMoreLead16 |
Aug. 2021 |
126 million |
|
20/20 Eyecare Network17 |
May 2021 |
3 million |
|
Facebook18 |
April 2021 |
533 million |
|
LinkedIn19 |
April 2021 |
700 million |
|
ParkMobile20 |
April 2021 |
21 million |
|
Reverb21 |
April 2021 |
5.6 million |
|
COMB22 |
Feb. 2021 |
3.8 billion |
|
MeetMindful23 |
Jan. 2021 |
2 million |
|
Pixlr24 |
Jan. 2021 |
2 million |
|
Socialark25 |
Jan. 2021 |
214 million |
|
VIPGames26 |
Jan. 2021 |
23 million |
|
Capital One Financial Corporation27 |
July 2019 |
106 million |
|
First American Financial Corporation28 |
May 2019 |
885 million |
|
Marriott Hotels29 |
Nov. 2018 |
500 million |
|
SunTrust Banks30 |
April 2018 |
1.5 million |
|
Panera Bread31 |
April 2018 |
37 million |
|
Facebook32 |
March 2018 |
30 million |
|
Under Armour33 |
March 2018 |
150 million |
|
Orbitz34 |
March 2018 |
880,000 |
|
BJC HealthCare35 |
March 2018 |
33,420 |
|
Uber36 |
Nov. 2017 |
57 million |
|
Equifax37 |
Sept. 2017 |
147 million |
*To find more recent breaches, visit the Privacy Rights Clearinghouse.
How Do Data Breaches Happen?
It seems like big-time security measures should be enough to keep cyber-attacks at bay, but no safety measure is surefire. Large-scale or minor data breaches can happen anytime a hacker or anyone who isn't authorized gains access to sensitive files or information. And they happen a lot more often than you might think.
Generally, I’m a big fan of vulnerability, like in a Brené Brown kind of way, but in this case, it’s not the good kind of vulnerability. It’s the hacker kind that sits on a throne of lies.
So, who or what is to blame for making these trusted companies vulnerable to data breaches? Anything as minor as a weak password can cause a breach. Like when you’ve used the same password pickles98 for the last 23 years across every single online account you have. Sometimes though, a website is a missing security patch or a system glitch is at fault.
In the case of a leak, the company unknowingly triggers the leak of info. This type of incident is also known as an accidental data breach and can be caused by things like failure to follow password guidelines or public-facing web services. We’ve all been there. Whether it’s me in second grade or your personal info, “accidental leaks” are no fun to deal with.
Whatever the case, these types of data breaches don't seem to be slowing down. A 2020 report by Cybersecurity Ventures shows that the global cost of cybercrime is expected to exceed $10 trillion by 2025.38 Which is ten million millions. Ten thousand billions. Yes, it makes my head hurt too.
Interested in learning more about identity theft?
Sign up to receive helpful guidance and tools.
What Is Targeted in Data Breaches?
When a hacker makes a cyberattack, they’re usually gunning for any sensitive data they can find—anything that can either be used to steal immediately (like payment information) or get them access to stuff that can be used to steal (like passwords).
Like we mentioned before, sensitive data can include your name, birth date, street address, health care history, customer lists, Social Security number and bank account information. Also included in there is your zip code, phone number, debit (or credit—boo!) card number, education records or biometric data (think fingerprints to get into your phone).
What are these lowlifes who hang out in dark basements with Cheeto stains on their shirts, scanning the interwebs looking for? Weak credentials (like your password that’s the name of your dog followed by your birthdate), a way to steal credentials, or compromised assets (like those leaks we talked about earlier).
Hackers will also target a person or a company who has legitimate access to another company’s sensitive data for things like management or maintenance. This is called third-party access. You could have the cyber version of the Great Wall of China around your business, but if the little company contracted to do your marketing has one of those dog name/birthday passwords, you’ve got a big gaping hole in your wall.
How Do I Know if I’ve Been Affected by a Data Breach?
If a company has experienced a data breach, they’re required by state law to let you know about it.39 It’s news no one wants to hear, but knowing allows you to become hyperalert and keep an eye on things moving forward.
Recently, Equifax settled their agreement to compensate for the way they handled their 2017 data breach.
If you were one of the 147 million affected (which the odds are you were), you can now file a claim that will give you compensation for credit monitoring, loss of time and money, and even a partial reimbursement for any monitoring you’ve already purchased with Equifax.40 I wouldn’t get too pumped on the reimbursement part though. Splitting the pie with 147 million people means crumbs for everyone. And you get a crumb! And you get a crumb!
Now if you weren’t affected by the breach, you still need to make sure you’re protected by more than just simple credit monitoring. Plus, it’s probably hard to trust Equifax with your personal information after a breach that large. I mean, I still have trust issues after my favorite coffeeshop once gave me decaf coffee by accident. So when it comes to solid defense, you need to get ID theft protection that will not only protect your information, but more importantly help you clean up any messes that come with these awful data breaches.
What Can I Do to Protect Myself From Data Breaches?
Here’s the bad news: There’s not a whole lot you can do to protect yourself from a data breach. These days, your personal information is out there somewhere on plenty of different platforms—and no company is 100% secure from a breach.
But here’s the good news: It’s not all doom and gloom. I wouldn’t lose sleep over it. There are plenty of common security practices you can put into place to help protect your information where you are in control.
Shred documents with your personal information listed, never keep your Social Security card in your wallet, and be cautious about who you share your personal information with. Also, be alert and don’t fall prey to all the different types of fraud out there—they’re everywhere, and most of them are pretty easy to spot. Last but not least, don’t forget to arm yourself with identity theft protection.
What Can I Do to Protect Myself From Identity Theft After a Breach?
If a company with your information has a data breach, there are a few important steps you can take to stay ahead of hackers and protect yourself from identity theft. Remember, a breach doesn’t automatically mean your identity has been stolen.
Change Your Passwords
It’s a good idea to go ahead and change your passwords—especially if you use the same password in multiple places. Pro tip: Don’t use the same password across accounts! Using the same password for all your social media profiles, email addresses and bank accounts is just asking for trouble. Instead, you should always use unique passwords and change them every 90 days. I know you think I’m a madman for saying that, but this is the price to pay for digital safety in the modern world.
Creating diverse passwords can be tricky. But whatever you do, don’t rely on a phrase or anything that is easy to guess. (Sorry, that means famous quotes and maiden names aren’t good fallbacks.) Get creative!
Let me help you with this:
- Use a combination of uppercase and lowercase letters.
- Use special characters (like ! or # or $).
- Make your passwords long (12 characters minimum).
- Use random words strung together (instead of “merrychristmas” try “GrinchHome@loneElf18”).
Check Your Credit Report
Okay, we aren’t worried about your credit score here (in fact, we never are). Instead, look through your credit report to see if anything suspicious or odd stands out to you.
You can get one free credit report per year from each of the three major credit-monitoring bureaus. This means you can check your credit report every 3–4 months. If you can stay on top of your credit report, you could have the upper hand in noticing suspicious activity.
Look for red flags like these:
- Inactive accounts that suddenly have activity on them
- A line of credit appears that you didn’t open
- Your personal information is incorrect
- A good standing account is in collections
- A credit inquiry pops up that you didn’t apply for
Never ignore red flags! Ironically, that advice works for credit reports, and even better for relationships.
We know it can be annoying to sift through your bank transactions each day. But then again, if you can make time to scroll through your social media feeds, you should be able to make time to keep your money and identity safe. You need some ice for that burn? But seriously, make time for this stuff!
Your bank should alert you if they see anything irregular going on—but don’t rely on that. It’s much more beneficial if you're the one checking your account every single day. Because no one cares about your financial safety as much as you.
Get Identity Theft Protection
A solid identity theft protection program can help keep you from being a sitting duck waiting for identity theft to find you. Be proactive! Make sure you’re prepared before you become a victim of a data breach.
Safeguard yourself and your family from the nightmare of identity theft. RamseyTrusted provider Zander Insurance offers an identity theft protection program that can give you the security and peace of mind you need. It’s the same protection I personally use, and it’ll save your butt (and dozens of hours of your precious time) if you get hit by identity theft.
Did you find this article helpful? Share it!
About the author
George Kamel