Data breaches and identity theft can cause tremendous heartache for not just corporations, but for average consumers who fear losing their hard-earned money to scammers. Cyber attackers have been able to access all types of sensitive information such as birth dates, credit card numbers, Social Security numbers and bank account information with hacking activity reaching an all-time record in 2016.
Here are some of the biggest data breaches and hacks that were reported in 2016 that could end up affecting consumers right here in Orange County.
Blue Cross/Blue Shield: The health insurance company agreed to pay $1.1 million in fines for failing to protect the personal information of nearly 700,000 policy holders. An investigation into the company showed that they failed to encrypt names, addresses and other sensitive information including Social Security numbers, birth dates and other medical information.
Yahoo: In December, Yahoo announced that more than 1.5 billion customers had been hacked in two separate attacks in 2013 and 2014. The two attacks together are the largest known security breaches one company’s computer network. The information that was stolen includes sensitive user information including names, telephone number, dates of birth, encrypted passwords and encrypted security questions that are commonly used to reset passwords. Yahoo asked consumers to change or reset their passwords and took steps to invalidate unencrypted security questions, steps that it declined to take in September when it announced the first wave of hack attacks affecting 500 million user accounts.
Internal Revenue Service (IRS): At the height of the 2016 tax season, the IRS announced that it had been hit by a massive data breach, exposing the information of more than 700,000 individuals. Hackers got the information including Social Security numbers and other personal information from the IRS’ “Get Transcript” program, which was created to allow taxpayers to check their history online. The hackers apparently accessed the accounts using data from the breaches of IRS-approved tax preparers or through other online accounts.
LinkedIn and MySpace: A hacker called Peace posted data on the dark Web to sell, which allegedly included information on 167 LinkedIn accounts and 360 million emails and passwords from MySpace users. The LinkedIn leak expands on the 6.5 million encrypted passwords that were posted following a breach in 2012. The stolen data included user names, passwords and emails.
Verizon Enterprise Services: The company announced a data breach, which affected more than a million customers. The breach apparently allowed hackers to collect information including basic contact information of clients. It is not clear what the exact cause of the breach was, but Verizon said it recently found and fixed vulnerabilities in its client portal, which was used by the hacker to collect the information. This breach essentially highlighted concerns over telecom providers who are often an attractive target for hackers because they hold an extensive amount of customer information.
Uber, FitBit: A serious data breach affecting nearly 3,400 websites and apps including Uber and FitBit was recently reported by CloudFare, a cyber security company. According to other reports the dating website OkCupid was also affected. Compromised information includes usernames, passwords and other private information. The companies have said they are still trying to determine the magnitude of the data breach.
Madison Square Garden: Thieves apparently stole credit and debit card information from customers of its concession stands over a year-long period, the company revealed in November. Anyone who purchased food, drink or other merchandise at the company’s properties between Nov. 9, 2015 and Oct. 24, 2016 may have had their payment card information stolen. This could have happened at several of the company’s venues including Radio City Music Hall, Beacon Theater and Chicago Theater. The hackers apparently installed malware on the company’s payment processing system to steal this information.
How Can You Protect Yourself?
If you suspect you are the victim of a data breach, there are a number of steps you can take to protect yourself:
- Enroll in free identity protection services that companies offer you. This has become standard practice among companies whose data is breached.
- Call your bank and make sure you inform them that you were a customer at an institution that was breached. If your card was affected, the bank might contact you first to issue a new card.
- Request a 90-day fraud alert. If your Social Security number was stolen in a breach, ask the credit bureaus to attach a note on your file so creditors know to further verify the identity of anyone who tries to open new accounts or take actions under your name. Be sure to notify the three major bureaus – Experian, Equifax and TransUnion.
- A security freeze will put your information on lockdown. This means that credit bureaus cannot give it out without your permission. This is another good precaution to take particularly if your Social Security number was stolen.
- Change your passwords. This is the most basic step you can take to block an identity third. Set strong passwords and don’t use them across websites especially for accounts that involve your banking or credit card information.
- Turn on two-factor authentification. This means one more step in addition to entering your username and password. Often, it will involve the website sending a text message with the passcode to your cell phone.
- Be vigilant about your statements. Confirm each charge on your account line by line. Double check any discrepancy.
- Sign up for alerts. Banks often allow customers to set email or text alerts for transactions over a set value. Notifications make it a lot easier for you to keep table on your account.
Protecting Your Rights
If you have been the victim of a data breach, it is important to understand that you have rights. An experienced California consumer attorney can help determine if a manufacturer adopted the necessary safeguards to prevent a breach from occurring. Such safeguards include encrypting customers’ personal information. If you have been a victim of a data breach, you may be able to receive compensation for your damages and losses by filing a class action lawsuit. Contact an experienced consumer attorney to obtain more information about pursuing your legal rights.