Another day, another notice of data breach

[JoeWras]

It is getting ridiculous. About once per month, I get a notice that my data has been breached. Recently the big ones were United Health and AT&T. I don't know what to say except that I'm becoming hardened to the problem. I care, but I don't care -- if that makes sense.

In other words, I'm assuming all my data is out there on the web. Is this good? No. But I have to learn to live with it. It is as if we are now living with a chronic disease, whereas before each breach was treated like an acute emergency.

Here's my latest from Dell. The good news is no finance information, hooray! The bad news is the world knows I have a computer at my home. Good thing it is a 3 year old low end laptop, and not some top gaming system:

Hello,

Dell Technologies takes the privacy and confidentiality of your information seriously. We are currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell. We believe there is not a significant risk to our customers given the type of information involved. What data was accessed? At this time, our investigation indicates limited types of customer information was accessed, including: Name Physical address Dell hardware and order information, including service tag, item description, date of order and related warranty information The information involved does not include financial or payment information, email address, telephone number or any highly sensitive customer information.

 

[CaptTom]

I think the only safe thing is to assume all your personal data is available on the dark web, for a price, and act accordingly. A good bit of it is already available on the "regular" web.

I find it especially humorous when the health care companies act so secretive and secure with your personal data, considering how much of it they hoard and how often we hear of security breaches in their systems.

 

[Koolau]

Yeah, several years ago, I went to a new clinic to find a new PCP. I filled out all sorts of forms. When I turned them in, the woman at the desk "filed" them in a "in-out" type box on the corner of her desk.

Now, on these forms was virtually everything you would need to steal an identity including SSN. There was a separate page attached which showed photo copies of your DL and all insurance cards.

I asked her for my forms back which I promptly tore up and I walked out with the scraps.

But, yes, most of our data is out there. We're like the gazelle herd. We just hope we are the members of the herd who can outrun the big cats.

 

[easysurfer]

Discover card doing their free dark web scans notified me a few weeks ago that my SSN is in the dark web. I assume my SSN probably got there from the ATT breach (haven't been notified by ATT).

Yes, there is a tendency to get desensitized to all the data breaches (and other things going on, but that's a different story).

I've already got my tax info stolen by a prior breach years ago, and not my SSN on dark web. I do get nervous thinking the only thing really stopping (as far as I know) the bad guys from freely using my personal info is the credit freezes. If that fails, what's not to say there will be a lot of fake me's floating around.

 

[Qs Laptop]

It is getting ridiculous. About once per month, I get a notice that my data has been breached. Recently the big ones were United Health and AT&T. I don't know what to say except that I'm becoming hardened to the problem. I care, but I don't care -- if that makes sense.

In other words, I'm assuming all my data is out there on the web. Is this good? No. But I have to learn to live with it. It is as if we are now living with a chronic disease, whereas before each breach was treated like an acute emergency.

I'm with you--I get a little pissed off when I hear about these data breaches but I'm so inured to it I don't really care anymore.

So Dell has let the world know your name and address and that you own a Dell computer. Name and address can be found in 2 seconds using Google (as well as your birthday, email addresses, job history, etc.) You're also one of the very few people in the world that have a Dell computer, LOL.

Why do these companies announce they've been breached? Is it a law?

Also, generally speaking, I find the amount of widespread paranoia on ER.org regarding computer privacy to be a bit extreme.

 

[Koolau]

^^^^^^^

Just because you're paranoid, doesn't mean they aren't out to get you.

 

[sengsational]

What I wonder is.... is the guy who would have bonked you over the head and taken your money now a guy who's transitioned to computer crime? If so, it's an improvement from violent to non-violent crime. Progress!

 

[Koolau]

I suspect we'd get rid of most computer breaches if we made those who "lost" our data fully legally responsible for all our losses.

 

[Teacher Terry]

After a few of my friends had their identities stolen along with a bunch of money which took years to resolve I decided to buy LifeLock. I hate spending money on it but decided it was worth the peace of mind.

 

[Koolau]

After a few of my friends had their identities stolen along with a bunch of money which took years to resolve I decided to buy LifeLock. I hate spending money on it but decided it was worth the peace of mind.

Do you feel comfortable with what they actually "DO" for you? I've seen their commercials and tried to figure out just what their product is and whether it would have value.

Anyone with a positive experience with them?

 

[TheCaptain67]

I assume my SSN probably got there from the ATT breach (haven't been notified by ATT).

I received the AT&T breach notification letter in the mail yesterday……

 

[aja8888]

Do you feel comfortable with what they actually "DO" for you? I've seen their commercials and tried to figure out just what their product is and whether it would have value.

Anyone with a positive experience with them?

Lifelock will notify you when your identity is stolen. That's what they did for a friend of mine.

 

[aja8888]

It is getting ridiculous. About once per month, I get a notice that my data has been breached. Recently the big ones were United Health and AT&T. I don't know what to say except that I'm becoming hardened to the problem. I care, but I don't care -- if that makes sense.

In other words, I'm assuming all my data is out there on the web. Is this good? No. But I have to learn to live with it. It is as if we are now living with a chronic disease, whereas before each breach was treated like an acute emergency.

Here's my latest from Dell. The good news is no finance information, hooray! The bad news is the world knows I have a computer at my home. Good thing it is a 3 year old low end laptop, and not some top gaming system:

I got the same email from Dell....twice today!

 

[Lorenzo]

Do you accept the offers of a year of identity theft monitoring protection? Although I, too, seemingly receive these notices every few months from various holders of my personal information, I have not taken any up on the offers. For a long time I paid for that service from Experian. Then, just a year or so ago I stopped my auto-renew. I haven't looked into what kind of 1-year monitoring service they are offering for free.

I often think about all the services our parents' generation (I use that loosely here, since we're of widely varying ages) did not have to pay for. Now we're paying simply to reduce the likelihood someone will impersonate us, ruin our credit, etc.

 

[AudiDudi]

I suspect we'd get rid of most computer breaches if we made those who "lost" our data fully legally responsible for all our losses.

Agree - if the company had a liability of say $10k per name ( paid to the person) that gets compromised, they might think twice about storing that name.

 

[Aerides]

Today I went to a women's clothing store to buy a gift card for my Mum for mother's day.
First they wanted my phone number - sorry no.
Then my name, address, etc. Um No, you don't need that for me to buy this, I just want to do one transaction with my good money.

She had to get out a special book to enter in codes to avoid entering all my stuff.

Far too many places have, for years, required far too much of our data to sell us stuff that they never needed before. When was the last time you visited a new website that didn't want your location unblocked and notifications enabled? It's gotten ridiculous.

 

[JoeWras]

Do you accept the offers of a year of identity theft monitoring protection? Although I, too, seemingly receive these notices every few months from various holders of my personal information, I have not taken any up on the offers. For a long time I paid for that service from Experian. Then, just a year or so ago I stopped my auto-renew. I haven't looked into what kind of 1-year monitoring service they are offering for free.

I often think about all the services our parents' generation (I use that loosely here, since we're of widely varying ages) did not have to pay for. Now we're paying simply to reduce the likelihood someone will impersonate us, ruin our credit, etc.

I took up one offer. I think it is useless. (Kroll monitoring.)

Why? Because recently I got a ping from "CreditWise" of Capital One. Ironically, that account (Capital One) is long gone since the credit card switched to a different bank. But I still get CreditWise pings and can log in and see why.

In this case it was my AT&T info was deposited on the dark web.

What did I get from Kroll? Nothing.

 

[Mr. Tightwad]

Had an unauthorized debit card transaction this morning. Declined transaction and card is cancelled, new card is in the mail.

 

[threeonesix]

100% of data breaches are caused by customers. Most are impossible to prevent. There is only one solution: education about phishing tactics. IME the vast majority of humans are either unaware of such, or just don't care. I spent 20 years working in CIS / IT Security. It's a losing battle, requires very long hours often with no glory whatsoever, so I switched to a different IT field for the remainder of my career. Security people are always blamed for the breaches and it becomes a "you caused the problem, you fix it" with long overtime hours, no overtime pay and no bonuses for all that work. And they had nothing to do with the breach.

Many people hear these stories and think back to Wargames, the movie. The days of hackers breaking into systems like that are long gone. It may happen occasionally but hackers know their task is much easier just sending a phishing email to 20 million recipients. Even if only 0.000001% of those recipients take the bait the hackers stand to realize million$ in revenue.

 

[RetiredAt55.5]

100% of data breaches are caused by customers.

100 percent?

So all the big company data breeches account for 0 percent?

That doesn't make sense, especially when these big company breeches expose the data of millions of customers.

 

[Sunset]

100% of data breaches are caused by customers. Most are impossible to prevent. There is only one solution: education about phishing tactics. IME the vast majority of humans are either unaware of such, or just don't care. I spent 20 years working in CIS / IT Security. It's a losing battle, requires very long hours often with no glory whatsoever, so I switched to a different IT field for the remainder of my career. Security people are always blamed for the breaches and it becomes a "you caused the problem, you fix it" with long overtime hours, no overtime pay and no bonuses for all that work. And they had nothing to do with the breach.

Many people hear these stories and think back to Wargames, the movie. The days of hackers breaking into systems like that are long gone. It may happen occasionally but hackers know their task is much easier just sending a phishing email to 20 million recipients. Even if only 0.000001% of those recipients take the bait the hackers stand to realize million$ in revenue.

Nope.... Blaming the victim is not always the correct answer !

I had my Menards CC used at some gas stations in another State. It was because the database holding the CC information was copied.

The thieves made a fake copy of the CC to buy a few thousand dollars worth of stuff including tires, at gas stations..
All sorts of reasons the CC should have been denied:
- different State from historical usage.
- Shopping at non-Menards store , where history shows it's the only place it was ever used for a decade.
- Size of expense, history shows previously max was $100 or less every time, not thousands..

The CC company obviously didn't care, as they get fees regardless.

 

[Aerides]

100% of data breaches are caused by customers. Most are impossible to prevent. There is only one solution: education about phishing tactics. IME the vast majority of humans are either unaware of such, or just don't care. I spent 20 years working in CIS / IT Security. It's a losing battle, requires very long hours often with no glory whatsoever, so I switched to a different IT field for the remainder of my career. Security people are always blamed for the breaches and it becomes a "you caused the problem, you fix it" with long overtime hours, no overtime pay and no bonuses for all that work. And they had nothing to do with the breach.

Many people hear these stories and think back to Wargames, the movie. The days of hackers breaking into systems like that are long gone. It may happen occasionally but hackers know their task is much easier just sending a phishing email to 20 million recipients. Even if only 0.000001% of those recipients take the bait the hackers stand to realize million$ in revenue.

How did I, a customer, cause a large corporation to get hacked?

I think you mean to say that many individuals are victims of phishing, which is true, but even the savviest black hat infosec bros fall for it, so if there is "cause" it belongs to the criminals.

 

[MichaelB]

The thing that irritates me the most about the continuous stream of data breaches is, as consumers, our information is collected and traded openly by the businesses we deal with, , yet we need to pay the credit agencies to have regular and ongoing access to that data.

Consumers should have free ongoing access to all credit reports and credit monitoring agencias, and should be able to easily freeze and unfreeze, and challenge any data that’s incorrect.

 

[JoeWras]

I'm going to guess the 100% comment was referring to "customers" broadly. The comment came from a security professional who has as their customer large corporations.

So I, an end user, didn't do squat in the AT&T hack. It was likely someone in AT&T operations (a customer of security software) who was phished or hacked in a confidence game.

At least I think that's what they meant.

The problem is people. It is disturbing how many people in operations-- who should know better -- get phished or cough up a password in a confidence game. Or are bribed. You name it, it happens.

 

[CaptTom]

100% of data breaches are caused by customers...

I don't see it that way at all. And I also spent a lot of time doing IT Security.

When I think "data breach" I think of a corporate database being hacked, not some phishing situation where the end user (customer) inadvertently gives away access to their own account.

If the phishing attack is against an individual at the company, especially someone with significant privileges in that company, then the bad guys can get entire databases. But it's the company to blame there, not the customer.

Oddly enough, I just got a letter today saying that a significant amount of personal information was accessed at a company I've never heard of, which handles my former employer's health plan administration. It doesn't get any worse than that. But I fail to see how any customer could have caused that.

I blame MegaCorp, who no doubt went with the low bidder to handle all this sensitive information.