The Latest Data Breach and Your Personal Information

In the wake of the bombshell that G+ will be no longer, I received an email on October 9th from Credit Karma regarding the status of my data as it relates to the latest data breach.

While I started using a site called LastPass about a year ago to manage all my passwords, I'll be the first to admit that I was not in a rush to go through all my existing accounts and update my passwords. Sure, I modified the passwords on the accounts I used frequently, like my email account, social media and e-commerce sites.

I had pretty much forgotten about all the old accounts that had been imported into LastPass when I first signed up, and ignored the initial reminders that I was utilizing passwords multiple sites, thinking that it was no big deal and that my data was safe.

Many of you who are reading this are probably in the same boat I was. Too busy, and too brain fried to come up with a unique password for every single site we use, so we get into the habit of reusing the same password over and over again. Even though we are advised not to do so.

I had gotten creative and started using special characters at the end of my passwords, but I still utilized the same 3-4 passwords over and over again, as was made quite obvious by the information that Credit Karma found.

Equally, concerning was the list of Data Breaches, over the past SIX YEARS, that my email alone was associated with. Some I was aware of, many of which I was not.

Due to this information, I just spent the following morning going through my Last Pass vault, and identifying each and every site that used my email address, and changed the passwords on each and every account. While I am feeling somewhat better about this situation, I am still concerned that there may be accounts out there that I do not even know about, because they haven't been used in ages.

Are there sites that still contain my email address, but utilize something other than my email for the user id? And if so, how would I even go about finding those sites?

How The Latest Data Breach May Affect You:

Simply stated, a Data Breach refers to a situation where your personal data has been exposed. It could be as simple as just your email address and password, but it can be as detailed as your financial data, like the one that happened with Experian.

Financial data, particularly those that may include your social security number put you at a high risk for identity theft. This means that a criminal has all the data needed to pose as you and open credit card accounts, apply for loans, and more. All things that can ruin your credit profile, if you are not aware of them.

I personally had my identity stolen about five years ago, but the source was from the unlikeliest of places. My husband and I had applied for a car loan at a local car dealer. As part of the process the dealer takes a photo copy of your drivers license. About a month or so later, I started receiving credit cards in the mail. At first, I thought they were "introductory" offers, until I looked further and found they were accounts that had been opened in my name. They went on a spending spree at a local mall, and opened accounts and ran up the balance, until my less than stellar credit at the time put an end to the spree.

As soon as I realized what had happened I contacted the credit bureaus and notified them of what happened. I also talked to the fraud department at one of the last stores the individual had tried to open an account at, and was denied, only to find out that the individual had my EXACT drivers license number, name and address, and all they did was change the photo.

How to Fix It:

Depending on the information that was leaked, the first step would be to change the passwords on all the accounts that utilized any of the passwords included in the breach. If you use a service similar to Last Pass, you should be able to search your vault for all accounts that utilize your email address, and it will display the password you used with that account.

If, on the other hand, you are still utilizing the same password on all your accounts, the first step is to change these passwords IMMEDIATLY! I highly recommend using https://www.lastpass.com/ (No affiliate link), as it is completely Free to use. With this service, all you need to do is remember one main password which provides access to your vault. There is an Add-on for Firefox that allows the service to auto-fill the username and password on sites that it has a match for.

I personally like the service because it will auto generate a unique password with upper and lower case letters, numbers, and special characters of as short, or as long of a password as you would like. This eliminates the chance of ever using the same passwords on multiple sites. Just make sure you keep your main password safe, because if you forget that, you lose access to your entire vault, which could be a huge headache.

If the data involved is more critical, like financial info, including your social security number, date of birth, and address, you will want to do the following as soon as possible.

1. Request a free copy of your credit report to check and make sure there are no accounts on file that you did not personally open yourself.

2. Contact all the credit bureaus and put a fraud alert on your account. This will protect your account for one year against someone opening new accounts in your name. If you've already been a victim, an extended fraud alert can be placed on your account, and will protect you for seven years.

3. Consider placing a credit freeze on your account. This process makes it harder for identity thieves to open new accounts in your name because a creditor will need to see your credit report prior to approving you for a new account. If you want to open a new account, you will need to temporarily lift the freeze. A freeze is a good idea if you have no plans or needs to open new accounts in the near future.

Conclusion:

Learning that your data has been involved in one of the latest data breaches can be frustrating, and a bit anxiety inducing. But with some simple steps, like the ones outlined above, you can lessen your chance of becoming a victim in the future.