Identity thefts are up, but many people don’t act to protect themselves – Hamilton Journal News

identity-thefts-are-up,-but-many-people-don’t-act-to-protect-themselves-–-hamilton-journal-news

Were you aware !

“The latest data breach analysis makes it clear that it is not a question of if we are going to set a new all-time high in terms of data breaches this year, but how much of a record high we’ll see,” said James E. Lee, chief operating officer at the resource center, a nonprofit that tracks data compromises and provides free assistance to victims.

“That’s troubling news on its own, but when you consider the ITRC’s recent study on what people do after receiving a data breach notice — which is very little — it’s clear that there is so much more we all need to do in terms of preventing identity crimes and compromises.”

ExploreCompanies skimp on cybersecurity defense at their own peril

The center’s third quarter report shows that as of Sept. 30, data compromises rose by nearly 17 percent over all of 2020. The report found that nearly 281.5 million people were victims this year.

There were 1,291 data compromise events so far this year, compared to 1,108 in all of 2020. The previous record was 1,529 in 2017.

Data compromises - U.S.    
Year Events Victims
2021 1,291 281.5 million
2020 1,108 310.1 million
2019 1,279 883.6 million
2018 1,175 2.2 billion
2017 1,529 1.8 billion
2016 1,105 2.5 billion
2015 785 318.3 million
Note: 2021 is of 9/30/21    
Source: Publicly-reported data compromises compiled by the Identity Theft Resource Center  

Most consumers have been the victim of a data breach and more than half of social media users have had their accounts compromised, according to a new survey of 1,050 adult consumers in the U.S. by the resource center and DIG.Works, a consumer research company.

The survey found:

  • 16 percent of respondents took no action after receiving a data breach notice.
  • 48 percent changed the password only on the breached account.
  • 22 percent changed all of their passwords.
  • 3 percent of respondents took the most effective action, which is to use a credit freeze to block new accounts from being created.
  • 15 percent of respondents use a unique password for each account, and 13 percent don’t think strong and unique passwords are important.

“Overall, consumers report a high level of awareness of data compromises and the range of actions they can take to protect themselves before and after a data breach,” according to the resource center’s analysis of survey results.

“However, there is a significant gap between the level of awareness and actions taken by consumers that leave most people vulnerable to additional attacks and a continuing risk of identity crimes.”

More than a quarter of those who took no action after a breach notice said they failed to act because “my data is already out there.”

Twenty-nine percent thought the organizations responsible for protecting their data would address the issue, and another 17% said they didn’t know what to do.

Fourteen percent thought the notice itself was a scam, the survey found.

The resource center recommended that organizations do a better job of notifying consumers of data breaches.

Explore5 experts: Cybercriminals want your data and ransom money

Data compromises include breaches, exposures and leaks. An exposure, typically caused by a system or human error, is generally considered lower risk because there is no indication information was accessed, copied or removed.

One bit of positive news in the third quarter report is there were zero data compromises attributed to skimming devices, as the use of chipped payment cards has steadily risen.

But data compromises were higher in nine of 13 sectors compared to 2020, with financial services, manufacturing and utilities, and education experiencing the largest increases.

Caption

Paul Hansford, associate professor Computer Science and Information Technology, teaches at Sinclair Community College. The college's programs include training in cybersecurity.

Credit: Contributed

Paul Hansford, associate professor Computer Science and Information Technology, teaches at Sinclair Community College. The college's programs include training in cybersecurity.

Caption

Paul Hansford, associate professor Computer Science and Information Technology, teaches at Sinclair Community College. The college's programs include training in cybersecurity.

Credit: Contributed

Credit: Contributed

Cyberattacks are the primary cause of all data compromises and those attacks were up 27 percent over 2020, according to the third quarter report. Six cyberattacks against unsecured cloud databases exposed 48 million victims in the third quarter alone, the report said. Another 99 million people had their data exposed when 20 organizations failed to secure cloud databases, the report said.

Phishing and ransomware attacks accounted for the bulk of cyberattacks in 2021.

ExploreCybercriminals make eye-popping ransom demands

Phishing is a fraudulent email or website masquerading as a legitimate business or person. Ransomware is malicious software — or malware — that hackers use to infect a computer network, locking out the owner by encrypting the data. The hacker demands money in exchange for a key to restore access and agreeing not to publicly release or destroy stolen data.

Prominent ransomware attacks last spring disrupted operations of Colonial Pipeline Co. and meatpacker JBS.

Cybercriminals exploit lax security protocols and the stolen personal information like logins and passwords available on the dark web to make their way into computers.

ExploreThieves stealing passwords can get ‘keys to the kingdom’

“Most attacks they start at a user. They start with an employee,” said Kyle Jones, associate professor and chairman of computer science and information technology at Sinclair Community College. “They start with that single entry point.”

It is crucial to have robust password protocols requiring 12-15 letters and special characters, and to require multifactor authentication, said Gordon Elder III, founder owner of No Name IT of Dayton.

Caption

Gordon Elder III, founder and owner of No Name IT of Dayton

Credit: Contributed

Gordon Elder III, founder and owner of No Name IT of Dayton

Caption

Gordon Elder III, founder and owner of No Name IT of Dayton

Credit: Contributed

Credit: Contributed

He and other cybersecurity experts say companies should install protective software on computer networks, use virtual private networks for remote work, and do regular data backups that are stored off site. All security patches issued by suppliers and manufacturers should immediately be installed on all computers, servers, and other equipment.

“These are known vulnerabilities and now it’s a race,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center. “Once the provider releases that patch and they’ve gone on record saying here are the vulnerabilities and how you fix them, it’s a race between you patching it and the thieves.”

ExploreSee more stories by Lynn Hulsey
ExploreNew infrastructure law expected to boost jobs and economy
ExplorePHOTOS: Federal funding helped make these local road and bridge projects happen
ExploreVeteran suicides are ‘public health and national security crisis’
ExploreChild care crisis: Costs, shortage of workers leading to ‘a situation that is untenable’
ExploreTrucking industry wants to lower age to drive big rigs. Safety advocates call it risky

In the end, you know, I just wanted to mention that camDown helps stop foreign state actors (FSA's) from accessing your webcam.