In today's digital world, our personal information is everywhere. We use it to shop online, access bank accounts, and connect with loved ones. Unfortunately, this convenience comes with a risk: data breaches.
It seems like we see at least one major data breach every year. In 2024 (so far) we've seen AT&T tell us about a massive breach of over 70 million customer's info, and we've also seen the same from T-Mobile and Verizon. Other companies aren't immune, of course, but there's a good chance you're a customer of one of these carriers because they provide service for your phone. You should be concerned.
Amazingly, this doesn't happen more often. Huge companies hold data about hundreds of millions of customer accounts, and that's a juicy peach for bad actors looking for a quick way to get data. At the risk of sounding like a corporate apologist, most companies are doing a lot to prevent data breaches. They can't get it right every time, though.
You don't have any control over your data once it's in the hands of another. You're at the mercy of the practices and security of companies like AT&T, who try to keep it safe. That doesn't mean you shouldn't do anything, though.
What is a data breach?
A data breach is the unauthorized access or exposure of sensitive information. This could include anything from your name and address to your Social Security number or credit card details.
This can happen in many ways; someone may gain unauthorized access to a company's internal network through an exploit, an employee could decide to go rogue, enterprise-grade malware can be injected into a server, or employee devices can be stolen and used to gain access.
None of the how matters to you and me because we can't do anything about it. We have to trust that the companies we do business with are doing everything they can to prevent it. But you should still care and do your part.
A data breach can have a dramatic impact and the consequences are far-reaching. As a customer of a business which has experienced a data breach, you could face:
- Financial Loss: Hackers can use stolen financial information to make unauthorized purchases or open new accounts in your name.
- Identity Theft: Data breaches can be a stepping stone for identity theft, where criminals use your information to impersonate you and potentially rack up debt or even commit crimes.
- Damaged Credit Score: Fraudulent activity can wreak havoc on your credit score, making it difficult to secure loans or rent an apartment.
- Emotional Distress: Dealing with the aftermath of a data breach can be stressful and time-consuming. Don't discount this aspect even though it's not very "technical".
None of that sounds good. And to be honest, none of it may happen even when your data is leaked out. A company is required by law to report a breach of customer data, no matter how small, and most of the time customers see no immediate impact when it happens.
The issue is that your data is out there and available. There are websites and forums where this sort of data is bought and sold every day. You hear crazy stories about the "Dark Web," and some are real. If I had the desire and the money, I could buy a bundle of names and credit card numbers this afternoon. So could you. So could someone who wants to try and use them to steal money from people like us.
This is why you need to pay attention and do your part when it happens. The affected company will have some guidelines you should follow, so be sure to follow what they suggest. In the most recent example as of writing, AT&T has forced all customers to create a new passcode and suggests that you monitor your credit report. If a breach is severe, a company may also offer free identity and credit monitoring services. Please take advantage of them.
Other steps worth considering are changing all your account passwords, contacting your bank and credit card companies so they can flag your accounts for monitoring, or even placing a freeze notice on your credit report so no new accounts can be opened in your name.
That said, the best things you can do happen before a data breach. They're things you should be doing anyway, and they can dramatically limit the damage from a data breach. They're also pretty easy:
- Be cautious online, and never click any link from someone you don't trust.
- Use 2FA (two-factor authentication) for every account or service offering it.
- Use a VPN if you need to use public wi-fi regularly.
- Keep the software on all your connected devices up to date.
Data breaches are a concern in today's digital age and will only become more commonplace. Understanding the risks and taking preventative measures can minimize the damage and protect your personal information, even when billion-dollar companies don't get it right.
For further insight into data security and breach response, visit the Federal Trade Commission (FTC) or the Identity Theft Resource Center (ITRC) webpage for information and up-to-date notices of data breaches.
