What The Data Breaches At Uber And PayPal Tell Us
Q: I've been hearing about security or data breaches at some large companies I do business with. I'm worried that something like this might result in harm to my credit. What exactly is a data breach and what can I do to protect myself?
A: As our digital world expands, so does cyber crime. Two companies that recently experienced major data breaches are Uber and PayPal. Chances are, you've done business with one or both of these companies. To protect yourself against these and future breaches, arm yourself with knowledge and good habits.
Just what is a data breach?
When a criminal gains access to data sources and sensitive information such as credit card numbers, passwords and license numbers, this constitutes a data breach. Such access can be physical, like when someone has access to your phone or computer. The information in your device can be copied (or ported) to another device. More often, and more nefarious, is virtual thievery accomplished by a number of means, such as bypassing the security measures put in place by you or a company that stores your info in some way. Cyber criminals at Uber and PayPal used this method to steal data.
As more people are connected to the Internet and use online services, data breaches are increasingly more common. Uber's breach exposed the personal information of 57 million customers and Uber workers in 2016. It included names, phone numbers, email addresses, and license numbers. While sensitive information like birth dates and credit card numbers were not exposed, many of these can be attained and paired to the exposed information. PayPal also had a large data breach that potentially impacted 1.6 million customers.
This stolen information can be then used in many ways, including setting up accounts to establish a new identity. It can also be used to use to steal a person's identity.
How can you protect yourself?
No one who uses the Internet to transact business is completely secure from threats of breaches like these. However, experts in cyber security have some suggestions to lessen your vulnerability.
Do not log into accounts using Facebook. When you log in this way, you are allowing Facebook to access more information about you and you don't have control over how this data is used.
Don't give out too much information. The University of Western Australia's Centre for Software Practices suggests not giving your age and birth date when filling out profiles. You can make up a birth date and even choose your opposite gender. When using social networks, limit the information you make available. Identity thieves can make quick use of your birth date and hometown. Don't post these in your profile.
Use more than one email account. For social media, using more than one email account can help to keep your data from being accumulated in one place. If you have a large amount of data in one place, losing it all at one time can potentially do greater damage.
Be password smart. A surprising number of people use the same password for many sites. This is a problem because if one of your sites is compromised, hackers can try that password on other sites. While it may not be convenient, it is smart to use a different password for each site you use. Every password should be strong with a unique combination of letters, numbers, and symbols.
Another option is to use a password manager to generate passwords and store them in an encrypted database locally or remotely. An uncrackable password goes a long way to protect your data.
Limit your use of credit cards online. Ironically, given the subject of this article, using PayPal is safer than using credit cards when online. PayPal limits the information you are providing. In fact, no customers were harmed in the PayPal data breach.
Change identifying information. Pick a new birth year or change your gender on social media profiles. This helps to keep information about you from being linked with information from other sites.
Practice good data management. Check all of your account statements regularly. Look for suspicious items and set alerts to notify you when a large purchase is made.
Check to see if the apps you use are storing information. Some apps actually collect and sell information. Install updates for your apps because the updates typically include more advanced security, or close existing gaps that were recently discovered and exploited.
Your Turn: Unfortunately, almost everyone has a nightmare story about a personal data breach situation. What is yours? How did you handle it?