By Jennifer Yeagley

A Hacker Got Everyone?

If you have not paid attention to the news recently, you may have missed a big story coming to light this week. You have likely had your identity compromised.  What else is new, right?  Wrong.  In a data breach of epic proportions, 2.7ish billion records have been stolen.  Reportedly, these records are for the US, Canada, and UK.  How is that different from other breaches?  National Public Data (NPD) is a background check company that pulls data from a variety of sources and sells it to companies and individuals for a price.  If they have done their job correctly, they have gathered data on your SSN, phone numbers, past addresses, relatives’ names, past jobs, jail records, and more.  Essentially, a background check company like NPD has an open book for your identity, and NPD lets the book get stolen.  What makes this worse is that the cyberattack happened in April of 2024.  That means your information, my information, and my child’s information may have been floating around the dark web for four months.  Oh, but wait, there’s more!  While the data has been up for sale for $3.5 million, recently, a hacker group released the data for FREE!

Big Deal…My identity has been out there before!

Many of us have felt that there is a chicken little situation with data breaches.  We hear about it constantly, but that does not mean something will happen to me, right?  True, you may or may not be perfectly safe.  You won’t know which way it turns out unless something happens.  So, you are left wondering, “Is today the day?”  You might not even know about your identity being stolen until you need a car loan, mortgage, new credit card, or school loan.  When you cannot get that new loan, you find out loans have already been taken out in your name.  Not only that, but you owe thousands of dollars you knew nothing about.  What’s worse is that you may face more immediate issues from identity theft.  Your bank account could be drained, your social media accounts can be hacked, and your phone number can be hijacked.

SIM Swapping

Given the potential depth of records for everyone impacted by the data breach, the idea of SIM swapping, SIM jacking, or SIM splitting is of more significant concern.  What is that?  These terms refer to the idea that a hacker convinces your phone company to change your phone number to a different SIM card.  They can do this by providing all the information to answer security questions, which may be in the background check data (mother’s maiden name, high school, date of birth, etc.).  This helps the hacker to use a verified number when calling businesses about your accounts.  It also allows the hacker to hijack the MFA codes sent to your phone number, giving them greater access to secured accounts and data.

Ok, now what?

Thankfully, there are steps you can take to protect yourself.  Yes, they may take some work and possibly money on your end, but it will help you in the long run.

1. Monitor your credit – The best place to start is with a credit check. You will be able to see if your identity has already been stolen.  From there, set up credit monitoring so that you are alerted to changes in your credit.  The earlier you are warned, the easier it is to combat fraud.  At the bottom, I will add links for the three big credit bureaus: Equifax, TransUnion, and Experian.
2. Freeze your credit – If you are not looking to open a line of credit any time soon, consider freezing your credit. This is free and can prevent someone from opening a line of credit without taking verification steps.
3. Improve your internet security—Everyone hates the extra steps to keep things secure, but get over it. You either want to take the extra steps to secure yourself or recover from identity theft. I guarantee one is a lot less stressful than the other.
   1. Passwords—Use different passwords for everything. Use long passwords (12-18 characters) and complex passwords (capital and lowercase letters, numbers, and symbols). If you are concerned about remembering your passwords, get a password manager.
   2. MFA, Security Keys, and Authenticators – Add an extra level of protection with an MFA, security key, or authenticator. MFAs typically send a code to your phone number or email, so if you are concerned about SIM swapping, one of the other two options may work better.  A security key is a physical object connected to your computer that allows you to connect to specified sites.  An authenticator program sends a randomly generated MFA code through the program tied to your device rather than the phone number.
   3. Protection Software – Antivirus, malware protection, and spam filtering software are good ways to protect your computer. Make sure they are up to date to protect from the latest threats.
4. Purchase Identity Theft Protection—Some plans may include theft prevention monitoring and reimbursement of funds if your identity is stolen. Other plans cover just one part. Make sure you know what you already have through places like your bank or insurance companies and fill in the gaps.

Unfortunately, we are experiencing a high frequency of data breaches this year. In fact, in the first half of 2024, over 1 billion people were impacted by data breaches worldwide, a 409% increase over the same period last year. Doing nothing leaves you vulnerable to hackers and thieves. Protect yourself, be safe, be smart, and always be great!

Credit Bureaus

Equifax:  www.equifax.com OR www.equifax.com/personal/credit-report-services/credit-freeze

TransUnion:  www.transunion.com OR www.transunion.com/credit-freeze

Experian:  www.experian.com OR www.experian.com/freeze