Yahoo has confirmed that data from all 3 billion of its user accounts was stolen during a cyberattack in 2013. This means they probably got you, too — here’s what you can do now to help limit the damage.
Dr. Richard White is an expert in the fields of cybersecurity infrastructure, cybersecurity remediation, and cybersecurity program development, and the author of Cybercrime – The Madness Behind the Methods. He is the former Chief Information Security Officer for the United States Capitol Police, the managing director for Oxford Solutions and course chair for the Cybersecurity and Information Assurance program at the University of Maryland University College.
“This is another example of data breaches being more destructive and widespread than previously envisioned,” White says. “This is why when an attack occurs, the victim organization must bring in qualified incident response personnel that can accurately and comprehensively determine the vector, extent, and containment of the breach.”
“Additionally, this incident proves the need to have qualified cyber experts deeply involved in all merger & acquisition activities to help detail the level of risk present and to help identify what precise resources are required to mitigate the identified risk.”
It is not uncommon for experts to uncover additional breach details after the initial public report — but three billion is an astonishing number even for a seasoned cyber professional like White.
With the frequency and severity of breaches on the rise, good cyber-hygiene includes:
- Change passwords often and do not use any password that can be found in the dictionary. Also, do not use the same password across multiple accounts. This helps limit the damage done from any single breach. Use a combination of upper and lower-case letters, numbers and special characters.
- Lock and monitor your credit.
- Place a fraud alert on your files with your creditors.
- Consider mortgage and fraud protection.
- Monitor all credit card statements for anomalous activity.
- Monitor all bank statements and accounts for anomalous activity.
- Monitor all entitlement programs (e.g., Social Security, Medicaid, Medicare, etc..) for fraudulent activity.
- Monitor all retirement accounts for payment activity.
- Dispose of all financial and personal account information properly. Use a shredder or ensure the information cannot be read or used after disposal because there are “bad guys” that deliberately sift trash in order to find personal and financial information for the purposes of committing fraud.
- Stay vigilant: If you think you are the victim of cyber related crime/fraud, contact the organization that maintains the account and report it immediately. Also, contact your local law enforcement agency because they will provide further guidance and aggregate your report with others that may lead to a coordinated response. For specific guidance contact the Federal Trade Commission (FTC). The FTC provides information for a wide range of cyber breaches involving all types of personal data.