In the age of AI-driven malware, breaches are painfully common. Back in the day, Credit Karma and Equifax got sued into oblivion because of a breach that lost a something-million people’s data – now when a site or a service gets hacked, you may not find out until you see fishy activity on a credit card or start getting annoying mailers. Sometimes the service itself doesn’t even realize. For instance, small vendors that designed their own website can be hacked if they simply fail to update to the next version of WordPress, which they may not have been made aware was available! The risk is someone getting in under the hood and snatching data that opens people and their loved ones up to scams, and new sites with tech-heavy workloads seem to be able to handle the transition, but older ones seem to be floundering through breach after breach. The safer thing would be for these companies to stop collecting more data than they need. We’re not going to see that happen unless it’s actively pursued by legal bodies.
So how do you know if you’ve been breached?
Well, unfortunately, data breaches happen so often that it’s tough to say, for certain, that your data isn’t in any of them. It is in fact possible for someone who has no online presence to have their information stolen purely by bad recordkeeping and data security from some vendor they’ve only ever been to in real life and not online, like a water delivery service, or by a government database. If you have a rewards card at a place like Best Buy, Best Buy is storing the info you gave them to get that, electronically, even if you’ve never bought a single thing off of the Best Buy website or ever set up an online account. Facebook (now Meta) makes an effort to build profiles on people whether they use Facebook or not for advertising, retaining data that might be identifiable if accurately reconstructed. For instance, it only takes three points of data to narrow down who someone is: their birthdate, their name, and their location. If someone can find these things, they can find you!
And then on the other hand, if you’re very online and you use a service like TikTok or Facebook, more info than you may think has been gathered on you – TikTok in particular has been getting in hot water in the U.S. recently because of the types of data it’s attempting to gather (mostly odd ones like to include by default in the TOS, like blanket permission to train AI on user videos, or precise location gathering unless opted out, potentially mental health conditions, et cetera – source: https://www.huffpost.com/entry/tiktok-new-terms-conditions-privacy-concerns_l_69779763e4b01cc3c1ad4578) but advertising based on algorithmic trends have been scary accurate for a very long time before this, and the new wave of dark technology might some day enable hackers to get into these databases and pick out groups that are especially vulnerable to blackmail. Target can tell when regular shoppers become pregnant by their grocery carts. TikTok is apparently trying to know when users have mental health symptoms via the videos they post. This poses a risk to people as people, beyond their credit scores, into their personal relationships. All we can do is hope that companies build better bulwarks against breaches, because right now it’s all shaping up to be a nightmare!
So what can you do?
Well, firstly, losing data in a breach isn’t good by any means, but it’s often not the instant-identity-theft potion a lot of people fear. And, you can take steps to mitigate potential harm. Credit card users should monitor their statements for small discrepancies, like subscriptions they don’t remember signing up for, because they’d probably notice a 3,000$ couch put on card anyway. Your address might have been lost in a billing database breach, which can be annoying as it opens you up to a lot of spam mail, but an address alone is an annoyance as long as it’s not also used for anything else. If you do notice your card is getting hit with things you didn’t order, calling your credit card company with the number on the back of the card (or verifiably from their real website and not from any emails!) will put you in touch with someone who will know what your next steps should be, whether that’s freezing the card or fully cancelling and replacing it.
Ideally, you’ll never run into a service outside of the U.S. government that somehow loses your social security number, but this too is not a reason to panic – you can freeze your credit and set up fraud monitoring with the government to ensure nobody can do things like take out loans in your name and wreck your credit that way. There are services, also officially sanctioned by the U.S. government, that will allow you to ‘lock’ the use of your SSN. This does get annoying, especially when interacting with other government services that ‘need’ it (like the DMV or certain benefit services) but it’s better than leaving yourself open in the event you know you’ve been breached. You should also be regularly checking your credit score. Credit Karma, despite its own history of breaches, will allow you to monitor your credit for free in conjunction with TurboTax. If you notice your score declining, you’ll be able to do something about it before you need that high score to secure a car loan or open a new line of credit.
Unfortunately, this is a sort of Pandora’s box, because once this information is lost, it’s impossible to verify that it’s ever fully removed well enough to let the guard back down. Which is why companies need to start taking their cybersecurity more seriously! The inconvenience of paying for better cybersecurity is far, far smaller than the massive inconvenience a large company can cause to thousands-to-millions of customers after a breach! People remember the Equifax breach with such disdain because they didn’t sign up for the service only to have some random company (to them) lose all of their data anyway! And the consolation prize from the class-action lawsuit was a piddly few months of free credit monitoring.
In the modern day, it’s rough out there, but it could be less rough if companies and organizations spent more time and money on good cybersecurity.
