Data breaches happen constantly. Sadly, the United States doesn’t have a federal law that requires private entities or government agencies to notify you if your information has been leaked online.
Instead of a comprehensive data privacy and protection law like the European Union’s General Data Protection Regulation (GDPR) we have a patchwork of state laws. According to the National Conference of State Legislatures (ncsl.org) all 50 states, the District of Columbia, Puerto Rico and the Virgin Islands have passed laws requiring notification when personally identifiable information is stolen or leaked. You may want to visit their site to find out what rights you have in your state.
If you have reason to believe that your information has been stolen or leaked there are free online resources that can help you pinpoint the data that’s been exposed.
Visit haveibeenpwned.com and enter an email or phone number. You’ll receive a report detailing which websites or companies have been associated with a data breach including the email address or phone number you provided.
Each entry in the report will identify the company or organization, summarize the nature of the breach and tell you what kind of information was compromised - email addresses, dates of birth, passwords, employers, job titles, physical addresses, etc.
My most recent visit to haveibeenpwned.com revealed that my primary personal email address was associated with a 2013 Adobe breach, a July 2018 Animoto breach, a 2019 CafePress breach, a 2019 Canva breach, etc. Some of those accounts have been closed for years and others aren’t a cause for concern because I’ve changed the passwords since the breach. In addition, the main reason my personal report didn’t send me into a panic is because I never reuse passwords.
Reusing passwords makes you vulnerable to “credential stuffing.” When a cybercriminal steals or buys one of your passwords online they will do their best to find all of your other accounts and use it to log in.
If you reuse the same password for multiple accounts you're begging to become a victim. Your best defenses against credential stuffing are using strong, unique passwords for every account and enabling two-factor authentication (sometimes called 2FA or multi-factor authentication) for all accounts that offer it, especially financial accounts.
Σχόλια