Maybe you were affected by the Equifax data breach. Maybe you weren't. Either way, experts say, it's time to start looking ahead, to the inevitable next hack.
"What we tell consumers is to expect your personal information has been compromised, whether or not you've been notified or a breach," said consumer advocate Beth Givens, executive director of the Privacy Rights Clearinghouse. "That's a sorry state of affairs, but it's the unfortunate reality today."
Credit reporting company Equifax announced last week that it had suffered a data breach affecting an estimated 143 million consumers, exposing names, Social Security numbers and other data. EquifaxSecurity2017.com, the company's site set up to assess the impact, seems to be a kind of magic eight ball — with reports that even combos like the last name "Test" and Social Security partial "123456," or an SSN of all zeroes, turn up warnings that "your personal information may have been affected."
Even without a reliable answer there, the outlook isn't good for consumers worried about keeping their personal details safe.
Data breaches reached an all-time high in 2016, according to the Identity Theft Resource Center, and during the first half of 2017, were up 29 percent from the same period last year. As of Sept. 5, two days before Equifax divulged its breach, there have been 975 data breaches this year, exposing nearly 19.4 million records, according to the ITRC.
Homeland Security Advisor Tom Bossert and Palo Alto CEO Mark McLaughlin headline the Cambridge Cyber Summit on Oct.4 in Boston. Click here for more information and tickets.
As data breaches become more prevalent, it's more important to take proactive steps to protect yourself instead of reacting to individual incidents, said Ryan O'Leary, vice president of the Treat Research Center at WhiteHat Security. (See infographic below.) By the time you hear about a breach, it's too late to keep thieves from using that data.
You can't control how companies protect your data, so try to limit what data companies have, Givens said. Pause before you share sensitive personal information like your Social Security number, even when it's a legit entity asking — say, your doctor's office, a financial advisor or your child's school.
What we tell consumers is to expect your personal information has been compromised, whether or not you've been notified or a breach. That's a sorry state of affairs, but it's the unfortunate reality today.Beth Givensexecutive director, Privacy Rights Clearinghouse
You may find you don't need to provide that information. If it is required, press for details on why they need the info, how it will be stored and secured and who will have access.
"Always ask, even if it will make you unpopular," Givens said. "An awful lot of institutions don't appear to have their act together. It's a good idea to ask these questions."
Another key step is monitoring — for suspicious transactions on existing accounts, as well as new accounts in your name and other red flags of identity theft, said O'Leary. Consumers often find out about breaches weeks or even months later, and that lag can make it tougher and more expensive to resolve problems if you haven't already been watching for problems.
"It's all about catching these as soon as we possibly can," he said.
Opt in for alerts of suspicious transactions and attempted logins, and keep tabs on your credit report. More robust solutions might also be warranted, O'Leary said, like paid credit monitoring. Or even a credit freeze, which prevents anyone (including you) from opening new accounts in your name.