The Microsoft Exchange vulnerability debacle, which has been reported on to extensively by The Hacker
There is a new data breach identification service, Breach Clarity, that is the first of its kind to offer guidance on what a consumer should do if they are part of a breach. The service doesn’t replace the work that other sites like Have I Been Pwned do but complements it. Once a consumer verifies that their information has been exposed as part of a data breach through a site like Have I Been Pwned, they then can go and enter the name of that breach on the Breach Clarity site to determine what they need to do to protect themselves based on the data that was harvested.
This is a huge positive step in the fight to help protect consumers when their personally identifiable information (PII) has been disclosed. Up until now, there has not been a resource that gives real guidance on what to do if you were a victim of one of these breaches. The best you could do was know that you were a part of the breach and then if you read sites like Krebs On Security, you would know to freeze your credit reports. With Breach Clarity consumers now have a resource that provides real guidance on what to do when their data is no longer private. I strongly encourage you to check this site out and make sure that you have taken some of the steps it suggests if you have been part of a data breach.
As a reminder, some of the best things you can do whether you are a part of a current data breach or not are:
- Use a different password for every online account, never use the same one multiple times. You will need to find a password manager program like 1Password or LastPass to help you mange these.
- Freeze your credit reports – it is just a good idea to do that. There is no need to leave them unfrozen and if you know you are going to need to get a loan or have a credit check done, use a temporary thaw period.
- Disclose as little about yourself on social media as you can. Do you really need everyone to know your phone number, email addresses, addresses, etc? Protect that information and only disclose it to those that really need it. If you are using your mobile phone or email as a second factor of authentication on accounts, it is even more important to protect these details.
- Always use two factor authentication when a service provider allows it. Even better, use an app like Google Authenticator or Authy to provide the one-time passcodes for these services. Don’t use your phone number or email address unless there is not another option.
Stay safe out there.