breach

FBI says there’s no evidence Chinese hackers used Equifax data, but consumers can’t be complacent

Posted on

Equifax Breach Pic

Originally seen on CNBC on Feb 10th, 2020 by Megan Leonhardt

The Justice Department announced Monday that it’s indicting four members of the Chinese military for the 2017 Equifax data hack, which exposed the personal information of 147 million Americans.

The department’s painstaking investigation also found there’s no evidence the data stolen has been used “at this time,” FBI Deputy Director David Bowdich said during a press conference Monday.

Yet Bowdich urged consumers to remain vigilant when it comes to protecting their information. “As American citizens, we cannot be complacent about protecting our sensitive, personal data,” he says.

The Equifax data breach, first announced in September 2017, is one of the largest in history, with 147 million consumers affected, according to the Federal Trade Commission. Hackers were able to get access to a multitude of consumers’ private information, including names, Social Security numbers, dates of birth, credit card numbers and even driver’s license numbers.

During the investigation into the breach, Equifax admitted the company was informed in March 2017 that hackers could exploit a vulnerability in its system, but it failed to install the necessary patches.

Last summer, Equifax agreed to pay $700 million to settle federal and state investigations into how it handled the massive data breach. As part of the settlement individual consumers were able to claim up to $20,000 for any losses or fraud caused by the breach or free credit-monitoring services. If you already had credit monitoring in place, you could submit a claim for up to $125 cash payment.

The settlement received final approval last month. If you’re still unsure if your data was part of the Equifax breach, you can enter your name and the last 4 digits of your Social Security number in a search here.

The best ways to protect your information

Although none of the stolen Equifax data has been detected yet, that doesn’t mean that it will never surface, cyber-security expert Joseph Steinberg tells CNBC Make It.

That’s especially true since much of the information that was stolen in the Equifax breach, including Social Security numbers, does not change with time. In fact, this type of data can become more valuable over time, aging like a fine wine, Steinberg says. “If the Chinese use the data a decade from now, few people will even be thinking about the Equifax breach.”

That said, Steinberg says the Chinese government is probably not stealing data in order to steal money, and identity theft is probably not its primary reason either. “The data might have tremendous value in terms of recruiting spies and other military-type purposes,” he says, adding that “the FBI would not have a clue if the data were used as such.”

To protect your data, Bowdich recommends Americans avoid clicking on links or opening attachments in emails, especially when you don’t know the sender.

Emails are a particularly common way for fraudsters to gain access to your credit card information or identity. Hackers send what’s called a phishing email. “Email is the number-one way cyber crime of all forms happens. If a bad guy can get you to click on a link in an email, he can do all manner of bad things to your online life,” says Dave Baggett, co-founder and CEO of anti-phishing start-up Inky.

Americans should also use two-factor authentication, which generally requires users to not only enter a password, but also confirm their identity by logging onto your phone or entering a code texted or emailed to you.

Last, people should check their credit report on a “fairly regular” basis, Bowdich said. Unlike a simple credit score, your entire credit report provides a comprehensive look at your credit history and activity. You can get a free copy of your report once a year from each of the three major credit bureaus: EquifaxExperian and Transunion.

“They should make sure their data and their information is secure,” Bowdich said.

Yahoo Breach Payout: How To Claim Up To $25,000 Before The Deadline

Posted on

Yahoo Article Image

Originally seen on Forbes on Feb 11th, 2020 by Kate O’Flaherty

The Yahoo breach is known as one of the worst of all time, partly because of its size. When the firm was hacked twice in 2016, all of Yahoo’s 3 billion users were affected. Worse still, hackers had stolen highly sensitive information including names, security questions and answers, and passwords.

It’s only fair, then, that those impacted are given compensation of some kind. Last year, Yahoo said it would pay up to $25,000 to each person affected by the breach, with $100 or free credit monitoring available to most users. It is part of a $117.5 million breach settlement for 194 million people.

The higher $25,000 is available if you can prove the financial damage you suffered due to the Yahoo hack. You are eligible for the $100 payout if you can prove you already have credit monitoring in place.

Last week, you might have received an email telling you more about the Yahoo payout. The deadline of July 20 this year is getting closer, so what better time to apply for your compensation? Here’s what you need to do.

How to apply for a Yahoo breach compensation payout

If you are based in the U.S. and had a Yahoo account between January 1 2012 and December 31 2016, you are eligible to make a claim. The first thing you need to do is visit Yahoo’s settlement website, where you can see whether you qualify for credit monitoring or the $100 cash payout. The cash payout might even go higher–if too few people apply in time, the money could go up to a more enticing $358.80 per claim.

However, you do need to prove that you have credit monitoring in place in order to qualify for the cash.

You also might be eligible for a payout of up to $25,000 in out of pocket losses. According to the Yahoo settlement website, this includes “lost time, that you believe you suffered or are suffering because of the data breaches.”

The settlement site explains that you can receive payment for up to fifteen hours of time at an hourly rate of $25.00 per hour or unpaid time off work at your actual hourly rate, whichever is greater. If your lost time is not documented, you can receive payment for up to five hours at that same rate, the site says.

Once you have worked out whether you are eligible, and how much you can apply for, you can file your claim via a form on the Yahoo settlement website. You will need to supply all the relevant documents.

Breach settlement payouts increase

The Yahoo and Equifax breaches are considered among the worst hacks of all time, and both firms have been the subject of class action lawsuits resulting in payouts. The initial Equifax claim deadline, which saw breach victims apply for up to $20,000, has just passed.

There is no doubt that companies such as these needed to take better care of customers’ data, and paying some kind of compensation is quite frankly, the least they can do.

Parent company of popular restaurants breached; payment card data exposed.

Posted on Updated on

What happened?

Earl Enterprises, which manages popular restaurant brands including Buca di Beppo, Planet Hollywood, Earl of Sandwich, Chicken Guy!, Mixology, and Tequila Taqueria, announced that nearly 100 restaurant locations around the United States may have exposed customer payment card data over a 10-month period from May 2018 to March 2019.

In a data breach notice posted on its website, Earl Enterprises confirmed that malware was installed on some point of sale systems at certain affected restaurant locations. The malware was designed to capture payment card data, including credit and debit card numbers, expiration dates, and cardholder names. Online orders paid for online through third-party apps or platforms were not affected by this breach. Per the company, the incident has been contained and is being investigated.

Earl Enterprises has yet to confirm the size, but independent security researchers reported over 2 million stolen cards are now for sale on the dark web on the dark web, seemingly as a result of this breach.

What does this mean?

While cardholders are generally not liable for fraudulent charges, it is important to monitor your credit and debit card accounts for suspicious charges and report fraudulent activity to your bank in a timely fashion.