Connect with us

Cybersecurity

Cybersecurity 101: What To Do If Your Data Is Involved In A Data Breach

Published

on

Cybersecurity 101 By Z6Mag

There is no way that one can downplay the gravity of the world’s data security problem. Day after day, reports of a new database from various companies are exposed online and is dominating most of our security-related conversations. Billions of people have been affected, and it’s most likely that your data has been exposed or compromised one way or another.

Of course, these data breaches vary in degrees. Some were spotted earlier than the other, allowing them to secure their database before someone used it for their criminal activities. Some, however, remains accessible until today, and it’s pretty much available for everyone to use. There are also data that are relatively harmless – like names, email address, breed-readiness, etc. However, there are also data that were very sensitive like nude images, phone recordings, credit card details, passwords, and social security numbers.

Protecting your data from being exposed is one way to ensure that your data will not end up in an unprotected database somewhere. But that only goes as far as it can. There are data that, no matter how much you protect them, can still fall in the hands of dangerous people.

Hence, it is indispensable to know what to do if in case your data becomes public. Here are a few things that you can do to mitigate the effects of a data leak:

WHAT TO DO IF YOUR DATA HAS BEEN LEAKED?

Read the news.

Making yourself aware of the recent data breaches will prepare you for the worst days to come. If you are updated with the recent cyber attacks, you can be able to plan out what to do in case your data is part of the database that has been exposed.

Furthermore, by being updated and aware of the recent data attacks, you will be alerted if the company or the app or the website that has your data was breached. In that case, you can immediately take action to protect yourself if in case someone uses your exposed data against you. Remember: knowledge is power.

Determine what kind of data is leaked.

As mentioned earlier, there is a varying intensity of the effects of data breaches. It is essential to know what kind of data was compromised so that you will know what steps to take to mitigate its possible effect on you. For starters, there are three primary intensities of data breaches:

  1. Least Sensitive Breaches – This kind of data breaches only exposed harmless data like your name and your email address. With this kind of breach, the worst that can happen to you is increased traffic in your spam folder.
  2. More Sensitive Breaches – This kind of breaches are more harmful as they usually include some sensitive information that you don’t want even your friends to know. Examples of these data are credit card numbers and date of birth. While a stolen credit card number may result in fraudulent charges, the cardholder will eventually be protected from the liability if this happened. On the other hand, the date of birth can be used to verify identity since it doesn’t change unlike address or phone numbers.
  3. Most Sensitive Breaches – This kind of breaches deal with confidential information of a person like your social security number. When criminal elements take hold of your social security number and your name, it becomes easy for them to impersonate you resulting in identity and financial theft.

Change all affected passwords.

If an online account has been compromised, it is necessary to change all affected passwords immediately. One tip is to make the new password stronger than the previous password. It is even more advisable to replace all account passwords in all the services you use to make sure. Avoid reusing passwords in other accounts; that way, you will be limiting the damage if in case a breach happens.

Contact relevant financial institutions.

Once your data is exposed and is way up there – especially your credit card information – contacting the card issuer immediately will protect you from fraudulent charges. Make sure that you personally appear to the institution or to talk to a human representative. Explain to them that your account is at risk of fraud and ask the card issuer to alert you if it detects suspicious activity. Most likely, the company will cancel the card and issue a new one straight away.

Contact credit-reporting bureaus.

By contacting credit-reporting bureaus and asking them to place a fraud alert on your name, you will be notified if in case someone impersonates you or steal your financial identity. For example, if someone decides to open a credit card account in your name, you will know. These alerts are free and can be renewed every 90 days, at least in the U.S.

In conclusion:

All of these tips are a few of the things to do for you to mitigate the effects of a data breach. The best thing to do, however, is prevention. /apr

A Consumer Tech and Cybersecurity journalist who does content marketing while daydreaming about having unlimited coffee for life and getting a pet llama.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Cybersecurity

Indictment Against Hackers Involved In Anthem Data Breach Unsealed

Two men are indicted for allegedly part of a group of hackers from China linked in the Anthem Insurance data breach in 2015. Click To Tweet

Published

on

Twor men are indicted for allegedly part of a group of hackers from China linked in the Anthem Insurance data breach in 2015.
The indicted individuals are allegedly part of a group of hackers from China linked in the Anthem Insurance data breach in 2015. Photo: Tim Reckmann | a59.de | Flickr | CC BY 2.0

Two men were indicted in the U.S. in connection with the data breach at the health insurance company, Anthem, that siphoned more than 78.8 million customer and employee records between 2014 and 2015.

The Justice Department recently unsealed an indictment against two people who prosecutors say are part of a sophisticated hacking network group, based in China that was behind not only in Anthem data breach, but also the attacks against three other US businesses.

While the Justice Department did not name the said Chinese hacking group victimized the three other businesses who they said, they said that these companies were “data-rich.” One was a technology business, one was in necessary materials, and the third was in communications. They said that all of these three companies store a substantial amount – and some confidential – of data on their servers and data networks.

The suspects are 32-year-old Wang Fujie with the Western name of “Dennis” and another one that until now remained unnamed. The Justice Department could not find the real name of the unnamed man but said that he goes by various online nicknames such as “Daniel Jack,” “Kim Young” and “Zhou Zhihong.”

The charges are one count of conspiracy to commit fraud and related activity in relation to computers and identity theft, one count of conspiracy to commit wire fraud, and two counts of intentional damage to a protected computer.

According to the indictment documents, the hacker group where Dennis and the unnamed man belongs have carried out attacks using “sophisticated techniques” including spearphishing and malware from February 2014 and up until around January 2015.

They allegedly sent tailored spearphishing emails with links to malware and sent them to employees at the target companies. Once the targeted employee opened the email, the system would get affected by the malware that would later plant a backdoor Trojan that gives the hackers remote access via their command and control servers.

Wang is also accused of having set up the servers, hosted in California and Arizona that were used in the Anthem attacks.

The cyber attack suffered by the insurance company has had them cough up large amounts of money as settlement, making it the most significant data breach settlement ever. In 2017, the company agreed to pay $115 million to settle a class action suit over the breach.

The Anthem attack is also the most massive health insurance data breach, and the amount of data lost to the hackers dwarfed the biggest data breaches in the following years with 11 million breached at Premera and 10 million from Excellus.

The DOJ through a press release and Assistant Attorney General Brian Benczkowski called the hacking event as “unprecedented.”

“The allegations in the indictment unsealed today to outline the activities of a brazen China-based computer hacking group that committed one of the worst data breaches in history. These defendants allegedly attacked U.S. businesses operating in four distinct industry sectors and violated the privacy of over 78 million people by stealing their PII. The Department of Justice and our law enforcement partners are committed to protecting PII, and will aggressively prosecute perpetrators of hacking schemes like this, wherever they occur.”

Meanwhile, another set of indictments were released by the Justice Department against European hackers over the hacking of different private and public institutions in the United States. Ten individuals were charged with conspiracy to commit computer fraud, conspiracy to commit wire and bank fraud and conspiracy to commit money laundering.

The ten people who were charged were allegedly involved in the malicious software attacks that infected tens of thousands of computers and caused more than $100 million in financial losses, the US and European authorities announced Thursday.

According to the officials who filed the charges, the malware, which enabled cybercriminals and hackers from Eastern Europe infiltrate computer systems remotely and siphon funds from victim’s bank accounts, targeted companies and institutions across all sectors of American life.

The victims of the malware attacks included a Washington law firm, a church in Texas, a furniture business in California and a casino in Mississippi.

The investigation started following the dismantling of a network of computer servers, known as Avalanche, which hosted more than two dozen different types of malware. The Justice Department had successfully taken their operation apart in 2016.

Continue Reading

Cybersecurity

Winnti For Linux: Researchers Found Linux Variant Of Malware Used By Chinese Hackers In 2015

A Linux version of Winnti malware was discovered by tech researchers from Chronicle. The malware was used in 2015 by Chinese hackers. Click To Tweet

Published

on

A Linux version of Winnti malware was discovered by tech researchers from Chronicle. The malware was used in 2015 by Chinese hackers.
The discovered Linux malware bears significant similarities with its Windows counterpart. Photo: Christiaan Colen | Flickr | CC BY-SA 2.0

Linux systems are cybersecurity kings, but on a historic first, tech researchers have found a variant of a widespread malware, a favorite of Chinese hackers, have been discovered in a Linux system.

The discovery was made by researchers from the Chronicle, Alphabet’s cybersecurity department. The researchers revealed that they found a Linux variant of the Winnti malware that works as a backdoor on infected hosts, granting attackers access to compromised systems. It was the malware used by Chinese hackers in the high-profile cybercrime against a Vietnamese game company in 2015.

Chronicle researchers said that they discovered the malware following the news that Bayer, one of the biggest pharma company in the world, had been hit by Chinese hackers, and the Winnti malware was discovered on its servers.

After the team scanned Bayer’s system using its VirusTotal platform, they found what appeared to be a Linux variant of the Winnti, dating back to 2015 when it was first used by Chinese hackers to attack a Vietnamese gaming company.

According to the Chronicle, the malware that they have discovered comes in two parts: a rootkit to disguise the malware in the infected host and the actual backdoor Trojan. Further analysis the discovered Linux variant of the Winnti malware bears a lot of similarities to the malware’s Windows version. Other connections with the Windows version also included the similar way in which the Linux variant handled outbound communications with its command-and-control (C&C) server — which was a mixture of multiple protocols (ICMP, HTTP, and custom TCP and UDP protocols).

“As with other versions of Winnti, the core component of the malware doesn’t natively provide the operators with distinct functionality. This component is primarily designed to handle communications and the deployment of modules directly from the command-and-control servers. During our analysis, we were unable to recover any active plugins. However, prior reporting suggests that the operators commonly deploy plugins for remote command execution, file exfiltration, and socks5 proxying on the infected host. We expect similar functionality to be leveraged via additional modules for Linux,” said the researchers in their comprehensive report.

Lastly, the Linux version, just like the Window’s version, also has the ability for Chinese hackers to initiate communication with the infected host without going through the C&C servers – distinct characteristics in Windows Winnti.

“This secondary communication channel may be used by operators when access to the hard-coded control servers is disrupted,” Chronicle researchers said in a report published last week.

While infecting Linux systems is something already done especially by American and Russian hackers, it is also extremely rare, as pointed out by the Chronicle.

“Clusters of Winnti-related activity have become a complex topic in threat intelligence circles, with activity vaguely attributed to different codenamed threat actors. The threat actors utilizing this toolset have repeatedly demonstrated their expertise in compromising Windows-based environments. An expansion into Linux tooling indicates iteration outside of their traditional comfort zone. This may indicate the OS requirements of their intended targets, but it may also be an attempt to take advantage of a security telemetry blindspot in many enterprises, as is with Penquin Turla and APT28’s Linux XAgent variant,” added Chronicle.

Meanwhile, malware have become one of the most common tools to attack computer systems, even those of public institutions. A few days ago, ten Europeans were indicted for the malware attacks that have victimized several businesses and government agencies in the U.S.

The ten people who were charged were allegedly involved in the malicious software attacks that infected tens of thousands of computers and caused more than $100 million in financial losses, the US and European authorities announced Thursday last week.

The victims of the malware attacks included a Washington law firm, a church in Texas, a furniture business in California and a casino in Mississippi.

The charged individuals are now facing conspiracy to commit computer fraud, conspiracy to commit wire and bank fraud and conspiracy to commit money laundering.

The investigation started following the dismantling of a network of computer servers, known as Avalanche, which hosted more than two dozen different types of malware. The Justice Department had successfully taken their operation apart in 2016.

Officials reveal that the malware in the current court case has infected more than 41,000 computers by disguising as legitimate messages or invoice and was sent as spam emails. Once the email was opened, hackers will be able to record all keystrokes in the infected computer, sweeping data like baking information and wire money away from the victim’s account.

Continue Reading

Cybersecurity

10 European Cybercriminals Charged For Malware Attacks In The US

European and US Officials collaborated to pin down ten individuals in connection with the ransomware attacks in the US. The charges include facing conspiracy to commit computer fraud, conspiracy to commit wire and bank fraud and conspiracy… Click To Tweet

Published

on

European and US Officials collaborated to pin down ten individuals in connection with the ransomware attacks in the US.
European and US Officials collaborated to pin down ten individuals in connection with the ransomware attacks in the US. Photo: Christian Cohen | Flickr | CC BY-SA 2.0

The tech world has agreed that ransomware and malware are becoming one of the most prolific cyber attacks in recent (more…)

Continue Reading

Today’s Latest

Our Voices

Silicon Valley Silicon Valley
Our Voice2 days ago

How Tech Companies Affect Communities In Places They Call ‘Home’

Tech companies are today’s driving forces in the economic world, mostly because of the introduction of the Internet. It allows...

We reviewed RingCentral's VoIP offers We reviewed RingCentral's VoIP offers
Our Voice6 days ago

RingCentral VoIP Review

VoIP has had a significant shift from a technology exclusively used by the early adopters or hobbyist to a widely...

April Fools April Fools
Our Voice2 months ago

April Fools Jokes Aren’t Just “Jokes”

April Fools is undoubtedly a fun day, exceptionally if you have crafted the most elaborate prank on your friends and...

Facebook Facebook
Facebook2 months ago

Facebook Should Do Better At Processing Community Standard Violations, And They Should Do It Fast

A few months ago, I saw a photo of myself used by another Facebook account with a “R.I.P. (Rest in...

With reports of artists committing harassments, should you separate the art from the artist? With reports of artists committing harassments, should you separate the art from the artist?
Our Voice2 months ago

Supporting Problematic Artists And Their Arts, An Opinion

As the world becomes swarmed by reports of famous artists – musicians, comedians, actors, painters – being alleged or in...

How to regulate facial recognition without possible risks How to regulate facial recognition without possible risks
Our Voice2 months ago

Ethical Regulation Of ‘Facial Recognition’ Is A Shared Responsibility

There is an ongoing discussion both in online and offline spaces regarding the growth of facial recognition technology and its...

Solving Data Breachs, must focus on SMBs Solving Data Breachs, must focus on SMBs
Cybersecurity2 months ago

Data Breach Epidemic: Solving The Problem In SMBs Will Solve The Problem For All

In the last two weeks, we’ve witnessed a vast amount of data breaches and information leaks, and the issue has...

Here's why we agree to Jacinda Ardern, New Zealand Prime Minister words of not naming mass shooter suspects Here's why we agree to Jacinda Ardern, New Zealand Prime Minister words of not naming mass shooter suspects
Our Voice2 months ago

We Agree To PM Ardern Of Keeping Christchurch Murderer Nameless, And The Media Should Listen

In the wake of Christchurch mosques shooting in New Zealand that killed 50 people at two mosques, the shooter is...

Apple Anti-Snooping Paten Apple Anti-Snooping Paten
Apple2 months ago

Apple vs. Police Authorities; A Cold War Against iPhone’s Anti-Snooping Patent

To protect its customers from hackers and illegal surveillance, Apple is developing an anti-snooping technology that would impede police and...

Fighting misinformation over measles outbreak Fighting misinformation over measles outbreak
Our Voice2 months ago

An Epidemic: Measles Or Misinformation?

2018 was the year when people started asking the question: ‘should I get my child vaccinated?’ Most people answered yes,...

Join us as we delve into the future of the VoIP industry Join us as we delve into the future of the VoIP industry
Our Voice3 months ago

Take A Look At The Predicted Future Of The VoIP Industry

For the past 20 years, VoIP has become an integral part of the lives of millions of people around the...

Contact Center Solutions Contact Center Solutions
Business3 months ago

Choose The Right Call Center And The Best Contact Center Solutions of 2019

The Ins And Outs Of Business Communication Management For your business to exist in today’s world, you must know how...

Instagram poses as a threat to some of the world's most famous location Instagram poses as a threat to some of the world's most famous location
Our Voice3 months ago

How Instagram Corrupts Famous Locations In The World

Is Instagram corrupting the beauty of breathtakingly beautiful locations and sucking all the joy out of traveling? With the era...

How one can earn crypto How one can earn crypto
Our Voice4 months ago

Ways To Earn Cryptocurrency

Cryptocurrency is one of the growing medium for exchange in most countries as it offers a more convenient and safer...

Ending Payday Loans Ending Payday Loans
Our Voice4 months ago

Can We End Payday Loans?

We can’t neglect the fact that debt is one of the pressing problems in the country, especially in today’s economy....

How will 5G change our lives -- Our Voice How will 5G change our lives -- Our Voice
Our Voice4 months ago

Jumping From 4G To 5G: Here’s What 5G Can Do For You

One of the most awaited advancements in technology is the cellular industry. With its monthly updates on software, model and...

VoIP vs Traditional Telephones: Cost Factors to consider VoIP vs Traditional Telephones: Cost Factors to consider
Our Voice4 months ago

What are the cost factors of VoIP?

In the next few years, we might be saying goodbye to traditional telephone systems in exchange for Voice over Internet...

Manufacturing Firms Investment on Technology Manufacturing Firms Investment on Technology
Our Voice5 months ago

Manufacturing Firms are Investing More on Technology

Based on the recent research on how manufacturing companies are coming up in the market industry, they have been increasing...

How to properly take Technology Innovation in companies How to properly take Technology Innovation in companies
Our Voice5 months ago

Technology innovation in companies—for the better or the worse?

Technology has significantly impacted both homes and workplaces in the last years. As much as we want to keep our...

Trending