I recently received a $5 check in the mail from Equifax. It took me a minute to remember that I had filled out a form months (years?) back to get compensation from Equifax as part of their massive 2017 data breach and it got me thinking about how ubiquitous these kinds of data breaches have become. There was the 2013 data breach that happened to Yahoo affecting 3 billion accounts, the 2021 LinkedIn data breach (700 million), the 2019 Facebook data breach (533 million), another Yahoo data breach in 2014 (500 million) just to name a few (https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html). What this has resulted in is a laissez faire attitude when people hear of the latest breach, as it’s now just a matter of throwing another log on the ever increasing pile.
In the modern digital age you have to assume your passwords personal information will inevitably be stolen so it is imperative that we are cognizant of password reuse and setting up two factor authentication. Hackers earn millions of dollars (https://www.tomsguide.com/news/hackers-have-earned-millions-selling-your-data-on-the-dark-web-how-to-stay-safe) selling data they get from these data breaches in large part because many people still reuse a lot of their authentication information which allows someone to take a password you used on Yahoo! and try that password on other commonly used sites. Former President Trump’s twitter account has famously been ‘hacked’ multiple times, in part because he was reusing passwords and more often simple to guess phrases (https://www.vn.nl/trump-twitter-hacked-again/).
One solution many people have turned to is using password managers like LastPass, which allows users to auto generate new passwords for their many accounts, significantly reducing the chance that old passwords can be used against them. However, as one might expect this has led to Password Manager services to become victims of hacking themselves, as evidenced by what happened with LastPass just recently (https://www.techtarget.com/searchsecurity/news/252529329/LastPass-faces-mounting-criticism-over-recent-breach).
We are all told it’s imperative to take your data security very seriously but it’s disheartening to have your data stolen and receive a $5 check in the mail 6 years later. Ultimately, one of the ways I’ve tried to combat this is by significantly reducing my digital footprint. This includes reducing my social media use and limiting the PII (Personally Identifiable Information) I give out even when the expectation is I’m anonymous. Someone can’t steal what they can’t find.