Sharon Koehler

Stone Industry Consultant

Thwarting Hackers, Thieves, Evil People and Ne’er-Do-WellsA couple of times a year I climb on my soapbox and relate some of the worst data breaches from various organizations and try to convince you to check your accounts and change your passwords and maybe even add 2 step authentications to your accounts. (I know it’s a pain in the butt, so while regularly changing your password isn’t foolproof hack prevention, it definitely does help.)

Anyway, this is going to be one of those times–mostly because one of the most recent breaches really just made me mad. I live on the East Coast, Virginia to be exact, and earlier this year I traveled to Maryland to the MGM Grand for a Carlos Santana concert.

 I checked in around 5:00 PM. I went to a restaurant in the hotel and had dinner. Then, I went to the concert venue which is in the hotel and enjoyed my concert. After the concert I went back to my room and went to sleep. I woke up the next morning, ordered room service and then checked out around 9:00 AM. I was in the hotel for a total of 16 hours +/-. I didn’t gamble or go to any of the shops. I just ate, went to my concert, and slept overnight. That sounds innocent enough. But it wasn’t. I got a notification just the other day from MGM Grand that said they had suffered a data breach and I needed to check my information, change my passwords on my account, et cetera, et cetera. Seriously!? 

So, while I was doing all this I decided to check and see what other businesses have had data breaches this year. I can’t give you the whole list because it’s too long, plus not all breaches have been reported yet. To be truthful, I was stunned by several of them.


Norton LifeLock:
This is a stunner, mostly because this is a company that is supposed to protect our identities from hackers, thieves, evil people, and ne’er-do-wells. Admittedly, it was a small breach, less than 7,000 accounts, but still…THEY HAD ONE JOB!


PayPal:
35,000 customers were warned of a breach in which accounts were improperly accessed. In this case, passwords obtained from a different breach were used to create this event. This is the BIGGEST reason you should not reuse passwords. 


T-Mobile:
37 MILLION T-Mobile customers had their personal data stolen in a cyber-attack. According to the company: names, addresses, phone numbers and more were acquired in the breach. Some customer data was found on a hacker site called BreachedForums. Do you have T-Mobile? If you do or had it in the past, you might want to check your account.


AT&T:
In March, AT&T notified 9 million customers of a breach exposing “customer data.” Do you have AT&T as your service provider? At the very least, I urge you to change your password.


ChatGPT:
We all flocked to AI when it first came out, using it for various things and experimenting with it. 101,000 users have had their personal data compromised by a cyber security attack on the company. 


Yum Brands:
The name may not sound familiar, but you know it well. Yum Brands are Taco Bell, Kentucky Fried Chicken and Pizza Hut. Personal data, including drivers license numbers, were compromised.


Callaway:
Again, not exactly a household brand, but we all know it as Top Golf. Over 1 million customers had their addresses, passwords and other sensitive data stolen.


Caesars Entertainment:
Even if you never stayed at one of their hotels, did you ever place a bet on their sportsbook service? They paid a hacking group a $15 MILLION ransom to keep personal data such as driver’s license and social security numbers from being exposed. Last I hear, they were still hoping it worked.


If you have already been victimized by one of these breaches, here is a bit of irony for you. The above-mentioned hacker site for selling stolen data Breached Forums was itself hacked this year. So, your stolen data and personal info were stolen AGAIN. 

Norton LifeLock aside, the next three breaches just stunned me completely. They probably don’t affect the general population like the others, but if the government isn’t safe, who is?


The NO-FLY List:
Here’s a shocker. This government database with over 1.5 million names on it was stolen by a Swiss hacker. While it has not been publicly published, parts of it have been leaked to journalists, human rights organizations and “other part[ies] with legitimate interest.”


U.S Marshall Service:
  Documents from legal processes plus personal and administrative information on persons/subjects of investigations and some employees were compromised. These guys are in charge of the Witness Protection Program. Their safety procedures and firewalls should be impenetrable, shouldn’t they?


Dept. of Transportation:
237,000 current and former employees of this government agency had their data compromised.


What should you do if your personal identity is hacked or stolen?

Go to the website IdentityTheft.gov . This website will help you understand the severity and the damage of your situation. They also have tips and advice on how to deal with all the ins and outs and complications of having your identity compromised or stolen.

  • Change your passwords. Don’t just change the one pertaining to the breached company. Change them all and don’t reuse them. If that seems like an overwhelming task, maybe you need a password manager like Dashlane or RoboForm.

  • While you are changing your passwords, whenever possible, sign up for two-factor authentication. (2FA). 

  • Sign up for identity protection services. There are others out there besides Norton LifeLock. Aura, Identity Guard and Zander are just a few of the options. Check with the company that has been breached. They may offer the service to you.

  • Check all your credit reports regularly. Look for suspicious or unusual activity that you can’t identify.

  • Check all your bank and credit card statements as well to look for abnormal charges or activity and notify the card company immediately if you see something.

  • If warranted, freeze your credit.  You can contact the 3 major credit bureaus and ask them to freeze your credit. Hackers and thieves will be unable to open new accounts. The downside is that you won’t be able to open anything either, so think carefully before you take this step.


Companies are supposed to alert you if there has been a data breach (like the MGM Grand did for me). Don’t ignore it. It’s easy to look at it and go “Oh geez, here we go again” and not do anything about it because it happens so frequently these days that we are used to it, and we feel like we are fighting a losing battle, so why fight at all? That is definitely the wrong attitude. Ignoring it could up-end your life as you know it and destroy your present and future financial security. Fight on!


Please send your thoughts and comments on this article to Sharon Koehler at
Sharonk.SRG@gmail.com .