On August 18, T-Mobile announced that a recent data breach has affected over 40 million customers. Thankfully, it appears that no financial information was leaked. However, in a statement, T-Mobile stated “While our investigation is still underway and we continue to learn additional details, we have now been able to confirm that the data stolen from our systems did include some personal information.” Those responsible for the breach targeted T-Mobile credit applications, putting names, phone numbers and social security numbers at risk [1].
This massive data leak is just one of many that have occurred in recent years. From banks to superstores, data breaches have affected businesses in every industry, putting customers at risk. With this never-ending barrage of data breaches occurring, it’s fair to ask: When will they stop?
Well, we simply don’t know. If businesses continue to neglect cybersecurity, data breaches will remain common and catastrophic. However, there are ways to minimize this risk. Simply taking the time to protect your data is the key to preventing these massive, costly data breaches. After all, protecting your data is a lot easier than dealing with a massive data breach. Just ask Equifax.
The Equifax Data Breach
In 2017, Equifax, a consumer credit reporting agency, fell victim to a massive cyberattack and data breach. In the attack, over 160 million customers’ personal information was leaked, including names, phone numbers, social security numbers, driver’s license numbers and more [2].
In addition to the massive security breach, Equifax’s response to the attack was criticized as well. Although Equifax learned of the attack in July 2017, it was not announced publicly until September 2017. Additionally, Equifax social media directed customers to unofficial sites not owned by Equifax, putting clients further at risk of phishing attacks [3]. Put simply, the Equifax data breach showed what a business should not do in the event of a data breach. From poor communication to a lackadaisical response to the sheer scale of the breach, Equifax was largely unprepared for the breach and its consequences.
But how did the breach occur? While some data breaches can be the consequence of an honest mistake, this was anything but. Equifax was targeted because of its refusal to update its security software. In March 2017, an update for Equifax’s security software was released, but the update was not immediately installed. Quickly, cybercriminals realized there was a security hole in the older version of the software. Then, in May 2017, cybercriminals found that Equifax’s dispute portal still used the flawed security software. They gained access to documents that contained customers’ personal information, and slowly extracted the data over 76 days to avoid detection. As the attackers continued to extract the data, Equifax learned of the breach on July 29, and quickly shut off access. However, by the time Equifax cut off access to the criminals, the damage had already been done.
Why do Criminals Want Your Data?
While data breaches can be catastrophic to consumers, they can lead to big paydays for hackers. For the T-Mobile breach, the release of phone numbers can lead to increased phishing attempts among victims. And because the criminals have access to each phone number’s accompanying name, they can craft a much more convincing phishing text message. If customers fall for the trick, it puts the rest of their data, including financial information, at risk.
If cybercriminals gain access to financial information in a data breach, the consequences can be even more severe. Using this financial information, the hackers (or those who buy the data from the hackers) can open new credit lines, receive loans, or file false tax returns. And because these financial agreements are under your name, you could be on the hook for paying it back.
How do Data Breaches Happen?
While the cause of T-Mobile’s breach is not immediately apparent, Equifax’s cause certainly is clear: Negligence of cybersecurity. Treating cybersecurity as an afterthought is the main cause of many data breaches. Attackers often use phishing techniques and malware in order to gain access to valuable data. For example, when Target was the victim of a data breach in 2013, the attackers stole credentials and installed malware to Target’s software to extract names and credit card numbers [4].
In addition to outside cybercriminals, insider attacks pose a threat to businesses as well. In fact, employee error is the main cause of most data breaches [5]. While most of these breaches are small and have few negative consequences, it shows that outside actors are not the only cybersecurity risk. 47% of business leaders say that human error has caused a data breach in their organization. From losing a device to unintentionally sending confidential emails, internal data breaches certainly pose a threat. Thankfully, there are ways to minimize this risk.
How to Minimize the Risk of a Data Breach
One of the best ways for businesses to prevent a data breach is to encrypt confidential files. With strong encryption, files are unintelligible to unauthorized attackers, making your data useless to cybercriminals. So even if attackers gain access to your documents, encryption blocks the attackers from understanding the data. This ensures that your documents are usable for you, but worthless to criminals.
For individuals, there are easy strategies to minimize harm if your data is leaked. One easy technique to protect yourself is to use different passwords for different accounts. If you use the same password for all of your accounts, just one leak can make all of your accounts at risk. Therefore, it’s important to use different passwords for all your online accounts to ensure one leaked password doesn’t compromise all of your accounts. Additionally, simply checking your credit card history and credit reports can help stop identity theft after a data breach. If you catch fraud early, it can be stopped. Simply using these two techniques can help minimize the damage of a data breach if your information is compromised.
AXEL Offers Unparalleled Protection
AXEL believes that privacy is a human right. With this in mind, we created AXEL Go, a secure file-sharing and storage software. Offering industry-leading encryption and decentralized blockchain technology, AXEL Go is the best way to protect yourself or your business from unauthorized cybercriminals. Put simply, personal information deserves the best protection. If you’re ready to try the best protection, get two free weeks of AXEL Go here.
[1] Schwartz, Mathew J., and Ron Ross. “T-Mobile: Attackers Stole 8.6 Million Customers’ Details.” Data Breach Today. August 18, 2021. https://www.databreachtoday.com/t-mobile-attackers-stole-86-million-customers-details-a-17314?rf=2021-08-19_ENEWS_ACQ_DBT__Slot1_ART17314&mkt_tok=MDUxLVpYSS0yMzcAAAF-_hUkPD9ryUOmFe0rRKxJ3eQA_mnHG9wpo_qAsffgZRgbqIV4FLolYFKr0A7f0CcMmHSwwy3ta4adyJhcjljmHueKFGYuyCT0ezu_kdFj7GYGdCBegA.
[2] Ng, Alfred. “How the Equifax Hack Happened, and What Still Needs to Be Done.” CNET. September 07, 2018. https://www.cnet.com/tech/services-and-software/equifaxs-hack-one-year-later-a-look-back-at-how-it-happened-and-whats-changed/.
[3] Morse, Jack. “Equifax Has Been Directing Victims to a Fake Phishing Site for Weeks.” Mashable. June 10, 2021. https://mashable.com/article/equifax-twitter-phishing-site-facepalm
[4] McCoy, Kevin. “Target to Pay $18.5M for 2013 Data Breach That Affected 41 Million Consumers.” USA Today. May 23, 2017. https://www.usatoday.com/story/money/2017/05/23/target-pay-185m-2013-data-breach-affected-consumers/102063932/.
[5] Reinicke, Carmen. “The Biggest Cybersecurity Risk to US Businesses Is Employee Negligence, Study Says.” CNBC. June 21, 2018. https://www.cnbc.com/2018/06/21/the-biggest-cybersecurity-risk-to-us-businesses-is-employee-negligence-study-says.html.