Limit the impact of third-party data breaches

Limit the impact of third-party data breaches

Following the Marriott Hotel Group's recent data breach, which impacted some staff, we thought we would share our advice on how you can protect yourself and limit the impact of such breaches.

On 31 March 2020, the Marriott Hotel Group disclosed a major data breach in which the records of around 5.2 million customers had been accessed by hackers.1

While passwords and credit card information were not exposed, other details – such as names, phone numbers, and postal addresses – were, putting those affected at a heightened risk of fraud.

When news of this breach surfaced, we immediately ran checks and notified the small number of University staff who were impacted.

Unfortunately, major data breaches of large online services such as Marriott’s reservation system happen regularly and will have affected almost every individual at one stage or another.

While you can never fully protect yourself against third-party data breaches, following our tips is a step in the right direction.

Good password management

Once a password/email combination is breached, hackers will use the same combo to try to access your other accounts. The process is generally automated and very efficient.

That’s why it’s important you use a strong, unique password for every service you sign up for.

We recommend using a password manager to help you manage your passwords. See our Password news item for guidance. And why not visit the Have I been pwned service to check if any of your email addresses and related data have been exposed in a breach.

Multi Factor Authentication

Where services allow, enable Multi Factor Authentication (MFA). This security enhancement requires you to provide two or more methods of authentication for a login or other transaction. MFA is offered by many mainstream services such as Gmail, Amazon, and online banking.

Although not bulletproof (codes can still be phished/intercepted),  MFA significantly reduces the risk of hackers accessing your online accounts.

Social Engineering and Fraud Awareness

Data breaches – even when passwords are not exposed – can make you far more vulnerable to Social Engineering and Fraud.

Hackers use harvested data to create highly convincing and targeted phishing emails. For example, stating there is an issue with your account in attempt to phish your password; requesting donations; impersonating your bank or HMRC; or the current trend – capitalising on COVID-19 panic by circulating disinformation on topics such as fake cures.

Hackers also use old password breaches (taking details from publicly available lists of leaked email/password combinations) to send email en-masse, hoping to panic a small number of recipients. For example, in attempt to blackmail people for Cryptocurrency payments.

See our Phishing and Social Engineering news items for more. 

Credit Checks

Most of us check our credit scores before making large purchases such as a house or car. However, a credit report can also be a useful tool to check for identity theft.

If you have not run a check recently, consider researching an appropriate credit check provider. The earlier a breach is discovered, the easier it will be to straighten things out.

Account Management

Lastly, if you are signed up to a service you no longer use, you should consider deleting the account. Most of us have a few online accounts we have not accessed for years. These are more likely to be protected by old or reused passwords and therefore put you at greater risk of a data breach.

Why not perform an audit of your accounts. Delete those you no longer need; update the passwords (to something strong and unique) on those you want to keep; and enable MFA if it is an option.

Tip: If you are deleting apps that you no longer use from your phone, you may wish to close an associated account first.

Further guidance and help

Find out more about Cyber Security on our Toolkit resource at www.abdn.ac.uk/toolkit/skills/it-security/

If you’re still unsure, or if you would like advice, contact the Service Desk – servicedesk@abdn.ac.uk  or https://myit.abdn.ac.uk.

 

Author: DDIS Security Team


1www.zdnet.com/article/marriott-discloses-new-data-breach-impacting-5-2-million-hotel-guests/