As your Internet Service provider, EarthLink is committed to keeping you informed of security events to protect your digital life.  Below our partner Symantec shares information regarding a recent security breach.  

______________________________________

A large hotel brand announced what could be one of the largest corporate data breaches in history. The company’s guest reservation system was hacked, potentially exposing the personal information of up to 500 million guests.

The exposed personal information includes some combination of name, mailing address, email address, date of birth passport numbers, and other information that could expose individuals to the risk of identity theft.

How will users know if they are affected by the data breach?

About two thirds of the company’s customers are potentially affected by this breach. The company began sending emails to customers affected by this breach on a rolling basis on November 30, 2018. The email will not contain attachments or requests for personal information or passwords. Users should be on the lookout for such an email. Because of the volume of potentially affected customers, it may take a while for all of the emails to be sent.

If a user is affected, what should they do?

The company advised its affected customers to monitor their accounts and bank statements for suspicious activity. It also advised consumers to be vigilant against third parties attempting to gather information by deception, or through “phishing attacks”, which could include email links to fake websites.

Here are some steps users can take to help protect themselves if they think this data breach may have exposed their information.

  • Change any passwords that use the same login information as those used in their hotel accounts.
  • Watch for communications from companies that had recent data breaches
  • Monitor news reports about this breach, watching for new developments.

What can cybercriminals do with exposed personal information?

Cybercriminals could commit a variety of crimes using the stolen data. For instance, sensitive information like date of birth, address, or passport numbers can be combined to create fake IDs. The IDs could then be used to commit other crimes. Also, personal information can be sold on the dark web, and identity thieves could wait months, or even years, before using the stolen information.

How can passport information be used to commit crimes?

There are various implications of having a large trove of stolen passport numbers available on the dark web (including national security concerns). For the typical US consumer however, the main impact is that it opens an additional opportunity for identity theft.

The accessed data contains much of the information needed (full name, address, gender, date of birth, passport number) for creating fake passports, using standard templates available on the black market. The process is straightforward and not very expensive.

Fake passports can be used for a variety of fraud and other criminal activities, including opening new bank accounts and credit accounts. Additionally, the Social Security Administration accepts U.S. passports as proof of identification/U.S. citizenship when issuing SSNs (and issuing replacement SSN cards).

The Social Security Administration will accept a passport in lieu of a birth certificate.

How to protect your identity

With your personal information, an identity thief could open new accounts in your name without your knowledge. Here are options to consider that could help protect your identity:

  1. Credit freezes

A credit freeze “freezes” your credit report, making it difficult for potential creditors to access it. Without such access, a creditor cannot open new accounts in your name. To obtain a credit freeze, contact each of the three major credit reporting agencies listed below. There may be fees associated with freezing your credit and removing a freeze.

Equifax: 800-525-6285 or www.equifax.com

Experian: 888-397-3742 or www.experian.com

TransUnion: 800-680-7289 or www.transunion.com

  1. Fraud alerts

If you have a fraud alert on your credit files, when someone applies for credit in your name, creditors are required to take reasonable steps to verify that it’s you — not a criminal — attempting to open a loan or applying for a credit card, for instance.

To place a fraud alert on your credit files, contact one of the three major credit reporting agencies. That credit bureau is required to send your request to the other two credit bureaus.

You must renew fraud alerts every 90 days.

  1. Credit monitoring

Credit monitoring services track changes to one or more of your credit reports, including applications for new credit cards or loans. The idea behind credit monitoring is to alert you to activity involving your credit report so that you can determine whether someone is attempting to open accounts in your name.

Some banks and credit card companies offer basic credit monitoring by giving customers access to a regular credit score. Unexpected changes to that score may indicate something amiss, and that someone has fraudulently obtained credit in your name. Other companies, including credit reporting agencies themselves, provide more extensive credit monitoring for a fee.

  1. Identity theft protection

Identity theft protection services typically provide credit monitoring, and sometimes a credit score, at one or more of the three credit reporting agencies. These services may also monitor the use of your personal information in ways that don’t show up on your credit report. Identity theft protection services may also provide restoration services to help victims resolve issues of identity theft.

There isn’t much you can do to prevent a data breach. Once your information is given to a business or an organization, you likely have no control over how it is stored. If it is not secured, cybercriminals may be able to gain access to it.

But there are things you can do to help protect yourself in other ways. It’s a good idea to consider investing in a comprehensive cyber safety product to help protect your devices and personal information.

For more information about protecting yourself with Norton products, go to Security and Tools.

___________________________________________________________________________________________________

© 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo,  Norton, Norton by Symantec,  are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries.