We hear a lot about data breaches. In each case, the breach is announced, and further protections added to the network. Historically, the victims are purchased a subscription to a credit monitoring service and sent on their way. This was fine during the initial data breaches of this century perhaps, but by now it is irrelevant.
There have simply been too many data breaches this century. Sure most of the ones we hear about are very specific so you KNOW if you are part of the batch. If you were using AdultFriendFinder to locate hookups you know whether your information is on a site like that. Almost half a billion identities were dumped in that data breach. Other data breaches, like the LinkedIn or Ebay are much broader data sets. It can be harder to know whether you should take dramatic actions like canceling credit cards and the like.
That is the thing. It can be embarrassing if your password gets exposed and your Facebook profile is vandalized. It is more of a problem if someone impersonates you on LinkedIn. If they go on to message your boss to tell him you think he is a real d!c\<[email protected], then there is greater damage. Still it is mostly the money stuff we care about. Financial embarrassment is the worse kind of embarrassing.
I worked at Experian for a couple of years. Their internal security measures were tight. I had to request "test" information so I could test certain aspects of the sites I worked on, like freecreditreport.com and others. Most of the time, coders are just dipping into the data, as they like, to test. I was impressed by Experian's data protection regimen. However, when the Equifax data breach occurred I knew then EVERYONE's data was on the dark web. We are just too capitalist of a society for such a data breach not to have dumped EVERY American's data onto the dark web.
What to do about this situation? Well the first thing to do is divide passwords into low security and high security. The low security passwords where a breach is not likely to cost you money can be easily remembered. Never use these passwords in the high security settings. Money sites are ones requiring very complicated passwords. Do not use the same one on different money sites. Also, use two factor authentication.
I rarely if ever will even access money sites via a mobile device. I understand many tech people will find this to be TOO PARANOID, but I persist. Mobile devices are black boxes with apps on them that are themselves black boxes. Probably these devices are secure. If I must, I use a secure browser on the mobile device. I think this "layers" the more mature security rules of browsers with the new security rules of mobile apps. However, I still find it difficult to use mobile devices when accessing a bank or brokerage.
If one wants to be very secure when accessing their money sites, then keep a bootable USB stick around. Boot your home machine with a fresh operating system install every time. This can be inconvenient for sure, but it is pretty darn secure when you are launching a virgin operating system every time.
I never use my debit card on the internet at all. I also never use the debit card at an outside gas pump. Both these situations expose the debit card to ne'er-do-wells. I always use a CREDIT card in these situations. If a credit card is exposed and used by an unauthorized person, the banks have to reverse those charges. If your debit card is exposed and you lose your entire life savings, the banks are really under no "firm" obligation to cough up those dollars back to you. Depending on the size of the loss, banks can get pretty creative about wiggling free of their obligations.
We all have to understand our identities are already out there on the web. All of us. We have to manage our own "numbers" now. We have to be attentive to our finances in the 21st century. Too much of our wealth is tied up in bits and bytes for us to ignore the fact our data was long ago breached. When some of those dumps came from a credit bureau, you must expect you are in the batch.
Beyond these data breaches, the Social Security number is completely insecure now. It is just too small a number. Simple back of the napkin math calculations of how long it would take to test less than a billion possibilities disabuses one of any real security in the Social "Security" numbers. This is essentially all a Social Security number is: A number between one hundred million and one billion.
What to do then? Well, there are credit monitoring services. They have a real value proposition. If I suspect a near term breach I might purchase one, but I am too paranoid not to check myself. As it turns out you can monitor your own credit for free. Each credit bureau must give you a free copy of your report every other year. Since there are three agencies you can alternate between them and cover yourself for free. If you want to pay for more they are not prohibitively expensive, but the free credit reports are usually sufficient to get a window into what is happening
It is YOUR identity. YOU must protect it. Everything else is just shutting the barn door after the horses got out. You know what your horse looks like, so take care of it.
Check your own credit for free regularly at annualcreditreport.com