“Aubrey, we found your info exposed online.”
That was the subject line of an email I received just yesterday from Experian. Unfortunately, yesterday wasn’t the first time I’ve received an email like that, and I doubt it’ll be the last. Not because I’m careless with my Personally Identifiable Information (PII) or lax when it comes to passwords, but more because the companies that also have access to my PII are constantly under attack by bad actors.
The personal impact of data breaches
I mean, in 2024 alone I was informed that I was impacted by 8 data breaches, but I suspect the actual number is 12 based upon reports. That’s up from the 5 data breaches I was impacted by in 2023.
Some of those breaches were less personally impactful than others, in that the only information someone would have learned about me was my name, email address, and password for that particular account. Some were also linked to payment methods and my home address. One—United Healthcare—included Personal Health Information (PHI), medical history, billing data, etc. While I’m not 100% sure if my information was included in the National Public Data breach, I suspect it was considering I’ve received multiple alerts from Experian about my social security number being found on the Dark Web (and considering 1.3 billion people were included in the breach).
Discrepancies in communicating data breaches
And that’s the hell of it—out of those 12 breaches from last year, only FOUR of the companies notified me directly that my data had been compromised. FOUR. Another four of them I found out about because I received class action lawsuit notifications, letting me know I was Settlement Class member thanks to my data being breached. The other four I only suspect because I know that they happened.
As much as I would like to say that my story is rare, it’s not. Just take the personal accounts of some of the Cadent Solutions Advisory Team into consideration.
Oops, we did it again
Yes, I was impacted by 3 data breaches: AT&T (April notice), Ticketmaster (July notice), and United Health Care (September notice from Change Healthcare services). I was completely responsible for ensuring that I locked down my credit with each of the three credit reporting agencies, setup notification services through Privacy Guard (incurring a monthly fee for their services) and for staying vigilant about monitoring my credit activity. To me it felt like the letter from the impacted companies was an “oops something happened to us several months back and now all your PII data is on the dark web”. There was no real accountability for how the breach happened and what the company was doing to prevent breaches from happening in the future. This is one of the main reasons why I have been so passionate about Cadent Solutions and the services and solutions we are offering. – Julie Case, Founder & Lead Strategist
This is not okay
Similar to Julie I experienced AT&T and Ticketmaster along with a county school account. I consider myself active, but I was disappointed and horrified that these breaches took place months before, the communications were standard and didn’t really take accountability of their systems. I had to take action to freeze my accounts, and their offer to provide additional monitoring annoyed me when the companies they selected asked for my social security number. If my sensitive information is at risk, am I really ok about giving out my social security number?!! Not likely. – Bronagh Lavery, CCMP™, aPHR™; Change Management Advisor
No one is safe
Yes [I have been impacted], and apparently my children have been impacted as well. PowerSchool is an app that is used by schools, and it was hacked. No one is safe! – William Love, Business Transformation & Enablement Consultant
A bitter pill to swallow
The fact that the onus of “fixing” the mistakes of those responsible is on the consumer is a bitter pill to swallow, especially when you’re dealing with PHI, social security numbers, freezing accounts, and even your children’s data. That pill becomes even more bitter when you begin to realize that protecting your information and keeping it out of the hands of bad actors is akin to the world’s hardest game of Whack-a-Mole.
What can be done
So what can be done to protect consumers and businesses alike from cybercrime? There are the obvious things like good password hygiene and 2FA/MFA on both sides. On the business side, there are things like only collecting the consumer data they need and doing a better job of protecting that data, which can be helped by better IT Procedure Management.
And considering the fact that analysts predict that cyberattacks will only continue to rise in number and cost in 2025 and beyond, businesses (and consumers) can’t continue to rest on their laurels while hoping the next big data breach doesn’t happen to them.
CADENT SOLUTIONS HAS THE EXPERTISE TO ASSIST YOU WITH YOUR IT PROCEDURE MANAGEMENT. CONTACT US FOR A COMPLIMENTARY ASSESSMENT OF YOUR BUSINESS PROCESSES AND NETWORK INFRASTRUCTURE UPGRADE NEEDS.