NEW YORK (AP) – Equifax 2017. Marriott 2018. Capital One 2019.
Data breaches by hacking attacks are extremely common these days, and personal information about you can lead to identity theft such as credit cards and credit on your behalf. However, blaming a particular hack is difficult because the most sophisticated criminals combine data from multiple attacks to better portray yourself than you.
"That's why fraud can be an emotional challenge," said Kyle Marchini, anti-fraud specialist at Javelin Financial Research Group. "It just comes out of the blue and there is no way to find out where it comes from or what I could have done to prevent it."
While the number of reported breaches last year fell slightly to 1
Criminals often buy records from multiple hacks to commit fraud. The idea is to gather enough information to pass the ID checks and authentication checks conducted by banks and other institutions. A social security number database may contain your old address, but hackers can easily take your current address from a newer database.
"We are in this vicious circle," said Eva Velasquez, CEO of ID Theft Center. "We create and capture and use more and more data points about a particular person to fight fraud and authenticate people. This, in turn, increases the value of the data for the thieves, and they will increasingly seek to obtain that data.
Fraudulent card fees are relatively easy to undo, and US law restricts consumer credit card liability. However, new account fraud is harder to deal with.
Javelin estimates that the average victim has 18 hours of fallout, including the belief of debt collection agencies and rating agencies that the accounts are not really theirs. And the victims spend hundreds of dollars out of their pockets. Javelin estimated that over 3 million US adults have been victims of new account fraud in the past year, nearly three times the number in 2013.
Much of the increase is due to the cumulative impact of data breaches and the type of attributed to the stolen information.  While credit card numbers and passwords can be changed, dates of birth and Social Security numbers usually stay with you for a lifetime. And the US passport numbers will last for 10 years. Hackers in 2017 who violated the credit monitoring firm Equifax have received some or all of 147 million people. Equifax agreed last week to pay at least $ 700 million to settle litigation.
Just a few days later, Bank Capital One filed a personal data breach on 106 million owners of Capital One credit cards or applicants in the United States and Canada. The data included self-reported income, creditworthiness and account balance. Although Capital One does not believe the information was used for fraudulent purposes, the breach raises concerns about leaked data – in this case, the kind of information required to submit credit card applications.
"Any breach increases the risk because different information comes out," said Deepak Patel, vice president of security firm PerimeterX.
Beyond financial applications, personal data can be useful for telemarketing and e-mail phishing scams, as scammers try to deceive you by claiming you already know and allowing criminals armed with such data spend money on calls to financial institutions to transfer money or change a mailing address.
You can take precautions, such as This is free now. However, if you apply for a new credit card or new credit, you will need to temporarily cancel your credit.
You can also sign up for a credit monitoring service that notifies you when someone pings your credit, a precursor to opening a new account. There are also ID protection services that search the Internet underground for characters for which your personal information is for sale. Some of these services are available free of charge to customers affected by data breaches, including those at Equifax.
Jason Wang, who founded TrueVault to help companies protect data, said that customers can not do much with their data once they become wild. A better approach would be to minimize what data is stored on servers – something that a California data protection law can do if it goes into effect on January 1, as planned. Among other things, customers can obtain information about what data companies have and request their deletion – although companies would not have to do anything if they did not receive such requests.