The January 2023 Savvy Cybersecurity Newsletter
In this issue:
- Credit Report? Experian Security Flaw Puts Data at Risk
- Savvy Cybersecurity quick links
- Cybersecurity shorts
- Software updates
Dear Clients, Friends and Family
Welcome to your January Savvy Cybersecurity newsletter. Read on to learn more about:
- Why you need to check your credit report now
- Another massive T-Mobile data breach
- And more
Credit Report? Experian Security Flaw Puts Data at Risk
Freezing your credit files at the big three credit bureaus is one of the most important actions you can take to protect your identity from hackers and fraud. Since we started the Savvy Cybersecurity program nearly ten years ago, this is the one action we tell everyone to take. Freezing your credit file locks down your credit with a PIN. No new credit can be approved without you lifting the freeze from your accounts. The process is free and provides an important level of protection. Even if a hacker has your name, Social Security number, and other important personal information—they should not be able to access your credit without the PIN.
Even with your credit file frozen, we recommend accessing your free credit reports each year from the bureaus. By doing so, you can review your credit files for any mistakes or potential identity theft issues.
There have been security issues with the major credit bureaus in the past. You may remember the major Equifax data breach which exposed information on millions of consumers. Security expert and writer, Brian Krebs wrote this month about a newly discovered Experian flaw that can allow anyone to access your credit report—and it has already been exploited.
According to Krebs, by simply editing the address displayed in the URL bar during Experian's verification process, identity thieves could access anyone's credit report. When Krebs tried to hack himself, he was able to download his credit report without providing a PIN or answering any knowledge-based questions.
In addition to the obvious security issues with anyone being able to access your credit report, Krebs also noticed that his own report was full of errors. He'll now have to take the time to try to get those mistakes corrected.
- Order and review your free credit reports: You are entitled to one free credit report from each of the major credit bureaus—Experian, Equifax, and TransUnion—each year. You can access your free credit reports by visiting www.annualcreditreport.com. Review your reports for accuracy and contact the bureaus if you find mistakes or issues.
- Freeze your credit files: Of course, it is still important to keep your credit files frozen. If you have not done so already, you must freeze your credit at Experian, Equifax, and TransUnion. You can freeze your credit for free on each of the bureau's websites.
T-Mobile data breach affects nearly 40 million accounts. The telecom company is currently investigating another breach that exposed names, addresses, emails, phone numbers, dates of birth, and more than 37 million users. This is T-Mobile's sixth data breach since 2018.
Ransomware attack exposes sensitive data from the largest transit system in California. Vice Society, a ransomware group, claimed responsibility for the San Francisco Bay Area Rapid Transit being hacked and exposing highly sensitive and personal data. The transit system is the nation's fifth-largest transit system by ridership and is the largest system in California. The stolen and exposed data allegedly includes a long list of files titled "master employee list," "background disposition," reports, crime lab reports, police reports, and more.
FanDuel suffers data breach exposing names and email addresses. The sports betting site notified customers that a third-party vendor exposed personal information this month. FanDuel has warned customers to keep an eye out for phishing emails.
Social Security Scam Alert: Beware of a letter stating that your Social Security number is being suspended. The message claims that "Due to fraudulent activities, your Social Security number will be suspended in the next 24 hours" and goes on to state that your Social Security number is involved with $14 million fraud. Read more about the scam and the warning signs here.
Most email programs are vulnerable to cyberattacks. Back in January 2021, Microsoft announced that its software, specifically the software running some Microsoft Exchange servers, had been hacked by a criminal group sponsored by the Chinese government. Now, cybersecurity experts are saying email is old technology and relies on operating systems that are vulnerable to cyber attacks and now need to be updated more frequently. Each month, Microsoft Defender for Office 365 detects, and blocks close to 40 million emails containing Business Email Compromise and blocks 100 million emails with malicious phishing links.
Federal Communications Commission creates new data breach rule. Previously, the FCC required that telecommunication carriers notify consumers and authorities of a breach within seven days. The new rule would require that breaches are reported to the FCC, FBI, and U.S. Secret Service immediately upon discovery. Consumers would need to be notified immediately as well unless directed differently by authorities.
Cryptocurrency hacks increased in 2022 by over 50%. A report by Immuefi found that over $3.7 billion in cryptocurrency was stolen by hackers last year. In 2021, $2.3 billion was lost to hacks. Frauds and scams made up the rest of the losses in this space.
Adobe: Nearly 30 security vulnerabilities were addressed in this month's Adobe update. The flaws affect Acrobat, Reader, InDesign, and more. Eight of the vulnerabilities are considered critical. You can learn more about the updates here.
Microsoft: Microsoft updated nearly 100 security issues this month. Over ten of the patches are considered critical and should be updated right away. Your devices should prompt you to update automatically but you can learn more here.