Technology
Watch out: Biggest data breaches of 2024, so far
From big banks to car dealerships, 2024 has been a banner year for data breaches. Yes, I mean that in the worst way possible. I’d be shocked if there’s any American left unexposed at this point. Here are some companies that may have exposed your data.
New! For the first time ever, the award-winning Kim Komando Show is available as a podcast. Find it now in your favorite podcast player.
National Public Data breach: 2.9 billion people exposed
Hard to imagine much worse than a background-check company being hacked. Their entire job is to dig up and collect non-public data. A lawsuit claims it was National Public Data’s negligence that exposed 2.9 billion people. Details include Social Security numbers, full names and addresses. Hacking group ASDoD put the database of the stolen information up for sale for $3.5 million. No word yet on any ransom payment.
2.7 BILLION RECORDS LEAKED IN MASSIVE US DATA BREACH
Through a process called scraping, NPD collects and stores personal data from “non-public sources” to perform background checks. In other words, the company gathers information that wasn’t willingly (or knowingly) handed over.
Depending on what happens in court, NPD could be required to purge personal data of impacted individuals and to encrypt all collected data going forward.
Ascension ransomware attack: Up to 140 hospitals
In May, an employee at one of the country’s biggest healthcare systems accidentally downloaded malware. What happened next was a cyberattack avalanche.
Ascension runs 140 hospitals in 19 states and Washington, D.C. On May 8, they detected unusual activity within their network. The disruption quickly became so bad that Ascension had to shut down emergency rooms and reroute patients.
Hackers got their hands on 7 of Ascension’s 25,000 servers; who was impacted is still under investigation. Ascension recently said around 500 individuals were affected, but I’m willing to bet the final number will be a lot higher.
CDK global attack: 15,000 car dealerships
One of the biggest car dealership software companies got hit with a double whammy in June. CDK, used by 15,000 dealerships for payroll and finance tasks, shut down its systems after back to back cyberattacks on the 18th and 19th. Rumor has it the ransom payment was worth tens of millions of dollars.
The shutdown majorly disrupted dealership operations and sales. One Lexus dealership in New Jersey reported new car sales down 50% in June.
Change Healthcare attacks
20 TECH TRICKS TO MAKE LIFE BETTER, SAFER OR EASIER
Change Healthcare, a tech firm owned by UnitedHealth, is used by thousands of pharmacies, hospitals and healthcare facilities to receive payments and process claims.
One attack discovered in late February caused massive disruptions for weeks throughout the U.S. healthcare system. UnitedHealth paid a whopping $22 million ransom to Russian cybercriminal group BlackCat to stop them from sharing the data they stole.
Then another gang of crooks, RansomHub, claimed they stole data, too. In April, UnitedHealth said a “substantial proportion” of Americans’ data was exposed. Estimates say as much as a third of all Americans were impacted. That includes sensitive medical data, including test results, diagnoses and images.
AT&T breach: 73 million customers
In March, AT&T disclosed that hackers stole data from “nearly all” current and former customers. The data goes back as far as 2019 and includes some really personal information, including Social Security numbers. They reportedly paid hackers a $370,000 ransom to delete the information.
Honorable mention
- Advance Auto Parts (July): Personal information of over 2.3 million individuals was stolen.
- Roku (April): Through “credential stuffing” aka using logins leaked in other breaches, hackers accessed around 591,000 accounts. No financial info was accessed.
- Truist Bank (June): Hacking group Sp1d3r stole information about 65,000 employees and posted it for sale online.
- Tile (June): Life360, the company behind Tile tracker devices, reported a breach that included names, addresses, email addresses, phone numbers and device identification numbers.
- Ticketmaster (June): This one impacted 560 million customers; data included names, addresses, phone numbers, email addresses, order history and partial payment info.
- Dropbox (May): Attackers accessed Dropbox Sign’s development environment, compromising customer information.
- TeamViewer (July): Employee directory data, including names and encrypted passwords, was exposed.
Locked down
You can’t stop a hacker from breaching a major company, but you can protect yourself from the fallout.
HOW TO SCORE CHEAP STUFF (TO KEEP OR RESELL)
Double-check all healthcare communications. If you receive an explanation of benefits (EOB) or a bill for services you didn’t receive, contact your health care provider and insurance company ASAP. It likely means someone is using your benefits for their own healthcare.
Treat email requests with caution. Be skeptical of anything that seems super urgent. It’s OK to slow down for safety. My rule of thumb: If it’s a strange written request, like a text or email, I make a phone call.
Be wary of “old friends” who appear out of nowhere. It could be a hacker who happens to have a little (stolen) info. Take time to confirm they are who they say they are.
Make a list of exposed data. Keep this digitally or just on a Post-it. Be suspicious of anyone who references it in an email or phone call. Say the company you financed your car through was hacked. Alarm bells should raise if you get a call out of the blue that there’s a major issue with your loan.
Update your PIN and banking login credentials. Even if they weren’t involved directly in the breach, hackers can use your personal info to access it. Keep an eye on your bank and credit card statements for anything out of the ordinary. Set up banking alerts on your phone while you’re at it.
Freeze your credit. This will keep scammers from opening a credit card or loan in your name. Like setting up a fraud alert, you’ll need to contact each of the three credit bureaus.
Get tech-smarter on your schedule
Award-winning host Kim Komando is your secret weapon for navigating tech.
Copyright 2024, WestStar Multimedia Entertainment. All rights reserved.
Technology
5-minute phone privacy audit to stop the snoops
We’ve all got a load of sensitive info on our phones — texts with loved ones, banking details, passwords and family photos.
We’re giving away a brand-new iPhone 16 (a $1,500 value). Enter to win here. No purchase necessary!
You don’t want anyone snooping around, whether it’s an app maker on the other side of the world or the guy sitting behind you at the coffee shop. Take five minutes to run this privacy audit, and then pat yourself on the back for a job well done.
Check your permissions
When you download apps, they often request a variety of permissions to access different parts of your phone — think your location, camera, microphone, contacts and text messages. Some are essential for the app to function properly (like a navigation app needing access to your location) but others are absolutely unnecessary.
3 SECURITY AND DATA CHECKS YOU SHOULD DO ONCE A YEAR
The most critical permissions to pay attention to are your phone’s location, camera and microphone. Only trust apps that have a clear, legitimate need for these permissions.
Use your common sense, too. Ask yourself: Does a shopping app really need access to my contacts? Should a photo editing app know my current location? For me, the answer is no. Granting unnecessary permissions increases your privacy exposure, so it’s better to err on the side of caution.
To check what permissions each app have:
- Apple iPhone: Go to Settings > Privacy & Security, then Location Services, Camera or Microphone.
- Google Pixel: Open Settings > Security and privacy > Privacy controls > Permission manager.
- Samsung Galaxy: Head to Settings > Security and privacy > Permission manager.
You’ve probably granted permissions to apps on your computer, too, that you forgot about. Here’s how to check those while you’re at it.
DO THIS WITH YOUR FAMILY VIDEOS BEFORE IT’S TOO LATE
Lock down everything
Your lock screen is the first line of defense against unwanted eyes. You can use a PIN, pattern, fingerprint, facial recognition, whatever. No matter which method you choose, it’s far better than leaving your phone unsecured.
If you’re using a PIN, stay away from anything obvious like 1234, your birthday or address, or the last digits of your phone number.
- Apple iPhone: Set this up via Face ID & Passcode.
- Google Pixel: Head to Settings > Security and privacy > Device lock.
- Samsung Galaxy: Under Settings, look for Lock screen and AOD.
You’ll also want your phone to lock as soon as possible when you’re not using it. I find around 30 seconds is the sweet spot between safety and annoyance.
- Apple iPhone: Under Settings, choose Display & Brightness > Auto-Lock.
- Google Pixel: Head to Settings > Display and touch > Screen timeout.
- Samsung Galaxy: From your settings, tap Display > Screen timeout.
Keep out strangers
The short-range transfer tech built into iOS and Android is super handy when you need to share something with a friend or relative. But you don’t want strangers pinging you with unwanted photos, videos and other files.
ELECTION FRAUD ALERT: STEPS TO SAFEGUARD YOUR VOTE
This happened to me once at the airport. In my case, it was just teenagers pranking me with silly pictures, but this can end a lot worse.
- Apple iPhone: Your device uses AirDrop for these types of transfers. Limit it to contacts only or turn it off altogether via Settings > General > AirDrop.
- Android devices: The transfer tool here is called Quick Share (formerly Nearby Share). On a Pixel, you’ll find the sharing prefs under Settings > Connected devices > Connection preferences > Quick Share. On a Galaxy, it’s under Settings > Connected devices > Quick Share.
Browse the web
Open your phone’s browser and say hello to instant tracking, unless you do something about it.
- Put limits on this on your iPhone by opening Settings > Apps and tapping on Safari. Under the app’s settings, scroll to Privacy & Security and toggle on the option for Prevent Cross-Site Tracking.
- For Chrome on Android, open the browser and tap the three dots (top right). From there, hit Settings > Privacy and security > Third-party cookies and turn on Block third-party cookies.
That wasn’t so bad, right? Now, do your loved ones a solid and pass it along so they can stay safe, too. Yes, that includes teenagers!
Get tech-smarter on your schedule
Award-winning host Kim Komando is your secret weapon for navigating tech.
Copyright 2024, WestStar Multimedia Entertainment. All rights reserved.
Technology
iPhone 16 Pro and 16 Pro Max hands-on: don’t call it a shutter button
I just spent a few minutes with the new iPhone 16 Pro and Pro Max, which feature bigger displays with thinner bezels, revamped cameras, and Apple’s new Camera Control button, which is pretty fascinating.
Let’s start with Camera Control, which is a physical button — it depresses into the case ever so slightly, with additional haptic feedback from Apple’s Taptic Engine to make it feel like a chunkier click. You can just click away at it, and it’ll fire off photos from the 48MP main camera with zero shutter lag. I was not able to slow it down in my short demo time, but we’ll see how it goes in real life.
The button is also ultra sensitive, so pressing it ever-so-lightly brings up swipe-to-zoom controls, and double-pressing it lightly brings up additional controls you can swipe between, like lens selection, exposure, and the new photo styles available on the Pro. It took me a second to figure out how hard to press but it wasn’t hard to figure out.
The phones themselves are slightly taller and wider than the 15 Pro models, making room for larger screens: a 6.3-inch panel on the 16 Pro and a massive 6.9-inch display on the 16 Pro Max, emphasis on Max. It’s made possible partly by new thinner bezels, too.
The big news for the smaller phone is that the regular 16 Pro now comes with the 5x telephoto camera formerly reserved for the Pro Max. Apple has managed to wedge it in alongside the main and ultrawide cameras. That’ll be a welcome addition for anyone who wants a proper zoom lens without having to buy the biggest phone.
If you were hoping for some more vibrant colors on the Pro phones, well, you’ll have to keep waiting. The best Apple has done this year is a darker gold called “desert titanium.” The other color options are familiar restrained neutrals.
Technology
The dangerous intersection of people search sites and scams
It’s no secret cybercriminals thrive on personal information to pull off scams, commit bank fraud and engage in identity theft. But did you know that a lot of the information they need is readily available on people search sites? It might surprise you to learn that these companies gather and sell your personal data — everything from your contact details to information about your family — often without you even realizing it.
What’s more, this data can become even more vulnerable to breaches simply by being stored on these sites. For instance, I recently discussed an alarming incident where 2.7 billion records were stolen from a background search site called National Public Data and then shared for free on a cybercrime forum.
Having your personal information floating around on these people search sites and data broker databases significantly increases your risk of falling victim to scams. But don’t worry. I’ll dive into the details of how this happens and, more importantly, what you can do to protect yourself and stop it.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
Cybercriminals exploit people search sites for personal data
People search sites like Whitepages, Spokeo and BeenVerified are designed to help users find and connect with others, but they’ve become a goldmine for cybercriminals. Despite warnings against using the data for stalking, harassment or harm, these sites offer a wealth of information that can be exploited by malicious actors.
Scammers can access a wide range of personal details, including addresses, phone numbers, email addresses, birthdates, family information, employment history and even religious beliefs or political affiliations. They can also find property records, court and police records and information about hobbies and interests.
This comprehensive data allows cybercriminals to build detailed profiles of potential victims, making it easier to craft convincing scams or carry out identity theft. The abundance of personal information available through these sites poses a significant risk to individuals’ privacy and security.
3 ways scammers use people search sites
Let’s talk about how scammers are using people search sites to find their next victims. It’s pretty alarming, but understanding how this works can help us stay one step ahead.
1. Finding victims
Cybercriminals can easily browse people search sites to dig up information about random individuals. They can look up names and uncover a treasure trove of details — like email addresses, phone numbers and other contact info. This is where things start to get a bit dicey.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
2. Profiling victims
Once they have access to this information, scammers can create detailed profiles of their targets. They might find out about someone’s job history, whether they have kids or even if they’re single and looking for love. They can also determine if someone is elderly, which can make them more susceptible to confusing tech jargon. Research indicates that a staggering 60% of cybercrimes against seniors — who are particularly vulnerable — are at least partly fueled by the personal information available online, often through data brokers and people search sites.
3. Putting the plan into action
With all this information in hand, scammers can launch targeted phishing attacks to trick victims into revealing sensitive information. They can create scams designed to steal money or even commit identity theft. There are countless stories of individuals falling prey to these scams and losing their identities.
In many cases, the scammers likely sourced their information from people search sites. In some shocking instances, certain data brokers — like Epsilon, Macromark and KBM — have been caught red-handed selling personal information directly to scammers, giving them the tools they need to exploit vulnerable individuals.
MOST TARGETED CITIES FOR TRAVEL BOOKING SCAMS
4 ways to keep your personal information off people search sites (and away from scammers)
With the threat data aggregators like people search sites pose, it’s definitely a good idea to keep your information off their databases. While it won’t put a definitive stop to scammers, it will make it harder for them to find the information necessary to target you. It will also limit the number of places your data can be found online, thereby reducing the chances of it ending up in a data breach. That said, removing your information from people’s search sites can be easier said than done. It’s not impossible, though. Here’s what to do.
1. Track down and opt out from people search sites that sell your data
The first and most obvious step is to track down people search sites that sell your personal information and make them remove it. Fair warning: This requires a time commitment and ongoing maintenance.
You’ll first have to look up your own name, phone number, email address or home address on any popular search engine. You’ll likely see a bunch of people search sites in the search results. From there, you go through the results pages, visit each website that shows up and send individual opt-out requests to each one.
Since they refresh their databases often, most people search sites will add your personal information again after some time, though. So if you want to keep your data offline, you’ll have to check back every few months and remove it again.
If you have a few bucks to spare, I recommend using an automated personal information removal service. These services remove your data from people search sites and tons of other data broker types. Check out my top picks for data removal services here.
2. Limit the number of online tools and services you use
You should also exercise some good digital hygiene practices. Like being more discerning about the online tools and services you use. Many of them actually harvest your personal information and sell it to third parties, including people search sites and data brokers.
Even something as seemingly benign and widely used as extensions can be leaking your data online. A study conducted by researchers over at Incogni revealed 44% of Chrome extensions collect your personally identifiable information (PII). Even if they don’t sell it, this increases the risk of data breaches and malicious activity if the extension goes rogue.
You should reevaluate the apps, extensions and online accounts you use. Remove anything you don’t really need. For those that you do need, check the privacy policies for their data collection and sharing practices. You can always find more privacy-conscious alternatives.
3. Use throwaway emails and burner numbers wherever possible
Living in the digital age, I know it’s not really possible to go without any online tools. To sign up for most, you need to share at least an email or phone number. Unfortunately, those details are often shared with third parties, end up with people search sites and data brokers, circulate the web and ultimately result in increased spam and malicious attacks.
It’s a lot safer to use burner numbers and masked or throwaway accounts. This allows you to sign up, receive communication and maintain control of your online accounts while keeping all of the associated data and activity from being linked to your real identity.
4. Use private browsers and search engines
Browsers and search engines are another big source of data. Most of them track and share at least some of your online activity. Thankfully, there are plenty of browsers and search engines designed with privacy in mind.
I’ve previously recommended a few privacy-conscious search engine alternatives. They come with their own benefits and drawbacks but they all keep your search history private. The same goes for the browser itself.
Kurt’s key takeaways
It’s clear that while people search sites can be useful for reconnecting with friends or finding information, they also pose significant risks to our privacy and security. By taking proactive steps to protect our personal data, we can make it much harder for cybercriminals to exploit our information.
In your opinion, what should be the responsibility of companies that collect and sell personal data regarding user privacy? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover
Follow Kurt on his social channels
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.
-
Politics1 week ago
Trump impersonates Elon Musk talking about rockets: ‘I’m doing a new stainless steel hub’
-
World1 week ago
Brussels, my love? Is France becoming the sick man of Europe?
-
World1 week ago
Locals survey damage after flooding in eastern Romania
-
World1 week ago
Taiwan court orders release of ex-Taipei mayor arrested in corruption probe
-
World1 week ago
Seven EU members hadn’t received any post-Covid funding by end-2023
-
World5 days ago
Meloni says 'we are making history' as Italy’s FDI reviews progress
-
Politics1 week ago
'For election purposes': Critics balk at Harris' claim she will 'enforce our laws' at southern border
-
World1 week ago
Oasis fans struggle to secure tickets for band’s reunion tour