In the over twelve years that I have been writing Scamicide, today and tomorrow represent the first time that I have ever had to write about data breaches on consecutive days.  This is an indication of how common serious data breaches have become.  This situation is very frustrating, but as I have reminded you many times, we are only as safe and secure as the security of the companies, government agencies and websites that have our personal information.  Even if you are extremely diligent in protecting your personal information, you can be in danger of identity theft and scams if your personal information falls into the hands of hackers.

Today’s data breach involves all thirty-six million customers of Internet service provider Comcast Cable Communications which does business as Xfinity which disclosed earlier this week that it had suffered a major data breach between October 16th and October 19th in which usernames, hashed (encrypted) passwords, birth dates, security questions and answers as well as the last four digits of the Social Security numbers of its customers.  Some people might wrongly believe that having only the last four digits of their Social Security number in the possession of scammers does not put them in jeopardy, it most certainly does.  The first three digits of your Social Security number relate to where you live and is easily determined; the second two digits are group numbers that until 2011 were based on when you obtained your Social Security number and are even available on the Social Security website for years up till 2011, but even for numbers issued after that date, there are only 99 possibilities so it is not particularly difficult for an identity thief to determine your Social Security number with just the last four digits.  Armed with your Social Security number, a criminal can make you a victim of costly identity theft quite readily.

The data breach of Xfinity was not the fault of Xfinity, but rather is just another example of a supply chain data breach where cybercriminals hack makers of software used by many companies, individuals and government agencies and insert their malware into the legitimate software of manufacturers who have not taken proper security precautions in the development of their software.  Users of the software trust these companies and too often their trust is misplaced.  A class action has already been filed by victims of the Xfinity data breach against Citrix Systems, Inc. the maker of the infected software used by thousands of companies.  I will keep you informed as to the progress of the class action.

So what can you do to protect yourself from these data breaches that will be occurring?

TIPS

One important lesson is to limit the amount of personal information that you provide to companies and websites whenever possible.  For example, your doctor doesn’t need your Social Security number for his or her records.

You should make sure that you have a unique password for each of your online accounts so that if one of your passwords is compromised in a data breach, all of your accounts will not be in danger.  If your information is compromised in a data breach, you should immediately change the password for that account.

If you have not already done so, set up dual factor authentication for each of you accounts where it is available. This will protect you from having those accounts stolen by someone who may have access to your password.  However it should be noted that the malware responsible for this particular data breach is able to bypass password requirements and dual factor authentication.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/