Oct 25, 2022

FTC: Have you been affected by a data breach? Read on

Posted Oct 25, 2022 12:12 PM
Image courtesy FTC
Image courtesy FTC

By ARI LAZARUS
Consumer Education Specialist, FTC

Hackers know a secret many of us share: we reuse passwords. Don’t. That’s one takeaway from the FTC’s case against online alcohol delivery platform Drizly. Here’s what to do after a data breach and why.

In its lawsuit against Drizly, the FTC alleges that lax security practices made it easy for a hacker to get into Drizly’s database by re-using an executive’s seven-character password that had been made public in an unrelated data breach. The hacked database had personal information from 2.5 million Drizly users, including email, geolocation information, not-so-securely encrypted passwords, and other sensitive demographic data.

You may be tempted to ignore a data breach notice if it’s about an old account that you don’t use anymore — like one involving your dorky username and password from an old gaming account. But hackers know there’s a good chance you’ve re-used that same password elsewhere — like your bank account. If so, you might have an identity theft problem on your hands. 

If you get a data breach notice, act quickly to protect yourself:

  1. Change passwords right away. If a company tells you about a breach — especially one involving your password — immediately change the password you use with that company and on your accounts using a similar password. Consider using a password manager to help create complex and unique passwords (that you won’t reuse) — without having to memorize them.
  1. Turn on multi-factor authentication. Some accounts offer extra security by requiring something in addition to a password to log in to your account — like a passcode you get via an authentication app or a security key. This helps secure your account even if your password is exposed.
  1. Check what information was exposed and take action. Whether it’s your password, Social Security number, or your bank information, IdentityTheft.gov/databreach has information on what to do to help protect yourself from identity theft.

Is someone using your information to open new accounts or make purchases? Report it and get help.

local