No payment card or banking data were compromised in a breach of 1 billion user accounts at Yahoo, according to reports. But what if they had been? The truth is that for most users, it would be annoying but not the end of the world.
So why is this big news?
First of all, Yahoo can now claim two of the biggest security breaches in history. It is noteworthy that such a distinction should be attributable to a single entity.
The response to the latest breach has been huge. Ask any three experts and you’ll probably get three different figures, but according to tech news site ZDNet, the number of users exposed in the two Yahoo breaches nearly double the total records compromised from 2005 to 2013.
The first breach, affecting 500 million user accounts, occurred in 2014 but was not disclosed by Yahoo until this September. Earlier this month, Yahoo revealed that a separate hack of 1 billion user accounts took place in 2013.
“We believe that the August 2013 incident is likely distinct from the incident we disclosed on Sept. 22, 2016,” a Yahoo representative told Credit.com. However, “there is some overlap in the population of potentially affected users’ accounts across the 2013 and 2014 events,” said a source familiar with the situation.
After Yahoo revealed the 2013 breach, various news outlets published commentaries and articles. Some advised users to delete their Yahoo accounts. Others predicted that the latest bad news would further negatively affect Yahoo’s sale to Verizon, if not kill it. But Yahoo is not the problem, per se.
First of all, let’s be crystal clear: This latest news does not refer to the 500 million Yahoo users who were affected by the breach reported this September. While there may be some overlap, this is a different breach with different issues.
The bad news here is that this unsettling state of affairs — of having your information out there at the fingertips of bad players looking to make a quick buck — is not confined to Yahoo users. The real bad news is that we are all willing or unwitting conspirators in the exploitation of our information, which has been sloshing around the hold of a virtual, somewhat unmanned freighter for years.
There is, however, a bit of good news here. There are ways you can better protect yourself. Subscriptions to all the identity theft monitoring services in the world cannot replace your active participation in your own defense. You are your own best guardian.
Regardless of whether you choose to stay with Yahoo, it’s a good idea to change your behavior to stay safe, and that means changing your outlook and approach to the digital world. The main point is this: We are always about to get got. You don’t need breaking news coverage to know that you are exposed. With literally billions of compromised files floating around, you have to be exceedingly lucky not to be within easy reach of a thieves looking to make bank at your inconvenience.
While there is no way out of the information inferno we all inhabit, there is a way to live in it. I go into the details more thoroughly in my book, “Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves,” but the basics of the practice I explain there can be summed up by three Ms:
Minimize your risk of exposure: This can be anything from how you use the internet to what you choose to carry in your wallet. The goal is to decrease your attackable surface.
Monitor your identity: Get a free copy of your credit reports from each of the major credit reporting agencies at least once a year (some states permit more than one) at AnnualCreditReport.com. Consider subscribing to a credit and identity monitoring service. Set up transaction notices with your bank and credit card accounts, and pay attention. If you stay on top of things, you make it harder for crooks to get a foothold into your financial life. And if you have reason to believe you’ve been the victim of identity theft — unexplained accounts and mysterious addresses are two warning signs — don’t ignore it.
Manage the damage: Notify the authorities if you have become a victim. Get an identity theft incident report that you can use to straighten out your credit and identity issues. Check with your insurance agent, financial services rep and the human resources department where you work to see if they offer identity theft protection programs and if you are enrolled. You may be pleasantly surprised to learn that they do and you are enrolled free or can access one at a discount as a perk of your relationship. You may also want to consider freezing or placing a fraud alert on your credit as well, depending on what’s been compromised.
Never forget: The ultimate guardian of the consumer is the consumer, and no one has a bigger stake in protecting your economic security and well-being than you.
Adam Levin is a co-founder of Credit.com and IDT911. His experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit and is the author of “Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves.”
Any opinions expressed in this column are solely those of the author.