Opinion - Bad actors already have your data, but there’s something you can do about it
It seems that every time we check the news, there is some new data breach that has occurred.
The most recent such event was with National Public Data, a company that provides data for people conducting background checks. Some of the data it provides is already public, whereas some may have been obtained through other, less-public channels. Information such as email addresses, phone numbers, mailing addresses and Social Security numbers are all part of the data breach.
The number of people affected by this breach may be as high as 292 million. If you are reading this, you are likely to be one of them. Although the breach was only reported recently, your data may have been exposed since April 2024.
The people who seek such information are doing so for financial gain. Personal information such as Social Security numbers, email addresses that could be used to access online accounts, and other information about you are valuable in the data black market. They can be sold to bad actors, who may use them or sell them to other bad actors, seeking to exploit this information for profit.
The reported asking price for this data was $3.5 million, suggesting that bad actors can make a sizeable profit from such data. Priced into that is a recognition that most of the data will not be useful for their financial gain.
Much of this information is distributed and brokered on the dark web, an area of the internet not accessible to standard web browsers. The dark web is like a virtual bad neighborhood. Having your personal information on the dark web means that bad actors have or can access it for their personal gain.
To illustrate this point, a person armed with someone else’s personal information and account access can take out credit, make transfers of funds into bitcoins, and operate in a manner that drains your credit and accounts. The result is that they walk away with what is rightfully yours, and you are forced to repair the damage. Trying to plug every hole once your information is “out there” is a losing game of “whack-a-mole.”
So what are some things that people can do to protect themselves — or at the very least, minimize the damage when their information is breached?
The simplest thing to do is freeze your credit. There are three credit monitoring agencies: Transunion, Equifax and Experian. If you freeze your credit with them all, then anyone attempting to use your personal information to apply for a credit card, take out a loan or do anything that involves a financial credit check will be stopped.
What this does is reduce the value of your personal information to bad actors. They may still have it, but if it cannot be used for financial gain, they are likely to move on to another person who has not taken such actions.
Note that if your credit is frozen, but it also means that you can’t apply for credit, even though you can still use your existing credit. So if you want to get a new credit card, increase your credit limit on an existing card or take out a loan, you will need to temporarily unfreeze your credit. The good news is that freezing or unfreezing your credit requires nothing more than a click of an icon on the credit monitoring services’ websites.
Although the National Public Data breach may be one of the largest on record, it certainly will not be the last. In a digital world with high levels of electronic connectivity, data seepage is inevitable. The best position to take is vigilance. Monitor your account for activity that you did not initiate. Freeze your credit with all three credit monitoring agencies. If you want someone else to keep an eye on your activity, sign up for a service that will do it for you.
Much like a group of people being chased by a bear in the woods, you do not need to be the fastest runner in the group. You just need to not be the slowest person in the group. Freezing your credit is one way to not be the most vulnerable person when a data breach exposes your information to bad actors.
Sheldon H. Jacobson, Ph.D., is a professor of computer science at the University of Illinois Urbana-Champaign.
Copyright 2024 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
For the latest news, weather, sports, and streaming video, head to The Hill.