Another Darn Breach? How to Protect Your Personal Data

Your information is likely out on the dark web, but you can still take steps to minimize risk

Edward C. Baig,

AARP

Comments

Published December 04, 2024

a scammer with various icons for computers, credit cards and locks

Paul Spella

In this story

Where’s my data? • On the dark web • Reduce your risks

The stream of headlines is demoralizing:

Nearly 1 million Medicare recipients had their personal information exposed in the aftermath of a 2023 data breach at a contractor for the Centers for Medicare & Medicaid Services (CMS).
A mega-breach at a data broker named National Public Data, spilled the beans online on people’s names, addresses, phone numbers, and Social Security numbers. National Public Data subsequently shut down following two decades in business.
High-profile cyberattacks and data ruptures have hit businesses and services that older adults frequent, a list that includes 23andme genetics testing, Advance Auto Parts, AT&T, Dell Technologies, Kaiser Foundation Health Plan, LoanDepot, Roku, T-Mobile and Ticketmaster.

In the first six months of 2024, publicly reported data compromises ran about 14 percent higher than the same period a year earlier, according to the nonprofit Identify Theft Resource Center (ITRC) in El Cajon, California, which assists identity theft victims.

More than 8 in 10 consumers that the ITRC surveyed received at least one data breach notice between July 2023 and June 2024. Consumer reports of identity crimes climbed 21 percentage points during the same period. And nearly half the people that contacted the nonprofit said they had been victimized more than once.

Information about you is likely for sale on the dark web

This leaves little doubt that our most personal sensitive information is out there on the dark web, the mysterious corridor of the internet where criminals traffic in our data.

“If you are an adult in the United States, there is a better chance than not that your information is available through an identity criminal,” says James E. Lee, the ITRC’s chief operating officer. “It has been [this way] for at least the last five to seven years.”

The good news: “Not everyone’s information has been misused” because not everybody’s identity is of equal value, Lee says. But if you are targeted, the consequences can be devasting.

Criminals can use your credit cards to make purchases, hijack your existing bank accounts or open up new accounts in your name. In 2023, Americans lost $43 billion to identify theft, according to a co-sponsored AARP report produced by Javelin Strategy & Research.

9 ways to help reduce the risk of ID theft

1. Freeze your credit. By putting a credit freeze in place with all three major credit reporting agencies —Equifax, Experian and TransUnion — no credit can be issued until you lift the freeze with each of them. Such freezes are free and have no effect on your credit score.

Most Popular

Visit the agencies online or call them to request a freeze that must be fulfilled within one business day. Agencies have three business days if you make the request by mail.

If you’re about to buy a new home or car or otherwise need to apply for credit once a freeze is in place, agencies must comply with your request to lift the freeze within an hour. You can put it back once your transaction is complete.

2. Add fraud alerts. If a fraud alert is on your credit file, businesses must verify your identity before extending new credit.

3. Monitor your accounts. Examine your account statements and report anything that seems suspicious.

4. Check free credit reports. Look for accounts or creditor inquiries you did not initiate. Make sure your home address, Social Security number and other data is accurate.

If you see evidence of identity fraud, contact the credit report agency and the police.

5. Avoid reusing passwords. Security experts urge people not to use the same or even similar passwords across their accounts. If a bad guy can snatch your password in one place, he probably can get past the logins elsewhere.

The average smartphone user has about 100 different passwords to control, Lee says.

6. Use a password manager. People often create weak passwords because they can’t remember more effective complex ones. A password manager can help.

These tools can generate a stronger password and remember it for you.

Many people can get by with the password manager built into their web browser or smartphone or go with a free app. A premium password manager typically adds more robust security and extra features.

7. Investigate passkeys. Still in their relatively early stages, passkeys are more secure than passwords and may replace them eventually. They have the backing of Apple, Google, Microsoft and other giant companies.

In layman’s terms, you have a pair of hidden keys that need to match. One is a public key that is on a web server. The other is the randomly generated private key, unique to your device.

So someone must be in possession of your computer, phone or tablet to log in. Passkeys communicate with a financial institution or other website you’re trying to access, which verifies the device before letting you in.

8. Authorize multi-factor authentication. “If you can only do one thing, enable MFA,” says Christopher Budd, a director at the Sophos security firm.

Multi-factor authentication, also known as two-factor authentication, provides an additional layer of protection beyond a password. After you’ve correctly entered your user credentials but before you log in, you must enter a one-time code sent to your phone, app or other device.

9. Share less. Question more. When information — maybe a Social Security number — is requested on medical forms and other documents, does the person or business absolutely need that information?

“We advise people to be a little more aggressive about asking, ‘What are you doing to protect my data? What are you doing to make sure my information is secure?’ And if it gets out, ‘What are you going to do to help me?’” Lee says.

Budd of Sophos agrees: “Be willing to say, ‘No.’ ”

%{postComment}%

Edward C. Baig covers technology and other consumer topics. He previously worked for USA Today, BusinessWeek, U.S. News & World Report and Fortune, and is author of Macs for Dummies and coauthor of iPhone for Dummies and iPad for Dummies. Follow him on LinkedIn; Threads; and X, formerly known as Twitter.

Unlock Access to AARP Members Edition

Join AARP to Continue

Already a Member? Login

Recommended for You

Benefits Recommended For You

See All