by Elizabeth Parsons, IT Services

In the information security world, “data breach” is somewhat of a dirty phrase. It represents something none of us want to happen – yet continues to happen at a distressing rate.

A 2021 report found that 45 percent of U.S. companies had experienced a data breach. And even though that is a reduction from 65 percent in 2019, the sentiment remains: These events happen a lot. Most data breaches are financially motivated. Malicious actors want to gain access to information to extort money from users, sell credentials on the dark web, and more. The annual data breach statistics from IBM reported that in 2022, the average cost of a data breach in the U.S. was $9.44 million.

What can regular consumers of the internet do to prevent data breaches? What happens when your credentials are compromised in a breach? Let’s take a look at some key factors and learn more about this not-so-nice phrase.

What is a data breach?

Put simply, a data breach is when malicious actors gain access to credentials and personal information on a given website or forum. Some of the most well-known examples include the 2013 Yahoo! breach that exposed around 3 billion accounts and the Target breach from the same year that exposed around 40 million credit and debit cards from Target customers.

The problem with some breaches is that when login information is scraped from a website in a malicious event, those credentials may then be used to access any number of other accounts. In particular, email addresses used to sign up for a particular service, once exposed in a breach, can be used to harass folks into falling for phishing scams.

How do I know when I’ve been compromised?

One of the most difficult things about this area of cybersecurity is knowing when and how your data is compromised. For instance, in early 2023, more than 200 million user credentials were posted to a dark web site as a result of a 2022 breach at Twitter.

Websites like haveibeenpwnd.com offer the invaluable service of letting you know whether, when, and how your data has been accessed by malicious actors. Check out your status now!

What do I do if my data has been compromised?

If you learn that you have been exposed in an attack such as the recent one perpetrated against Twitter, there are several actions you can take now to protect yourself from further harm.

Firstly, if your email address was leaked, you can expect to see an uptick in phishing emails and scams that will try to solicit more information or money. The same goes for phone numbers, as well. Be vigilant, and ignore and block these kinds of scams.

Secondly, you should change your password on the account in question. This may sound like common sense – and it is! But making sure to carefully change any passwords – including for accounts that share a password – is huge. (Also… you probably shouldn’t be sharing passwords between accounts, either. It would be a good idea to change that practice soon, too.)

In addition, you should review your most important accounts (bank account information, Miami account, others you deem critical, etc.) and make sure they are protected by two-factor authentication (TFA) or multi-factor authentication (MFA). The more factors you have on an account, the lesser the risk of a malicious actor gaining access. In particular, if your Twitter account was compromised, don’t use SMS (text messaging) as the second factor, as that service is experiencing issues. Instead, use an authenticator app (like Duo Mobile!).

What about my Miami account?

Here at Miami, we have a robust information security strategy that helps keep our members safe from the harm of cybersecurity incidents like the Twitter breach. However, it’s important to practice good cybersecurity hygiene in your personal life, as well – and maintaining these kinds of habits contributes to better security for all.