Recent Data Breaches Reinforce Need for Cyber-security Awareness and Response
Two recent data breaches, one at a Bozeman-based company and another at Facebook, highlight the importance of knowing how to minimize the risk of cyber threats and how to respond if your personal data may have been compromised.
On Friday, Facebook notified the Montana Department of Justice’s Office of Consumer Protection that approximately 50 million user accounts were impacted by a data breach. Facebook did not indicate if any user information was accessed or if any Montana-based accounts were impacted.
The Office of Consumer Protection recommends the following best practices for consumers who use social media:
• Change your password regularly, and always use a strong password. Click here for more password creation tips.
• When available, use two-factor authentication for login.
• Refrain from using any automatic sign-in functions/features of social media accounts and applications.
• Monitor your privacy settings and adjust as needed.
• Remove birth dates, addresses, and phone numbers from your account information.
• Carefully consider the information you post, recognizing that in the event of a data breach, it could end up in the hands of people intent upon stealing your identity or conducting other malicious activities.
Recently, Montana’s Office of Consumer Protection also learned that Legacy Properties, a Bozeman-based property management company, experienced a data breach affecting between 900 and 1,020 Montanans. After the breach, the hackers posted the affected consumers’ personal information on several publicly accessible websites. The hackers then emailed many of these consumers, demanding a ransom payment to remove their information from the websites.
Montana law requires timely reporting of data breaches to the Attorney General’s Office and to individuals whose private information is compromised. “It’s important for businesses to establish procedures for data breach prevention and recovery, and for consumers to be vigilant about protecting their personal information,” Attorney General Tim Fox said. “Additionally, I encourage Montanans to contact local law enforcement or our Office of Consumer Protection if they are ever asked to pay a ransom in relation to a data breach.”
Scammers who obtain the personal information of others may try to open new accounts or extort money from their victims. According to Montana’s Office of Consumer Protection, there are several options for Montanans to monitor their credit and keep their identities safe, including:
• Don’t pay a ransom. Paying a ransom is an ineffective way of handling the exposure of your personal information. It’s best to focus on proactively securing your identity.
• Consider a free security freeze. A security freeze allows you to “lock up” your credit information so no one can access it without your permission. A freeze prevents a thief from taking out a new mortgage, applying for a credit card, or getting financing with your identity. When you “freeze” your credit, it stays frozen for as long as you’d like – until you can comfortably “thaw” it once again.
• Place a fraud alert on your credit. Fraud alerts are a special message you can place on your credit report. The alert tells credit issuers there may be fraudulent activity on an account. Fraud alerts last for 90 days; although they won’t stop a scammer from being issued new credit, they can slow them down.
• Request a free credit report annually. Reviewing your credit report is a great way to check for unauthorized activity. Visit www.annualcreditreport.com or call 1-877-322-8228 to request your free annual report.
• Credit monitoring services offer additional protection. Credit monitoring services track changes in your behavior and send you notifications about your credit score and potential fraud. These services typically cost between $10 — $30 per month.
For more information, call the Office of Consumer Protection at 406-444-4500 or 1-800-481-6896. Email [email protected] or visit https://dojmt.gov/consumer/affected-data-breach/ for instructions on how to protect your personal information from being used for fraudulent purposes.