Marriott Data Breach: 500 Million Accounts Compromised

If you have stayed at one of Marriott’s Starwood hotels in the past few years, chances are you have been affected by a massive data breach that potentially exposed your personal data along with about 500 million other people. Your name, phone numbers, email addresses, passport number, date of birth, and potentially credit card numbers and expiration dates are at risk.

Marriott said in the coming weeks they will start reaching out to affected guests and has set up a website with information about the breach.

For those of you concerned about whether your information was stolen, here are a few steps you can take to protect yourself:

Change your passwords

We hear all the time about stupid things people do when it comes to creating passwords; the most commonly used passwords in the United States for the past several years include “123456”, “password” and some variation like “password1234”. People are easily tricked into giving away their passwords to the likes of Jimmy Kimmel or Ellen to our amusement. Before Sony was breached, they infamously kept their passwords in a file called “Passwords”!

The bottom line is it is nearly impossible to effectively create and remember all the passwords we need to function in our daily lives. It seems there are two ways people handle this. They continue to use the same (usually poor) passwords over and over or they do what I highly recommend and use some sort of password manager program. 

Enable two-step logins

Two-step logins are when two separate passcodes are required to log in to one of your online accounts. One of the most common and popular forms is called text verification, and I’m sure you’ve already experienced it. That’s where you log in to your online account with your regular username and password and then a secondary passcode is sent to your phone by text or even better, through an App like Google Authenticator. Without that second passcode, no one gets into the account.

Set up account alerts 

To monitor accounts quickly and conveniently, sign up for automatic account alerts when any transaction occurs on your account. If you spend even a dollar at a store, you receive an email or text notifying you of the purchase. If you receive an email for an amount you didn’t spend – bingo – you’re probably a victim of fraud.

MOST IMPORTANTLY, FREEZE YOUR CREDIT.

Some websites and cybersecurity experts will tell you to simply place a fraud alert on your three credit profiles. I am telling you that this isn’t strong enough to protect your credit. Freezing your credit puts a password on your credit profile, so that criminals can’t apply for credit in your name (unless they steal your password too). Here are the credit freeze websites and phone numbers for each bureau.

Equifax Credit Freeze
P.O. Box 105788 Atlanta, Georgia 30348
Toll-Free: 1.800.685.1111

TransUnion Credit Freeze
Fraud Victim Assistance Department P.O. Box 6790 Fullerton, CA 92834
Toll-Free: 1.888.909.8872

Experian Credit Freeze
P.O. Box 9554 Allen, TX 75013
Toll-Free: 1.888.397.3742

Equifax is being overwhelmed by requests, so be patient and keep trying. Even if it doesn’t happen today, you need to Freeze Your Credit!

12 Days to a Safe Christmas: Day 2 – It’s Beginning to Look a Lot Like Christmas- at the Mall!

Black Friday and Cyber Monday will be here before you can say “Man, I ate a lot of turkey!”  Malls, stores, restaurants and cafés are exceptionally busy places during the holidays. This breeds a perfect environment for data thieves to make off with your identity goodies while you shop, dine or relax. It only takes a second to steal a purse from a shopping cart, a briefcase from your car or a smartphone, iPad or laptop from an unattended café table.

Solution: Lighten your load and leave excess identity at home. 

  • Consider taking only your mobile phone, driver’s license and one or two credit cards with you shopping to minimize the number of identity storage devices you might misplace. If you can fit the items in your pockets, your security increases. If you must have a purse, use one that zips and hangs in front of you, or consider using a backpack that stays on you at all times.
  • As a last resort, hide your wallet, purse and digital devices in the trunk before you park at the mall, as thieves looking for valuables commonly monitor parking lots for potential victims placing valuables in their trunk.
  • Since you are still likely to take your technology with you (don’t worry, so do I), keep it in a pocket or secured bag at all times. In addition, log out of your online accounts when you are not actively shopping, and password-protect your smartphone, iPad and laptop in case they do go missing.
  • Finally, when shopping, be careful about giving out any personal information when it can be overheard, and cover the PIN pad when entering your number at checkout stands and ATMs.

Taking these two shopping tips (okay, you knew I couldn’t stop at two, so there are actually four), will save you a lot of holiday headaches and let you truly sing that carol within your heart! On the third day of Christmas…

To review our tips from Day 1, click here.

 


About Cybersecurity Keynote Speaker John Sileo

John Sileo is the founder and CEO of The Sileo Group, a cybersecurity think tank, in Lakewood, Colorado, and an award-winning author, keynote speaker and expert on technology, cybersecurity, and tech/life balance. He energizes conferences, corporate trainings and main-stage events by making security fun and engaging. His clients include the Pentagon, Schwab, and organizations of all sizes. John got started in cybersecurity when he lost everything, including his $2 million business, to cybercrime. Since then, he has shared his experiences on 60 Minutes, Anderson Cooper, and even while cooking meatballs with Rachel Ray. Contact John directly to see how he can customize his presentations to your audience.

 

12 Days to a Safe Christmas: Day 1 – Prevent Holiday Identity Theft

Holiday Security Tips: On the first day of Christmas, my expert gave to me, the keys to secure my privacy.  

If I could give the world a gift this holiday season, it would be to make the world a safer place to trust. You deserve to know whether or not you can trust the politicians you elect, the advice you receive from your doctor and whether or not you can entrust your privacy to the websites and businesses you use every day.

Identity theft, cyber stalking, and “big data” surveillance—these byproducts of the information economy make it hard to rest easy. Every day in the news we hear about another scam, another breach of corporate data that victimizes more than 11 million Americans a year. But you don’t have to be a statistic!

 Solution: Give yourself a gift by paying attention to prevention.

Let me be totally clear: you do not need to fear information over-exposure if you protect yourself before you get hit. Here is the secret to making peace with the privacy of your sensitive information:  

  • Adopt a preventative mindset and exercise before the information heart attack.
  • Re-accumulate privacy over time, changing habits one step at a time to regain what you’ve given away.
  • Make data privacy an attitude rather than a one-time checklist. Share with care, and only when totally necessary.

Over the next several weeks, Sileo.com will share 11 more tips on protecting your identity, your privacy and your hard-earned money during the holiday season. The 12 Days of Christmas will help you re-accumulate your privacy in time to be safe for whichever holiday you celebrate. Check back every few days for the next tip, or subscribe to the Sileo.com RSS feed.

In the meantime, happy shopping… and don’t stand under any pear trees (you can never trust those partridges)! On the second day of Christmas…


About Cybersecurity Keynote Speaker John Sileo

John Sileo is the founder and CEO of The Sileo Group, a cybersecurity think tank, in Lakewood, Colorado, and an award-winning author, keynote speaker and expert on technology, cybersecurity, and tech/life balance. He energizes conferences, corporate trainings and main-stage events by making security fun and engaging. His clients include the Pentagon, Schwab, and organizations of all sizes. John got started in cybersecurity when he lost everything, including his $2 million business, to cybercrime. Since then, he has shared his experiences on 60 Minutes, Anderson Cooper, and even while cooking meatballs with Rachel Ray. Contact John directly to see how he can customize his presentations to your audience.

Catching Credit Card Thieves in the Act through Automatic Account Alerts

Wouldn’t you just love to catch a thief?  Sometimes there is no possible way to prevent identity theft and the reality of living in the information economy is that your identity will occasionally be compromised. While we don’t have a sure-fire way of knowing who may obtain and use your credit card information, we do know a way to shut down their activities in a matter of minutes, before it becomes a serious headache for you.

To monitor accounts quickly and conveniently, sign up for automatic account alerts when any transaction occurs on your account. If you spend even a dollar at a store, you receive an email or text notifying you of the purchase. If you receive an email for an amount you didn’t spend – bingo – you’re probably a victim of fraud.

Visit your bank and credit card providers online to set up account alerts.  You can receive an alert if:

  • Your balance is above or below an amount you specify. (You set dollar limits for different transactions, including ATM withdrawals, debit card activity, money transfers and online bill payments. )
  • A withdrawal, deposit or check posts to your account.
  • Your ATM withdrawal or debit card purchase exceeds an amount you choose.
  • Your credit card payment is due.
  • Your mortgage payment is due.
  • A brokerage trade goes through.
  • Activity occurs on your credit card.
  • Your bank detects suspicious or unusual activity on your card requiring verification by you.

Take this one easy step today to prevent lots of headaches, and potentially lots of charges, in the future.  It will be the best 5 minutes you’ll spend today!

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Equifax Data Breach Protection Tips

How to Protect Yourself from the Equifax Data Breach

Equifax, one of the three major consumer credit reporting agencies disclosed that hackers compromised Social Security and driver’s license numbers as well as names, birthdates, addresses and some credit cards on more than 143 million Americans. If you have a credit profile, you were probably affected.

Credit reporting companies collect and sell vast troves of consumer data from your buying habits to your credit worthiness, making this quite possibly the most destructive data security breach in history. By hacking Equifax, the criminals were able to get all of your personally identifying information in a one-stop shop. This is the third major cybersecurity breach at Equifax since 2015, demonstrating that they continue to place profits over consumer protection. Ultimately, their negligence will erode their margins, their credibility and their position as one of the big three.

But that isn’t your concern – your concern is protecting yourself and your family from the abuse of that stolen information that will happen over the next 3 years.

Minimize Your Risk from the Equifax Data Breach

  1. Assume that your identity has been compromised. Don’t take a chance that you are one of the very few adult American’s that aren’t affected. It’s not time to panic, it’s time to act.
  2. If you want to see the spin that Equifax is putting on the story, visit their website. Here’s how the story usually develops: 1. They announce the breach and say that fraud hasn’t been detected 2. A few days later when you aren’t paying attention, they retract that statement because fraud is happening, 3. Sometime after that they admit that more people, more identity and more fraud took place than originally thought. They encourage you to sign up for their free monitoring (which you should do), but it does nothing to actually prevent identity theft, it just might help you catch it when it happens.
  3. I recommend placing a verbal password on all of your bank accounts and credit cards so that criminals can’t use the information they have from the breach to socially engineer their way into your accounts. Call your banks and credit card companies and request a “call-in” password be placed on your account.
  4. Begin monitoring your bank, credit card and credit accounts on a regular basis. Consider watching this video and then setting up account alerts to make this process easier.
  5. Visit AnnualCreditReport.com to get your credit report from the three credit reporting bureaus to see if there are any newly established, fraudulent accounts set up. DON’T JUST CHECK EQUIFAX, AS THE CRIMINALS HAVE ENOUGH OF YOUR DATA TO ABUSE YOUR CREDIT THROUGH ALL THREE BUREAUS.
  6. MOST IMPORTANTLY, FREEZE YOUR CREDIT. The video above walks you through why this is such an important step. Some websites and cybersecurity experts will tell you to simply place a fraud alert on your three credit profiles. I am telling you that this isn’t strong enough to protect your credit. Freezing your credit puts a password on your credit profile, so that criminals can’t apply for credit in your name (unless they steal your password too). Here are the credit freeze websites and phone numbers for each bureau. Equifax is being overwhelmed by requests, so be patient and keep trying. Even if it doesn’t happen today, you need to Freeze Your Credit!

Equifax Credit Freeze
P.O. Box 105788 Atlanta, Georgia 30348
Toll-Free: 1.800.685.1111

TransUnion Credit Freeze
Fraud Victim Assistance Department P.O. Box 6790 Fullerton, CA 92834
Toll-Free: 1.888.909.8872

Experian Credit Freeze
P.O. Box 9554 Allen, TX 75013
Toll-Free: 1.888.397.3742

John Sileo is an an award-winning author and keynote speaker on cybersecurity. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.