5 On Your Side: How to protect yourself if your information is compromised on the dark web
If you’ve ever been part of a data breach, you should have gotten a notice warning you what information has been compromised.
If your username, passwords, driver’s license number or Social Security number have been found on the dark web, do you know what to do?
For criminals, using information compromised in a data breach is like doing a puzzle. If they collect enough pieces, they can drain your bank accounts, rack up charges to your credit card, or take out loans in your name.
However, if you take more security steps, the puzzle gets harder to put together and you have a better chance of protecting your accounts even if your information has been exposed.
Reggie Juliot was alerted that he was part of the Equifax breach in 2017.
"I really didn’t think very much of it," he told 5 On Your Side
A few months later, that compromised information led to a worst-case scenario.
"I went and checked my bank account balance and it was, I was missing $10,000." Juliot said.
Juliot didn’t actually have $10,000, but hackers used a series of deposits and withdraws to drop his account into the red.
"So they actually ended up with negative $10,000 in my account," Juliot said.
Something similar even happened to North Carolina Attorney General Josh Stein.
“I’ve had my information stolen. My accountant was hacked and all my personal information was taken,” Stein said. “They actually filed a claim to refund from the IRS in my name.”
Director of cyber security at ine.com, Jack Reedy, explains that when your information is compromised in a breach and offered for sale on the dark web, hackers are buying it up cheap.
"A couple thousand records for $10-$20," Reedy revealed.
However, Reedy points out that just because someone has your information, doesn’t mean they can get into your bank account.
"A lot of the attacks are automated now, so if the automation doesn’t work that they’ve built, then they’ll just move on," Reedy said. "Because, in reality, if you’re buying 20,000 records for $10-$20, no one’s [going to] sit there and type in every single time, every single username and password.
"That’s why the investment is so low, as well, because it’s unsuccessful so many times."
So what can you do to keep that stolen information from being used against you?
Reedy said, "it’s time to respond in a meaningful way."
The number one thing is freezing your credit with the three major reporting agencies.
Change your passwords and use a different password for each account. A password management system can help you keep track of all of them.
If multi-factor authentication is available on an account, turn it on.
Keep a close eye on your email and financial accounts. Look for strange log-in attempts and charges you can’t identify.
Finally, document everything from the moment you learn your information has been compromised.
It’s a good idea to take all of those precautions, even if none of your information has been compromised.
If you don’t know if you’ve been part of a data breach, our cyber security expert recommended going to the website haveibeenpwned.com. Type your email into that site and it will tell you what breaches you were a part of and what information has been compromised.
Juliot took some steps to protect himself, but not enough and wants others to go further than he did before. He doesn't want to become the next victim.
"It’s only a matter of time. It really is," Juliot warned. "I thought that it wasn’t going to happen to me. And boy, did it happen to me."
