Member Risks Continue to Grow as Cyberthieves Steal Personal Data from Social Media. Consumer complacency and recent social hacks can have dangerous consequences.
“Data breach.” It’s a term that we hear too frequently; a crime that has already affected the majority of Americans. Equifax, Anthem Healthcare, Uber, and most recently, Marriott are a few of the well-known breaches that have made major news headlines over the last few years and caused many consumers to temporarily pause and consider that it may have affected them.
Most people think of loss social security numbers and financial data as being the biggest threat of a “data breach”, but in reality, the most dangerous threats can be the types of stolen personal data (i.e., email addresses, city of residence, birthdate) that most people have little concern about, as well as the complacency behavior of many consumers (your members). This is why more and more social media hacks have occurred and will continue to be a target of many cyberthieves.
In just the past few months, Facebook and Google have both announced massive breaches: approximately 30 million consumers affected by the Facebook breach and over 500,000 users’ records compromised from the Google breach. These are not the first breaches that have been known to occur in the social media world. In August 2017, it was announced that several high-profile accounts were hacked from Instagram. In 2012, approximately 167 million LinkedIn users had their account credentials stolen from a massive LinkedIn breach. And, Tumblr and Fling.com are a few other social networks that have been victims of a breach.
Many people consider these social breaches to be more of an inconvenience than a real threat to their identities. Some people will change their password of the affected social network and then give the breach little thought thereafter. Many people will not even do that. In fact, results from a new PCMag survey indicates that 35% of people never change their passwords.
The unworried behavior of social users supports the surprising findings from a recent study, which shows that consumers have exhibited an optimism bias that has led to a significant degree of complacency or total lack of action in response to last year’s Equifax data breach. Many consumers delay taking security related actions to protect themselves until after they know their data has been stolen.
There is a general lack of awareness about the best ways to stay protected from being a victim of identity theft. They don’t understand the extensive time and labor involved in managing the recovery efforts. This lack of awareness issue includes a misinterpretation of how preventative services, or so-called “resolution services”, actually work, or don’t work, as they are led to believe from their descriptions.
Perhaps one of the most unnerving things about consumers’ lack of awareness and action is that this is what criminals are counting on so that they can attack again. In a recent interview with FBI Retired-Special Agent, John Iannarelli, he explained that, “Criminals will sit on the majority of data for as much as a year or more before using it. They know the nature of consumers is to get more complacent over time, long after a major breach. They know there will be an initial rush to have protection immediately following the breach, then folks just get lax, assuming it’s all safe and lose their vigilance. And that’s when the thieves will strike.” From just the past year and a half of breaches, cyberthieves have much to be sitting on.
One concerning factor of many breaches is they often don’t get identified and/or announced until months, or even years after the attack occurred. For example, in 2016 it was announced that approximately 360 million MySpace users’ email addresses, usernames and passwords had been stolen. However, based on an analysis of this breach, the actual hack is more likely to have occurred in 2008 – almost a whole decade earlier.
According to Iannarelli, “A criminal only needs a little bit of your personal information to be able to find the rest.” For example, the information collected from social media breaches may be all that a hacker needs to be able to use that to obtain social security numbers and/or financial information. Basic information taken from the recent Facebook and Google breaches information could also be used to crack account security questions or to scam your members and their friends.
Criminals could also use such data to build strong bios that become powerful weapons in phishing scams, where personalized emails trick members into revealing financial information or clicking on links that install malware on their computers.
Many of your members mistakenly rely solely on various credit monitoring services, believing that they will prevent ID theft from happening. However, another interesting trend has recently been revealed by a Scottsdale, AZ firm, Cornerstone Advisors, which indicates that despite the fact that many consumers are not taking proactive steps to protect themselves from identity theft, there are many consumers (especially millennials) who are turning to credit unions or other financial institutions for non-financial services such as ID theft protection.
Additionally, as reported in a recent CU Times article, many consumers are willing to consider buying bundled services at attractive prices. This may show that it’s not that consumers don’t care about protecting themselves, it’s just that they want it done for them. If provided for them, most members are unlikely to opt-out of a program that promises protection of their identities with fully managed recovery services.
In conclusion, credit unions have an excellent opportunity to take a leadership role by bringing members a real solution to preparedness against data breach & ID theft events. Mark Pribish, a well-known subject matter expert, offers great advice, “I recommend that companies and individual consumers focus on response and recovery—because it’s not a question of if, but when a company experiences a data breach.” CU’s can make an enormous impact on their members with strong awareness programs and provide them bundled ID theft services with rich value propositions.
So, help stop your members’ complacency and give them the protection that they need and want from any kind of data breach – whether it be one from a social media company, or the previous recent breaches at Equifax, Uber, Marriott… or the next one surely to be announced. Serve your members before the next breach announcement….and end your members’ confusion, complacency, and increasing vulnerability that criminals are using to their advantage.
VERO provides a proven ID theft restoration tool for your members. Contact Dan Collins to find out how your credit union can proactively protect your members.