The Weekly Breach Breakdown Podcast by ITRC - Footprints in the Sand - S5E24

Show Transcript

Welcome to the Identity Theft Resource Center's Weekly Breach Breakdown for August 2nd, 2024. I'm Alex Achten, Director of Communications & Media Relations of the ITRC. Thanks to Sentilink for supporting the ITRC and this podcast. Each week, we look at the most recent events and trends related to data security and privacy. Today, I am going to talk about two events that you have probably heard about all over the news, and what it ultimately means for our digital footprint. 

When you think of footprints, many things come to mind. It may be something inspirational and purposeful. Or it could simply be the thought of someone leaving shoe marks in the living room after not following your house rule of no shoes! A lot of people probably think of the popular song “Footprints in the Sand” by Leona Lewis. No matter what comes to mind, there is another footprint we should probably be paying more attention to: our digital footprint. 

A digital footprint is the information about you that exists on the internet as a result of your online activity. Your digital footprint should be valued. It should be protected. The recent events at AT&T and CloudStrike are perfect examples of why. 

Three weeks ago, AT&T announced that nearly all of their customer call and text records were compromised in a data event. Fortunately, the information compromised did not include personally identifiable information. Information not appearing in public identity forums means it’s likely being used for intelligence or espionage, which are the telltale signs of a Nation/State attack.

More recently, the cybersecurity company, CrowdStrike, suffered an outage caused by a software defect. While the outage was not caused by a cyberattack or security incident, it has impacted industries all over the globe, from healthcare and government agencies to airlines and personal appliances. 

Neither of these incidents provides new risks to your personal information. However, they do highlight the importance of securing your digital footprint as best you can and protecting your data – because no security, database, or device is perfect. As ITRC COO James E. Lee told CBS 3 in Charlotte “We’re all one bad line of code away from something like CrowdStrike”.

How can you protect your data? It starts with having physical copies of documents with your personal information. Beyond that, it includes:

1. Using a password manager. Most people cannot remember all of their passwords and a password manager allows you to create unique 12+-character passphrases for all of your accounts. 
2. Using passkeys, when possible. When logging into your account, you might get a message asking if you’d like to create a passkey. Click “yes” and set it up because passkeys are the future replacement for passwords. It creates a unique code that stays on your device. You never see it. It never leaves your device. It just talks to the account on the other end of your transaction. That way, you can’t self-compromise. You can’t give your password away in a phishing attack, and it can’t be compromised on the company side because it’s never stored.
3. Enabling multi-factor authentication (MFA), preferably with an app since SMS can be spoofed. MFA is an added layer of security for your accounts. While it's an extra step for you, it is an extra line of defense against the criminals. This is a very important step that will provide ample protection.

There are more cyber-hygiene tips that you can find on our website here.

One final note: While your information was not impacted by the CrowdStrike outage, scammers always look to take advantage of the most recent events. Watch out for IT support scams. The identity thieves may also look to benefit from the AT&T data event. If you receive any message with links that you are not expecting, ignore them. Go back to the source directly to verify the validity of the message. 

If you want to know more about how to protect your business or personal information or think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone, via text message, chat live on the web, or exchange emails during our normal business hours. Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the ITRC and this podcast. Be sure to check out our sister podcast, the Fraudian Slip. Last week we heard the identity theft victim stories of Yahoo Finance Reporter, Janna Herron, and Boston Globe Correspondent, Linda Matchan. Herron and Matchan originally told their stories at the ITRC’s Identivation Summit in May, supported by Socure. We will return next week with another episode of the Weekly Breach Breakdown. I'm Alex Achten. Until then, thanks for listening.