The reason Marriott will weather the storm of 500 million records being hacked is because all of our information has already been hacked. First, we’re immune to it. And second there’s really not that much new that’s going to be out there as a result of this network infiltration.
It’s only been just over a year since the Equifax hack was disclosed. And if you’re a federal employee your address, date and place of birth, social security number, and even detailed security clearance background informationubiquitous as social security numbers and Mothers Maiden Name.
Marriott says they’ll pay the cost associated with compromised passport numbers — but only after it’s too late and you’ve already been a victim.
Krebs on Security makes the point that if there is any of your personal data that’s not already leaked out of some system, you should assume “Any data point you share with a company will in all likelihood eventually be hacked, lost, leaked, stolen or sold.”
There are (4) things you can do that make sense to me:
- Don’t use the same password on multiple sites. That’s because your passwords will be hacked, and anyone that has that password can then use it to access other accounts of yours too.
- Use complex passwords. The only way this makes sense though is with a password manager. And then you have to trust the security being used by that password manager.
- Check your credit report regularly. The best way to protect yourself against fraud is to learn about it as quickly as possible.
That’s why by the way that AwardWallet is so useful for protecting frequent flyer accounts from fraud — you’ll know about account balance changes right away, before someone flies or stays on your miles. And that’s why loyalty programs that block AwardWallet have only themselves to blame for the cost of fraud.
Some people recommend freezing your credit file, I find that too much of a pain in securing credit to be worthwhile.
- Don’t trust your email. Always assume links sent to you that you weren’t expecting are phishing efforts even if the URL you’re taken to looks familiar. Type the web address in yourself, or verify with whomever is sending it that the request you’ve gotten is real.
Multi-factor authentication is good, ideally not using text messages. But it can be a pain. Social security numbers have already been broken as a means of identification. They’re hard to replace though. We should expect many more hacks, and most people will just go on not worrying about them.