Explainer: What do you do after a data breach?

FILE PHOTO: The logo and ticker for Capital One are displayed on a screen on the floor of the New York Stock Exchange (NYSE) in New York, U.S., May 21, 2018. REUTERS/Brendan McDermid/File Photo

(Reuters) – A hacker has stolen the personal information of over 100 million people from Capital One Financial Corp, the company said this week, in the latest high-profile breach of sensitive consumer data.

Security experts say data breaches will continue to happen as cyber criminals and state-backed hackers target the protected information held by companies and government agencies.

Such attacks leave consumers vulnerable to fraud and identity theft. Here are some steps you can take to assess the severity of the breach and better secure yourself:

WHAT WAS COMPROMISED?

Breaches often cover a wide range of data. Information which is already publicly available, such as your name or email address, is seen as less of a concern.

Other details, however, can be extremely sensitive and need to remain private. For example, full credit card numbers, which could be used to make fraudulent purchases in your name, or passwords for your online accounts.

Even if stolen, the data may still be protected by encryption. Hacks by foreign governments are also usually seen as less dangerous for general consumers compared to data thefts by financially-motivated criminal gangs because most spy agencies do not sell or trade such information.

Much of the information stolen from Capital One was already public, including names and addresses of over 100 million people in the United States and Canada. But the breach also included 140,000 Social Security numbers which could be used to steal people’s identities.

To assess the severity of the breach, try and determine what information was compromised and in what format it was stolen.

AM I AFFECTED?

Try to establish if your data is likely to have been compromised in the breach. Are you a customer of the affected company? Do you know what data they hold on you? Does the breach only concern data collected in a specific time period?

Answering those questions will allow you to judge the level of risk, but remember some organizations may hold your data without you being aware. Those include credit-reporting companies such as Equifax Inc <EFX.N>, which suffered a breach in 2017 that affected 147 million people.

Breached companies are usually obliged to notify the people who are impacted, but this does not always happen immediately. Affected companies will typically post guidance for consumers on their own websites about data breaches.

Under the European Union’s General Data Protection Regulation (GDPR), companies have to inform victims of severe data breaches “without undue delay.” They must then describe in “clear and plain language” the nature of the breach, the likely consequences and what measures being taken to deal with it.

IS THIS A SCAM?

If you think you data was compromised, be on high alert for scams and fraud.

Watch your bank account balances and payment card statements carefully, especially if you believe your financial information has been compromised. If you spot any unusual activity, contact your bank or card provider immediately and inform the appropriate law enforcement agency.

Be aware of so-called “phishing” websites purporting to offer information about the breach, or even compensation, but actually set up by criminals to try and trick you into revealing more personal details or making a payment to the wrong account.

Fraudsters may also contact you directly, by phone or email, and could now be armed with large amounts of detailed personal information which will make them harder to spot. If you’re unsure about someone’s identity, find the affected company’s contact information and contact them independently.

Experts recommend changing passwords frequently and using a combination of letters, characters and symbols to maintain a complex passphrase that is less likely to be guessed.

(Reporting by Jack Stubbs and Christopher Bing; Editing by Jonathan Weber and Susan Thomas)

‘Jackpotting’ hackers steal over $1 million from ATM machines across U.S.: Secret Service

A hooded man holds a laptop computer as blue screen with an exclamation mark is projected on him in this illustration picture taken on May 13, 2017.

By Dustin Volz

WASHINGTON (Reuters) – A coordinated group of hackers likely tied to international criminal syndicates has pilfered more than $1 million by hijacking ATM machines across the United States and forcing them to spit out bills like slot machines dispensing a jackpot, a senior U.S. Secret Service official said on Monday.

Within the past few days there have been about a half-dozen successful “jackpotting” attacks, the official said.

The heists, which involve hacking ATMs to rapidly shoot out torrents of cash, have been observed across the United States spanning from the Gulf Coast in the southern part of the country to the New England region in the northeast, Matthew O’Neill, a special agent in the criminal investigations division, told Reuters in an interview.

The spate of attacks represented the first widespread jackpotting activity in the United States, O’Neill said. Previous campaigns have been spotted in parts of Europe and Latin America in recent years.

“It was just a matter of time until it hit our shores,” O’Neill said.

Diebold Nixdorf Inc and NCR Corp, two of the world’s largest ATM makers, warned last week that cyber criminals are targeting ATMs with tools needed to carry out jackpotting schemes.

The Diebold Nixdorf alert described steps that criminals had used to compromise ATMs. They include gaining physical access, replacing the hard drive and using an industrial endoscope to depress an internal button required to reset the device.

A confidential U.S. Secret Service alert seen by Reuters and sent to banks on Friday said machines running XP were more vulnerable and encouraged ATM operators to update to Windows 7 to protect against the attack, which appeared to be targeting ATMs typically located in pharmacies, big box retailers and drive-thrus.

While initial intelligence suggested only ATMs running on outdated Windows XP software were being targeted, the Secret Service has seen successful attacks within the past 48 hours on machines running updated Windows 7, O’Neil said.

“There isn’t one magic solution to solve the problem,” he said.

A local electronic crimes task force in the Washington, D.C., metropolitan area first reported an unsuccessful jackpotting attempt last week, O’Neill said.

A few days later another local partner witnessed similar activity and “developed intelligence” that indicated a sustained, coordinated attack was likely to occur over the next two weeks, O’Neill said. He declined to say where that partner was located.

Jackpotting has been rising worldwide in recent years, though it is unclear how much cash has been stolen because victims and police often do not disclose details.

(Reporting by Dustin Volz in Washington, D.C.; Editing by David Gregorio)

Cyber extortion demands surge as victims keep paying: Symantec

A man walks past a display of hexadecimal code in a file photo. REUTERS/Nigel Treblin

By Alastair Sharp

TORONTO (Reuters) – Hackers are demanding increasingly hefty ransoms to free computers paralyzed with viruses, as cyber criminals seek to maximize profits from large numbers of victims willing to pay up, according to cyber security firm Symantec Corp.

The average demand embedded in such malicious software, which is known as ransomware, more than tripled last year to $1,077 from $294, and the pricing has continued to rise in 2017, according to Symantec.

“The bad guys haven’t found the top end of what people will pay,” Symantec Director of Security Response Kevin Haley said in a telephone interview.

Symantec said 69 percent of ransomware infections in 2016 hit consumer computers, with the remainder targeting businesses and other organizations.

More than a third of consumer ransomware victims around the globe pay cyber criminals to regain access to their data, according to Symantec. In the United States, where such attacks are most prevalent, 64 percent pay.

“If six out of ten people will pay your ransom when it’s three hundred bucks, you’re thinking ‘What if I raise it to four hundred? What if I raise to five hundred?'” Haley said.

The surge in cyber extortion has been fueled partly by the sale of ransomware kits, which sell for $10 to $1,800 on underground markets and make it easy for wannabe cyber crooks to get in the business, according to Symantec.

One kit, known as Shark, lets users name their demand, which its creators collect from victims and pass on to attackers, minus a 20 percent commission.

Ransomware attacks have increased sharply over the past year, with criminals targeting hospitals, police departments and other providers of critical services in the United States and Europe.

In some cases, the attacks have interrupted critical public services.

U.S. and European hospitals have been forced to divert patients to other facilities when ransomware paralyzed computer systems.

Local police have been forced to manually dispatch calls, and San Francisco’s public transit system was unable to collect fares for a weekend during the busy Christmas shopping season.

(Reporting by Alastair Sharp; Editing by Steve Orlofsky; Editing by Jim Finkle and Steve Orlofsky)