Credit cards are indispensible in today’s world. Social media,search engines, travel, e-commerce or news feeds for example, thrive on collection of personal data. Credit and debit card as well as other personal data are often at the core of such collections. You almost cannot book a hotel room or make an online purchase without one. Websites that store such personal data, are a haven for hackers. Phising scams are on the rise as scammers become more clever with their hacks. Losses by legitimate businesses are reported to have exceeded US$16 billion to date.
Let’s take a look at some major hacking incidents.
- Marriott | November 2018 : 500 million accounts breached
- Yahoo! | September 2016 : 500 million customer accounts stolen
- MySpace | May 2016 : 360 million records hacked
- Under Armour | March 2018 : 150 million customer records stolen
- LinkedIn 2016 | 164 Million Accounts stolen
- Home Depot | 2014: Over 50 Million Credit Cards stolen
For a more complete list see some of the major breaches.
LATEST MARIOTT HACK
Mariott is the biggest provider of hotel rooms worldwide. They are hosts to millions of travelers who are attracted by their loyalty card and rewards programs. They are brilliant at hospitality management but very poor in technology capabilities. It’s the same for others in the hospitality industry like Hilton Hotels, Best Western, Accor and others. Online Travel Agents (OTAs) like Expedia, Trivago, TripAdvisor and Bookings.com have taken advantage of this weakness and the industry has been and continue to be indebted to them for their survival.
This weakness of the accommodations industry in technology capabilities have extended into other areas like online security. The Mariott chain has hired expert security firms and invested heavily in cyber protection, yet we saw the recent massive breach that exposed over five hundred million of their customers’ data to online predators. Despite the millions spent in online security protection, Mariott has been guilty of lax procedures in managing issues like domain changes, email update requests and database integrations that were left unattended for over four years as they expanded the chain.
According to John Dickson, principal at Denim Group, a cybersecurity firm. “The hospitality industry’s rhetoric about cybersecurity far outpaces its actual investment in it. For having so much personal information, they’re too cavalier about cybersecurity.” As a consequence, they now face some major class action lawsuits.
Breaches are one thing. The aftermath is more worrisome. Here is why.
We are often not sure about who hacked the data and more importantly what they intend to do with it.
We can only surmise from what’s been happening in the past. Scammers spring to action soon after a breach as some of this data reached their hands. They have increasingly become clever and convincing with their techniques and messaging. They get hold of you using websites that look legitimate. Or you receive a scary email from them. One classic example is scammers who alert you that your data have been breached and trick you into turning over your private information so they can better protect you!
Sad to say, but many, especially seniors, have fallen victims to these scammers.
PROTECTING YOUR DATA – THE CHALLENGE
According to this article compiled by experts in the field, it is increasingly impossible to protect your data from being breached. If you are a frequent traveler or make purchases online, chances are high that your data is buried inside one of these breaches. So how do you protect yourself?
Here are some precautions to take that could help.
Routine checks :
- shred receipts, credit offers, account statements, and expired credit cards
- look out for thieves who can spy on you with their camers at checkout counters
- keep your personal information in a safe place, like a safety deposit box
- review your credit card and bank account statements frequently
- report any suspected breaches immediately.
Check legitimacy when browsing :
- check for site security certificates, access only https: secured sites
- avoid using public WiFi with mobile devices for online banking or making purchases
- add SMS Alerts to online credit card purchase transactions
- keep your browsing activities private
- delete email that do not address you personally or offers from strangers you don’t know
- never give your personal information online to anyone by phome or email, unless you know the person to whom you are giving it.
Your personal computer or device :
- clear cookies and cache often, especially before making online purchases
- use a strong password, avoid easy-to-guess passwords
- use different passwords for different sites
- use two-step verification
- install good virus-detection software on your computer
- make it a habit to clean up spyware lurking on your computer often
- sign up for security alerts on your credit or debit card,
If your account has been hacked :
- report it to your bank immediately, they may be able to halt abuse
- inform the hotel as they usually have identity theft protection
- report the incident to local authorities who are tracking these issues