| Individuals March 14, 2018


March 14, 2018

How a single breach can wreak havoc: 21 million impacted in February incidents

By Lookout

A single breach can have huge and long-term impact on millions of individuals. In February, over 21 million individuals found this out the hard way, including one incident in California that exposed the personal information of more than 19 million people.

It only takes one breach for your personal information to be launched into the dark web - opening you up to identity theft, financial loss, and fraud. Let's take a closer look at the details of this single breach with huge impact to discover why it's more important than ever to protect your personal information and what you can do to stay ahead of hackers and identity thieves.

The Sacramento Bee

On February 10, The Sacramento Bee, a respected California newspaper, reported a breach of two company databases, hosted on a third-party server. Attackers penetrated the databases when a firewall didn't come back online after routine maintenance.

One of the newspaper's servers held the contact information for 53,000 current and former Bee subscribers. The other server, however, held the voter registration data of 19.4 million Californians.

Owned by The McClatchy Company, the third-largest newspaper corporation in the country based on circulation, The Sacramento Bee legally attained the voter registration database from the state. According to state law, the information can be provided by the Secretary of State "for election, scholarly, journalistic, or political purposes, or for governmental purposes."

While newspaper and state officials claim that no "sensitive" data was breached, such as social security numbers, credit card numbers, or bank account details, the information included in the voter rolls - your name, address, phone number, party affiliation, and birth date and place - could be the missing pieces that hackers and identity peddlers are seeking.

Why all personal information is sensitive

Information like your birth date, phone number, home address, name, paints a picture for an attack that could allow them to open accounts in your name, or social engineer more information out of you. 

For example, an attacker could use this information to find you on social media, send you a text message pretending to be one of your friends, and steal more data from you like the login credentials to online services you use. This is called "social engineering" and it's a big part of an attack called "phishing." Attackers trick individuals into giving over sensitive data just by knowing a few details about you.

We've made it our mission to keep your personal data safe. When you upgrade to Lookout Premium Plus with our monthly Breach Report, you are alerted anytime a company or service you use is breached, receiving help and support on what you can do to better protect your data and identity. Learn more and get the protection you deserve today.


Author

Lookout