| Individuals August 4, 2017

August 4, 2017

Indian wireless carrier breach shows why it’s important that you know about any breach — even refuted ones

By Lookout

Crowd of people

Lookout tracks breaches related to companies and services that may impact customers with our Breach Report feature. Breach Report looks at the largest companies globally, and reports on those breaches to provide customers the most relevant information. It also provides remediation actions to help keep them safe. Interested in getting Breach Report? Upgrade to Premium now.

In July Indian wireless carrier Reliance Jio reportedly experienced a data breach. However, Reliance Jio refuted some of the claims made about the breach despite later reporting "unlawful access" to the police.

The story that follows highlights the criticality of knowing about data breaches, whether a company acknowledges them or not. When you know where your data is - and when it is potentially compromised - you are empowered to take action. You can proactively contact the affected company, get more information about what kind of data was compromised, and make informed decisions about whether to continue doing business with that company.

Reliance Jio refutes data authenticity found on external website

India's LTE carrier Reliance Jio refuted claims that customer records were made publicly available on a since-deactivated website.
According to the Times of India, a Reliance Jio spokesperson stated, "We have come across the unverified and unsubstantiated claims of the website and are investigating it. Prima facie, the data appears to be unauthentic."

News outlet Reuters, however, confirmed with a law enforcement officer that the company had filed a complaint for reported "unlawful access to its systems."

The carrier has upwards of 100 million customers, which means any data compromise could impact a large number of individuals.

You need to know when your data is even potentially compromised

In Reliance Jio's case, customer data may still have been breached, though the company has previously denied it.

Why highlight this? Because you still need to know how your data is protected when you entrust it to a company. Even knowing that a company is in the middle of a breach investigation gives  you, the customer, the opportunity to contact the company and take actions to protect yourself from further damage.

This is only possible, however, if you have timely alerts whenever a company, app or service you may use suffers a data breach.

Healthcare: the other breach trend in July

Healthcare organizations accounted for half of the breaches in July. Impacted companies include University of Iowa Health Care, UC Davis Health, Women's Healthcare Group of Pennsylvania, and Bupa, a U.K.-based international healthcare company.

Last year, there were a large number of headlines featuring ransomware attacks across hospitals in the U.S. This year, we're continuing to see criminals target these organizations. Healthcare companies were the second-most breached industry, according to our mid-year breach trends report.

Criminals attack healthcare data because it is a wealth of sensitive information. Healthcare institutions store social security numbers, dates of birth, usernames and passwords, home addresses, phone numbers, emails, demographic information, credit card information, and other highly sensitive data points. All of this kind of information, when aggregated, could easily allow an attacker to impersonate an individual, open accounts in her name, and spend her money.

Getting timely breach notifications today will keep you safer tomorrow

When data is breached, you want to act quickly. Here are some tips for minimizing the impact of a data breach:

  • Get alerts. Pay attention to the headlines and know if the companies you trust with your information have been breached.
  • Preemptively set up two-factor authentication on any accounts that supports it. This often comes in the form of an extra code that you have to input along with your login credentials. With two-factor authentication enabled it doesn't matter if an attacker finds your password or steals it from you because without the additional code provided by the two-factor authentication software he will not be able to log in.
  • Watch your bank statements. If you spot something weird, call your bank immediately.
  • If you have an account with a breached company, change your pin or password for that account immediately.
  • Contact breached companies for more information. Ask:
    • What kinds of information were breached?
    • How were was the company breached?
    • Was my information part of this breach?
    • What steps should I take next?

Lookout offers both timely information about breaches as well as data and credit monitoring through Lookout Identity Theft Protection. You get 24/7 access to identity restoration experts and a $1M insurance policy to help recover your identity. Click here to learn more about Lookout Premium Plus.