Will 2019 be the Year of the Breaches?

The first quarter of 2019 has been plagued with security breaches. On January 2nd,we learned that Blur, a password manager by Abine, was breached, exposing 2.4 million clients; on January 3rd, we were notified that Town of Salem, a video gaming platform by MediaBlank, was breached, exposing 7.6 million subscribers; on January 4th, DiscountMugs.com, an online retailer, announced that they had lost names, credit card numbers, addresses, phone numbers, and postal codes of an undetermined number of clients; on January 7th, we were informed that Benefit Mall, a U.S. provider of payroll, HR, and employer services, was breached and the number of records exposed was unknown; and the list goes on… with an additional twelve breaches in the month of January including Managed Health Services of Indiana, Fortnite, Oklahoma Department of Securities, Blackrock Financial, and Alaska Department of Health and Social Services. February brought us notification of another twelve breaches including North Carolina’s own Catawba Valley Medical Center, Dunkin’ Doughnuts, Huddle House, Advent Health, UW Medicine, and UConn Health. March rounded out the quarter bringing the number of announced breaches for the first quarter of 2019 to forty-four. Forty-four data breaches in the last three months!

With these breaches – and those from 2018 including Yahoo, Equifax, Marriott, Target, Facebook, and JP Morgan – our names, Social Security numbers, credit card numbers, passport numbers, dates of birth, account passwords, physical and email addresses, and even employment and medical histories are out there for the taking. Cybercriminals need only use the bounty that’s open for the taking.

So, what can we do? Is there really anything consumers can do to protect their personal data?

In fact, there are a few things that can help. You can change your passwords regularly. You can spend time opening and checking your statements for unusual activity. You can consider signing up for credit monitoring. You can establish security freezes on your accounts, including your children’s. You can try to file your taxes early to avoid someone else doing so in your place. Unfortunately, even if you do all these, nothing is 100% effective, except for maybe living completely “off-the-grid”.

Despite the size of the United States’ economy, our government has done nothing to protect your personal data for over thirty years. In fact, the United States may be the only nation of its size without some sort of data privacy regulation in effect – but that might be about to change. The Trump administration has pushed the issue and there are at least four federal bills on congressional desks that would change how companies handle and protect Americans’ private data. Unfortunately, on this front, no one in the 116th United States Congress seems to care – the first quarter of 2019 has given us a relative “do nothing” legislature.

If consumers are limited in their ability to protect their data and government is unwilling to act in defense of its citizens, businesses must act in the interest of their clients – and consumers have to demand that businesses do so by refusing to do business with those who fail them.