No, this isn’t ‘Old MacDonald’s Farm’, but there are cyber-sharks circling in the water – looking to feed. Every month about 4,800 websites are breached by cybercriminals using Formjacking code, and the companies that were breached can take months to notify the victims. Be proactive by looking at this list of recent data breaches to see if you may have been impacted.

It is all too common these days that we hear of a large hotel chain or social media company exposing customer data through a breach. Has your name, email, or social security number been exposed in one of the breaches listed below?

There’s a reason that browsers like Chrome and Edge have added breached password notifications. Data breaches happen all the time and can have devastating and costly consequences. Hackers can steal identities, compromise bank accounts, and inflict many other forms of damage.

You may not even know when hackers have breached your Personal Identifiable Information (PII) and passwords since the time from breach to notification of the breach can be fairly long. One example is the data breach of CafePress, a popular online retailer that prints personalized items.

CafePress was hit with a huge data breach in February 2019. That breach exposed millions of names and addresses, security questions, and more. Hackers also stole social security numbers that weren’t encrypted.

Even though that incident occurred in February, many consumers weren’t notified until late summer that year. The FTC took action against the company in June of 2022 due to its careless security practices.

The main takeaway from all this is that your personal or business information can be in free-fall through the internet for months or even years without you knowing that you have been compromised. Unless you happen to look at the right website, you may not even realize it. Breached password features in browsers are very helpful for this. But what happens if you have other PII beyond a password that has been exposed and is now for sale on the Dark Web?

You to gain some knowledge that will help you protect yourself. Check the recent breaches below. Do you have any PII on those sites? If you have interacted with any of these companies, you’ll want to take steps to protect yourself from the fallout.

Recent Breaches of PII That May Impact You

Microsoft Customer Data Breach

Microsoft announced a breach that exposed customer data on October 19, 2022. They laid the blame on a misconfigured server, but this breach exposed certain business transaction data. It’s believed that this breach could have affected more than 65,000 entities worldwide. Microsoft should have most advanced IT Services Department in the world, so what does tell you about standard internal IT Support Departments or outsourced Managed IT Services? The problem is: website operations are a specialized entity and not in the domain of most Managed Services Providers.

The EdFinancial / Oklahoma Student Loan Authority (OSLA) Breach

Over 2.5 million student loan records were exposed. Did you get a student loan from EdFinancial and the OSLA? If so, you could be in trouble. These organizations notified impacted individuals by letter in July 2022.

The personal information at risk included:

  • Social security numbers
  • Email addresses
  • Home addresses
  • Phone numbers.

U-Haul Data Breach

Large rental firm U-Haul is a household name. It suffered a major data breach which exposed millions of customers’ data. It notified clients in August of 2022 of a compromise of some rental contracts. The contacts in question were between November 5, 2021, and April 5, 2022.

The breach exposed names, driver’s license numbers, and state identification numbers. It affected over 2.2 million individuals that rented vehicles from the company.

Neopets Breach

You wouldn’t suspect a cute site like Neopets to be a cybersecurity risk, but it was the victim of a massive data breach exposing 69 million accounts. Users of the platform got a rude awakening due to the breach of the service. and those 69 million accounts may have had emails and passwords leaked.

The full stolen Neopets database and copy of the source code were being offered for sale for about $94,500.

Marriott Breach

One unsecured employee computer caused hotel giant Marriott to suffer yet another breach in July 2022. About 300-400 individuals had data leaked. This data included credit card numbers and other confidential information.

This one was fairly small, but unfortunately, the company shows a pattern of poor cybersecurity and a laissez-faire attitude towards making necessary security improvements. Within the last four years, Marriott has suffered three separate breaches. That’s enough to want to pay in cash or use a pre-paid card if you stay there. You could also set up a secondary checking account into which you transfer only the amount of funds needed for events like vacations – then register only that debit card data with the services used. If breached, simply close the account.

Shield Health Care Group Breach

In March of 2022, Massachusetts-based Shield Health Care Group detected a breach that exposed up to 2 million records, including medical records, social security numbers, and other sensitive personal data.

Flagstar Bank Breach

In December of 2021, Flagstar Bank suffered a breach, but it wasn’t until 6 months later that it identified the individuals affected. And the impact was huge as it included exposed social security numbers. The hack impacted about 1.5 million customers.

Block Breach

Block, formerly known as Square, is a popular payment processing platform. It announced in April of 2022 that it had been breached the previous December. A former employee accessed customer names and brokerage account numbers. Some accounts also had other stock trading information accessed.

About 8.2 million current and former customers had their data exposed. Breach

Cryptocurrency may be hot at the moment, but it’s a dicey realm in which to play – consider the massive FTX failure and alleged fraud. It is also very susceptible to cyberattacks. In January 2022, over 483 users  their wallets and the payout was worth over $30 million dollars:

The hackers made it past two-factor authentication, which is usually quite effective, although the crooks seem sophisticated enough to have possibly defeated Multi-Fact-Authentication (MFA), which uses at least three levels of authentication, as well. They stole about $18 million in bitcoin and $15 million in Ethereum and other cryptocurrencies.

No matter the size of the breached companies above, it shows us that anything can be breached, and as usual, ‘The bigger they are, the harder they fall.’

Frequently Asked Questions

Q: What is typical PII data?

A:  According to NIST (The National Institute of Standards and Technology), PII (Personally Identifiable Information) is “Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.” This includes, but is not limited to: Name, Social Security Number (SSN), address, phone number and email address, etc.

Q: What is Formjacking code?

A: Formjacking is a type of e-skimming attack. Hackers insert malicious code (most often JavaScript) into a website. The goal is to take control of the site’s form pages to glean valuable data or sensitive user information. As mentioned above, typical IT Support does not monitor the code in its client’s website – that falls within the arena of web development.

Q: Does iPhone notify you when your password has been compromised?

A: Yes, your iPhone does have that alert capability. Simply follow this path:
Settings >
Passwords >
Security Recommendations – turn ‘Detect Compromised Passwords’ ON.

Q: What is the dark web used for?

A: The Dark Web is the black market of the internet. Cybercriminals post data for sale or offer other illegal goods or services. There is at least one case of an assassin hired from the dark web. This resulted in the murder of Russian police investigator Yevgeniya Shiskina in 2018.

How secure is your network?

As a reputable member of the IT Support Los Angeles community since 2002, IT Support LA offers a FREE, no-risk network and security assessment. It is a non-intrusive scan that allows us to deliver a comprehensive report that is yours to keep. No strings, and no obligation to ever use our Managed IT Services.

The best defense is the best Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider (MSP) to ensure continued reliability and defenses against newly emerging threats.

With our 100% Money Back Guarantee in writing, we offer a risk-free way for prospective clients to try us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.

Among the Managed IT services we provide:

IT HelpDesk Service
Onsite IT Support
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)

How Secure Are Your Passwords?

There are many solutions that can help you better manage and secure your passwords. Give us a call to learn more about protecting your personal data from a breach and check out our page Creating Strong Passwords.

IT Support LA an award-winning Managed Services Provider (MSP):
o  3 Years awarded Best IT by the Small Business Expo
o  Awarded 2nd best company of any type in the US by the Small Business Expo SB100
o  Awarded Best IT in California by Channel Futures
o  Winner of Best IT Support in Los Angeles 2021 by Channel Futures
o  Listed as one of the world’s Top 501 Managed Services Providers by CRN and in the top 250 in the   ‘Pioneer’ listing
o  4 years listed as one of the Top 501 MSPs in the World by Channel Futures
o  Globee 2021 Bronze Award winner for Chief Technology Officer of the Year
o  Globee 2022 Gold Award winner for Chief Technology Officer of the Year
o  Named one of 2022’s 50 ‘Best’ businesses in California by UpCity
o  Named Best of IT Services winner for 2021 by UpCity
o  Winner of Local Excellence Award for 2021 by UpCity
o  Named Best of Cloud Consulting winner for 2021 by UpCity
o  Certified as Top MSP and Cybersecurity Pro for 2021 by UpCity
o  Named Best IT Support in Los Angeles for 2021 by

For more information, or to receive your FREE no-risk network and Cybersecurity assessment, just fill out the form on this page or call us at: