Quest Diagnostics says a data breach may have exposed the information of 11.9 million patients.. American Medical Collection Agency (AMCA), a billing collections service provider, informed Quest of the breach. AMCA said personal, financial and medical information may have been accessed.. That includes Social Security numbers, bank account info, and medical info. The company told the SEC it learned last month that an unauthorized user had gotten access to a billing vendor's system. Quest says it's "taking this matter very seriously" and is working to notify customers who may be at risk. Apparently, this is NOT the company first crack. Quest also had a data breach in 2016 that exposed about 34,000 customers' info (like names, dates of birth, and lab results).
Here are some of the companies affected by Data Beaches
Quest Diagnostics — your neighborhood drug testing and blood work lab — just added its name to the very long list of companies that have admitted to data breaches in the last few months exposing millions of people’s private info. Here are some well documented breaches
- DEC 07 2018 - Quora Breach - 100 million user accounts have been compromised.
- NOV 30 2018 - Marriott Starwood breach - personal data of up to 500 million of their customers has been compromised
- SEP 28 2018 - Facebook breach - 50 million accounts may have been breached
- AUG 28 2018 - T-Mobile breach - 2 million of its customers may have been compromised
- APR 06 2018 - Panera bread -their online ordering system was the subject of a data leak. Customer information including names, email addresses, home addresses, birth dates and the final four payment card digits was compromise.
- APR 06 2018 - Saks Fifth Avenue / Lord and Taylor breach. The data breach is believed to have compromised 5 million customers’ payment card information.
- MAR 30 2018 - The fitness and diet tracking app, MyFitnessPal, recently announced that it was the subject of a 150 million account data breach.
What do criminals do with my data?
Stolen data typically ends up on the Dark Web. As the name implies, the Dark Web is the part of the Internet most people never see. The Dark Web is not indexed by search engines and you need a special type of browser called Tor Browser to see it.
For the most part, criminals use the Dark Web to traffic various illegal goods. Cyber-criminals are buying and selling illegal drugs, guns, pornography, and your personal data. Marketplaces that specialize in large batches of personal information gathered from various data breaches are known, in criminal parlance, as dump shops. The largest known assemblage of stolen data found online, all 87GBs of it, was discovered in January of 2019 by cyber security researcher Troy Hunt, creator of Have I Been Pwned (HIBP), a site that lets you check if your email has been compromised in a data breach. The data, known as Collection 1, included 773 million emails and 21 million passwords from a hodgepodge of known data breaches. Some 140 million emails and 10 million passwords, however, were new to HIBP, having not been included in any previously disclosed data breach.
What Should You Do If or When Your Personal Data is Compromise?
- Get confirmation of the breach and whether your information was exposed. The first step is to confirm that a breach actually occurred. This doesn't mean that you've received an email saying there's a breach and you believe it. When a data breach occurs, scammers may reach out to you posing as the breached company to try to obtain more of your personal information. Don't fall for fake emails. Go to the company's secure website and/or call the company to confirm the breach and whether your information was involved.
- Find out what type of data was stolen.
- If your SSN was exposed…call up one of the credit bureaus — Experian, TransUnion, or Equifax — and ask them to put a fraud alert on your account. (The agency you call will notify the others.) This tells future lenders that you’re on the lookout for potential identity fraud. So they should be careful before approving new loans or credit card applications in your name. Setting up an alert also gives you free access to your credit report. If you see something, report it immediately.
- If your passwords were exposed... change ‘yourmomname2019’ as your go-to password and make it a difficult one. Combine letters, uppercase, lowercase, numbers and anything else. While you’re at it, switch up the answers to any site security questions, as well. Things like your mom’s maiden name or an old street address are easily Googled or found on social media.
- If your financial account numbers were exposed... keep a closer eye on your statements, so you can jump on any sketchy activity. Banks have protections in place to refund fraudulent charges...IF you tell them ASAP. Play it safe by requesting a fresh new card and account number sooner than later.
- Stay alert; monitor your accounts closely. If you think you’ve been affected by a data breach, act fast. A little legwork now can help you avoid bigger financial headaches later. And don’t forget that hackers generally play the long game. Just because you don’t notice any fraudulent activity right after a breach doesn’t mean you won’t ever. Make a habit out of scanning your accounts on a regular basis.
- Consider credit monitoring services. Should you sign up? Often times, after a data breach, affected companies and organizations will offer victims free identity theft monitoring services. It’s worth noting that services like LifeLock, will notify you if someone opens up a line of credit in your name, but they can’t protect your data from being stolen in the first place. Bottom line - if the service is free, go ahead and sign up. Otherwise, think twice.
- Watch your inbox carefully. Opportunistic cyber-criminals know that millions of victims of any given data breach are expecting some kind of communication regarding hacked accounts. These scammers will take the opportunity to send out phishing emails spoofed to look like they’re coming from those hacked accounts in an attempt to get you to give up personal information. Don’t fall prey to these tactics.
You can’t stop breaches from happening, and no matter how hard you try to keep your personal information private, you’re going to have to give it to some people. (Remember that IRS breach?) The best thing you can do is stay one step ahead of the criminals and be prepared for the day your information does get breached. Now days, it’s not a question of if but rather when.