Login

Is Your Data Over-Exposed?

What Is an “Over-Exposure” of Your Data?

The Identity Theft Resource Center has been tracking data breaches for years and has basically seen it all.

There have been events in which hackers stole the information for millions of credit card accounts. Some breaches have included usernames and passwords for more than a billion email accounts, while others have exposed the complete records—containing all the PII for each of the victims—for just a few hundred individuals, which is only a handful of people in comparison.

There are different outcomes in many data breaches, of course. What kind of information was stolen? Did the hackers get enough information to lead to identity theft? Can the victims’ finances be impacted? Will they need credit monitoring to watch for suspicious or criminal activity?

The type of breach can vary greatly, too. Was it an inside job by an employee with access to records? Did hackers break through what was supposed to be a secured network? Did someone throw away large amounts of papers that contain sensitive information? Did an employee intentionally but innocently forward information to someone who pretended to be the boss?

One other distinction that was recently reported is for an event in which the victims say it wasn’t actually a data breach, but rather just a “data over-exposure.” What’s the difference? For some states and their notification laws, there might not be a difference. But in the case of Dow Jones & Co, and their four million customers whose information was accidentally left open to the public on an unsecured server, the company claims it wasn’t a breach.

There are some minor differences here. First, the data was stored exactly where Dow Jones planned for it to go, but the way it was set up on the Amazon S3 web hosting server left it accessible to others with Amazon web authentication.  A security researcher found the information during an intentional search for unsecured databases, and so far no unauthorized activity has been reported with the information.

This might be important to Dow Jones, but their approximately four million customers might not feel that this is so minor. The accessible database contained customers’ names, their in-house customer IDs, along with their home and business addresses. The most alarming information was the last four digits of the credit card the victims stored in their customer records, along with their email addresses. This information and the news surrounding the data breach means victims can certainly expect phishing emails that can lead to scams.

No matter how a breach occurs—or whether it was even a full-fledged breach or simply a mislabeled security protocol—consumers need to be prepared to take their security into their own hands. Monitoring their accounts carefully, practicing good password safety, and taking action against suspicious activity immediately can help no matter how your information fell into the wrong hands.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.  Source: idtheftcenter.org 

 Sign up to get advice from an HR Pro!

Looking to make your Company CyberAWARE?
Get hooked into Corporate Training!

Add a comment

*Please complete all fields correctly

Related Blogs

21 Sep 2017
Q&A: We have employees that are unable to get to work due to the hurricane...
Question: We have employees that are unable to get to work due to the hurricane. Some of them haven’t contacted us at all and we’re wondering if we should follow...
14 Sep 2017
Q&A: I’ve heard about the DACA program ending. What does this mean and what do I need to do?
Question: I’ve heard about the DACA program ending. What does this mean and what do I need to do?  Answer from Aimee, GPHR, SHRM-SCP: The Department of Homeland Security (DHS)...
07 Sep 2017
Q& A: Are we allowed to look through an employee's email while they are still employed?
Question: Are we allowed to look through an employee's email while they are still employed? Answer from Emily, PHR: The short answer is yes, you can monitor employee email. As...