Capital One Financial, one of the largest American credit card companies, is the latest company to announce a significant data breach, potentially opening up millions of its customers to fraud. WTTW's Chicago Tonight news show invited Assistant Professor Blase Ur to discuss the incident and what people can do to protect themselves from misuse of their private information.
"It feels like it's the new normal, it seems like every week there's another data breach," Ur said. "A lot of the burden is being pushed on to us as consumers...I think it's really hitting on some major systemic issues on how we handle data breaches as a society and as a country."
In an accompanying article, Ur also shared his tips for protection against future data breaches:
1. Use different passwords everywhere. “If for one data breach your password is revealed, then you’ll be accessible [to hackers] on all these different sites,” Ur said.
2. To better manage your different passwords, use password manager software. “You might think I have a really strong and hard-to-guess password that I’ll use everywhere, but if any company suffers from a data breach … you’re basically toast,” he said.
3. Enable two-factor authentication. “This is the case where you type in your username and password, and then you have to enter a code that comes up on your phone, for instance,” Ur said.
4. Be careful of phishing emails. “Sometimes they’re laughable, like some foreign prince wants to give you money and then you have to pay some processing fees to get this money. But now that all this personal information is being revealed from data breaches, we’ve seen more targeted phishing emails,” Ur says. “I think a big worry is this will become way more targeted in the future. If you get an email about your last vacation, it might just be a scammer.”
5. Think about what kind of information you are sharing with companies. “When you’re sharing information with companies, think about whether they actually need it,” Ur said. “We live in an age where it’s very natural to give companies information to get services, but just be wary. You have to be a little bit rebellious and say, ‘No, I don’t want to give this information.’”