It hasn't been a great year for companies having to disclose their data breaches.
In just one week, both Marriott and Quora disclosed breaches totaling 600 million consumers. The compromised data is similar -- and staggering.
The Marriott breach included "some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date and communication preferences. For some, the information also includes payment card numbers and payment card expiration dates."
From Quora, it's even more widespread. In addition to account and user information, such as name, email, IP, user ID, encrypted password, user account settings and personalization data, hackers also received user activity, including all of their written content - published or not - and their platform votes. Additionally, all of the third-party data that was imported by Quora into their user records was compromised.
Most troubling of all, for some users, partial bank account information was compromised, including name, bank name, country, currency type, last 4 digits of their account number, routing number, and transaction times and amounts.
While these are disturbing, they're only the latest in a string of megabreaches that have become commonplace. Just this year, Facebook, UnderArmour, Exactis, British Airways, Air Canada, T-Mobile, TimeHop, MyHeritage, Ticketfly and Aadhaar have had incidents affecting nearly two billion people combined -- and while those are the most sensational, they are by no means all of them.
What's worse, these are happening so frequently, there's a fear that people are becoming desensitized to them. Unfortunately, unless you take additional steps, you can suffer some real damage. Here are four things you should do right now to protect yourself from harm from these digital pirates.
1. Start monitoring your identity.
There's an entire new industry of identity theft protection services that has risen precisely because of these breaches, as the standard solution most companies employ after a breach is to offer one year of free credit and identity monitoring. In fact, research shows that individuals affected by a breach who receive free credit monitoring or identity theft protection are six times less likely to file a lawsuit against the breached company.
While they can't protect your accounts from being compromised, they will let you know as soon as they are, so you can alert the bank, credit agency and authorities immediately - reducing your liability.
2. Clean up after yourself.
If you're anything like me, when you see a new website that interests you, you'll sign up for an account to test it out. And then you'll promptly forget about it when you're done (Pokemon Go, anyone?)
The best way to protect yourself from breaches is to only sign up for accounts that you really need - use guest accounts wherever possible, and delete your account on sites you no longer use.
3. Use a password manager
When we reset all 50 million Evernote users' passwords during our 2013 data breach, the most common support request we got from users was for the ability to change their password back to the one they had before. Their most common reason was that it was the same password they used everywhere else, and they didn't want to have to remember a new one.
Reusing passwords is something a lot of people do. Hackers know this. If you use 1Password, LastPass or another password manager, you can use just a single password and still have unique, secure passwords on every site.
4. Freeze your credit.
The most extreme but effective way to keep anyone from opening a new account in your name is to set up a credit freeze or lock with each credit agency. If you don't want to go that far, you can set a free fraud alert that requires lenders to verify your identity before issuing new credit.
No matter what you do, whenever a new breach is announced, check the affected site, change your password, and check any associated accounts (for example, any credit cards you've linked to your Marriott account) for unusual transactions. Report anything suspicious immediately.
This problem isn't going away, so the more proactive you are the safer you'll be.