SALT LAKE CITY — A massive data breach that initially exposed the personal details of millions of people in Oregon and Louisiana has now reached Utah. And as far as cyberattacks go, this one is especially brutal says cybersecurity expert Mike Bruemmer, Experian’s global vice president of Data Breach Resolution.
“The data that we’re talking about has been put on the dark web,” he said.
That data? Names, addresses, birthdates, social security numbers and more.
“It’s very easy to commit identity theft with that type of information,” said Bruemmer.
The culprits? A ransomware gang linked to Russia. Bruemmer says they used a security weakness in a file transfer tool called MOVEit, initially hitting the Department of Motor Vehicles of Oregon and Louisiana. But the software’s use extends far beyond that.
“It’s regularly used by up to about 2,500 companies,” he explained. “So, there are many more entities, whether they be states or private companies that could be impacted.”
Among that 2,500 is a vendor working with the University of Utah. Now, the U says donors, thousands of current and former employees and students have been exposed by the MOVEit data breach. Bruemmer says the impact will keep growing.
“The hackers will find an exploit…they’ll take advantage of every company, whether it’s large, or whether it’s small. So, there’s nobody that can say ‘Hey, I’m too small to be at risk,’” he said. “The consumers are innocent parties to this. It was the transfer of information between organizations. It hasn’t anything to do with what the consumers were doing themselves.”
So, how can consumers possibly protect themselves? Bruemmer says start by checking your credit report.
“I would automatically put a fraud alert or a credit freeze on your credit file.”
Take advantage of credit and bank account monitoring services.
“Most of your financial institutions have free monitoring to alert you of transactions over a certain size or transactions that might happen outside your state,” he said.
Bruemmer says good cybersecurity habits are essential here: Change passwords. Turn on multifactor authentication. And watch out for suspicious calls, emails, and texts – especially if they are about the data breach.
“Don’t answer the phone call. Don’t click on the link. Don’t respond to it.
Bruemmer says one sure sign that someone has gotten hold of your identity in a data breach like this one – you start getting mail from various creditors you’ve never heard of. If you see something strange like that, he says act immediately.