Privacy

29784 readers

692 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

[email protected]

[Question] I've just been alerted I was affected by a data breach, what now? (lemmy.ml)

submitted 2 weeks ago* (last edited 2 weeks ago) by [email protected] to c/[email protected]

8 comments fedilink hide all child comments

Hello Lemmy, this is my first time posting instead of commenting so if this is the wrong place or I'm formatting this wrong feel free to let me know how to fix it.

One of my healthcare providers (US) has just alerted me I've been affected by a Data breach (from February, so glad to see they took it seriously and alerted people quickly). The breach supposedly affects Full name, address DoB, and health information such as illnesses and medications. They have sent a 2 page information packet that gives recommendations such as calling the three creditors and a "free" 5 year subscription to an experian credit monitoring service. Upon checking the website they want my full name, DoB, SSN, Address, email, phone number, and I'm sure if they could my blood type and fingerprints.

What I would like to know is are these services they are providing me with "safe" for a threat model that involves keeping my information out of the hands of advertisers, bad actors and people who don't need it? Do they already have this information and are just asking to verify who I am? I'd prefer not to have my identity stolen due to someone else's computer having a security flaw. What's my best course of action to preserve my privacy while not having my identity stolen?

Thanks for any help in advance.

top 8 comments

sorted by: hot top controversial new old

[–] [email protected] 27 points 2 weeks ago (1 children)

Freeze your credit on all three bureaus. IIRC it is free for all of them, just don't get tricked into enrolling in their credit monitoring service. You're there to freeze and unfreeze your credit, nothing more. From then on, any time you apply for something that requires a credit check, you need to go thaw each credit bureau temporarily. They all let you schedule thaws, so just open it for a day, apply. And close it back up. Or however long your credit check takes.

The premium service offered by these data breaches is pretty terrible. In some cases, they'll have a clause that says if you accept, you can't sue or be part of a class action suit. If you have a credit card with monitoring included, they will notify you way faster if your credit is run. My credit card companies email me within minutes of an application being submitted. The paid service I got from a breach years ago doesn't let me know till about a week later.

[–] [email protected] 5 points 2 weeks ago (1 children)

Thanks for the information! I'll get in contact with the creditors and put a freeze on and disregard the experian monitoring

[–] [email protected] 1 points 2 weeks ago (1 children)

Yeah, other than freezing credit, there's not much you can do. It's a toothpaste out of the tube scenario. It's basically too late. The offerings always suck and are basically only there so they can say they're doing something for you.

Other than that, harden your privacy in general. Yeah, it doesn't help for breaches like this because you can't hide from your doctors, but simple things like having an alternate email address makes it a tiny bit better.

[–] [email protected] 2 points 2 weeks ago

I use randomly generated aliases for every service I use ;P

[–] [email protected] 5 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Change all your important account passwords, enable encryption where you can at rest and e2ee in transit, and enable 2FA to send to a device you know is in your possession like a SMS to keep an eye out for failed logins and such.

[–] [email protected] 3 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Just out of curiosity what would changing all of my important account logins achieve if the leak was a healthcare provider that doesn't have anything other than my medical history and insurance card (I never sign up for "patient portals" and the like.)? Not trying to go against what you're saying as I already do most of what you're recommending there. In fact I actively avoid 2FA by SMS in favor of Authentication apps (such as Aegis), and use a password manager to randomly generate all my logins.

[–] [email protected] 3 points 2 weeks ago (1 children)

If your using good 2fa auth. and generated passwords you probably OK. It wasn't stated you had good measures in place. I was thinking more identity theft situation where someone could compromise your financials. If all they have is some medications, insurance, and basic info you really don't have major concerns. Now if they have your DoB, Social Security, Address, etc then that's where locking down all your accounts would be more appropriate. Your post sounded more severe than your reply here so that lead me to believe it was more dire.

[–] [email protected] 2 points 2 weeks ago

Thats fair, I appreciate the input none-the-less :)