What to Do if a Data Breach Exposes Your Personal Info While Traveling
It's not just a travel headache, it is a potential personal data disaster.
Last week, MGM Resorts reluctantly admitted that the company was a victim of a massive cyber attack which kneecapped a majority of its operations. It is reportedly costing MGM about $8 million per day in revenue, though as of this writing, its website and digital operations are back in operation. The news of the attack caused major concerns about a data breach, which could affect guests and customers of MGM.
With other recent attacks reported at Caesars and three other unnamed companies, fears around personal data being stolen have skyrocketed. According to Lisa Plaggemier, executive director at the National Cybersecurity Alliance, there’s reason to be concerned.
"Given MGM and Caesars’ prominence in the casino industry, and extensive customer reach and operations, these recent breaches are a reminder that even the most sophisticated organizations are vulnerable to cyberattacks," Plaggemier told Thrillist.
"This incident serves as a glaring example of the need for organizations to invest proactively in robust cyber defenses, as being unprepared can lead to substantial financial losses and compromised customer data."
While there hasn’t been any confirmation about whether MGM Resorts customer data was compromised during its cyber attack, Caesars confirmed that customer data was stolen by the same group that took responsibility for the MGM attack.
Michael Jabbara, vice president and global head of fraud services at Visa, advised Thrillist readers on what you should do if you suspect that your information was part of any mass data breach.
If you suspect that your information has been a part of a data breach, what should you do?
First, Jabbara advised taking the following three steps as soon as you can:
- "Report the event and request a fraud alert to your accounts at your banks, your brokerage firms and on your credit reports. The concern is that the compromised payment credentials could be leveraged to build an identity profile that is leveraged to apply for fraudulent applications or to engage in Account Takeover attacks."
- "Ensure that you enable transaction alerts on your card and bank accounts to validate that transactions made are legitimate."
- "If you believe sensitive Personally Identifiable Information (PII) that includes full name, DOB, SSN is included in the data breach, then we recommend a credit freeze should be put into place with the three credit bureaus."
How can people protect themselves from situations like this in the future?
Jabbara noted that data breaches of all sizes and scales "can happen at a moment's notice, and when it comes to security, it pays to be proactive." Unfortunately, we as individuals can't prevent cyber attacks on major companies, but we can make our data less vulnerable in everyday transactions.
There are ways to reduce the likelihood of being a victim to data breaches and digital scams going forward. Here's what fraud experts at Visa advise:
- Practice the principle of "data minimization"—only provide information online that is absolutely necessary to obtain the good or service you are seeking; push back against providing PII that seems extraneous (e.g., providing your SSN to sign up for a loyalty program).
- Use multi-factor authentication whenever you can, especially with your financial services providers and your email accounts that are leveraged for verification.
- Create unique, complicated passwords for each website that requires them.
- Buy goods from trusted vendors and utilize your email provider's encryption options whenever possible when making purchases.
- Avoid purchasing goods online from someone you don't know.
- Use a credit card for easier refund support and dispute charges—not your debit card.
- Set up fraud alerts with your bank/credit card issuer if they aren't automatically enabled upon account opening.
- Check the URL before entering payment details when making online purchases; confirm the site has a secure connection (indicated by an "https" in the URL) and isn't a dupe site.
- Update your devices regularly to ensure they have the latest security and bug patches to protect you from data breaches and hacks.
Unfortunately, taking these kinds of precautions aren't considered over the top. Industry experts anticipate that the MGM and Caesars incidents are likely to happen more often, meaning that familiarity with keeping your personal data safe will only become more important.
"Ransomware attacks are becoming more common and targeted, so the possibility of becoming a victim is growing," Andy Stone, the chief technology officer at tech company Pure Storage, told Thrillist.
Looking for more travel tips?
Whether you need help sneaking weed onto a plane, finding an airport where you can sign up for PreCheck without an appointment, or making sure you’re getting everything you’re entitled to when your flight is canceled, we’ve got you covered. Keep reading for up-to-date travel hacks and all the travel news you need to help you plan your next big adventure.