Data breaches have been a problem for years. A data breach, of course, is when hackers steal confidential information that's sitting in a database. While large companies are the prime targets for this type of attack, individuals are always the victims.
Once the hackers get their hands on customers' information, they can sell it on the Dark Web. We learned of a data breach at the end of last year, but for some reason, affected customers are only being notified now.
We're talking about the online learning site, Lynda.com. It was confirmed in December 2016 that the site was the victim of a data breach. A hacker accessed its database that contains account holder contact information as well as the courses they have viewed and their learning data.
When the breach was discovered, the company said, "You may have received an email notification from Lynda.com explaining that we recently became aware that an unauthorized third-party accessed a database that included some Lynda.com learning data, such as contact information and courses viewed. We are informing users out of an abundance of caution."
Why did it take so long to notify impacted customers?
Even though Lynda.com put that statement out in December acknowledging the breach, it took them two months to send out notices to customers who were actually impacted. This notification email was just received by a staff member of Komando.com:
The good news is, the company doesn't believe passwords were compromised in the hack. But as a precaution, the company reset the passwords for nearly 55,000 of its customers. There are approximately 9.5 million Lynda.com customers.
Even if you're not a customer of Lynda.com, there are other attacks that could pop-up from this one that you need to be aware of. Especially phishing scams.
Scammers will piggyback on the announcement of a data breach and send malicious emails pretending to be from the company that was breached. Clicking on malicious links within the email could lead to more trouble; ransomware or malware are examples of potential attacks.
What you need to do following a data breach
Here are some online safety ideas that should be followed anytime you hear that a data breach occurs.
- Change your password - Whenever you hear news of a data breach, it's a good idea to change your account passwords. Read this article to help you create hack-proof passwords.
- Check HaveIBeenPwned - this site will tell you if your information has been stolen in a previous breach.
- Close unused accounts - Here's an easy way to manage all of your online accounts at once.
- Beware of phishing scams - Scammers will try and piggyback on huge breaches like this. They will create phishing emails, pretending to be the affected company, hoping to get victims to click on malicious links that could lead to more problems. Take our phishing IQ test to see if you can spot a fake email.
- Manage passwords - Many people use the same username and password on multiple sites. This is a terrible practice and you should never do it. If you're using the same credentials on multiple sites, change them to make them unique. If you have too many accounts to remember, you could always use a password manager.
- Keep an eye on your bank accounts - You should be frequently checking your bank statements, looking for suspicious activity. If you see anything that seems strange, report it immediately.
- Check email security settings - Make sure the email account associated with the hacked site has updated security settings.
- Have strong security software - Protecting your gadgets with strong security software is important. It's the best defense against digital threats.
The fact is, we don't know why it took so long for impacted customers to be notified. If you received the latest notification from Lynda.com, contact the company and ask them why there was such a delay. If you hear back from them, leave us a comment and tell us their response.