Yahoo! & Quest Diagnostics Take Substantial Hits

As the holidays roll forward, so do the data breaches.

Two major breaches to be exact, both of which combined, have amassed more than a billion records stolen. The first, Quest Diagnostics released a statement verifying that more than 34,000 laboratory results had been hacked. The data includes patient names, lab results, birth dates, and patient telephone numbers. Fortunately, the breached data did not contain Social Security Numbers or credit card information, but still poses an issue for the company moving forward about their security protocols.

The second significant announced breach within the past week comes from the search engine mammoth, Yahoo!. In an announcement, Yahoo! disclosed that data from more than one billion user accounts had been stolen. Similar to the Quest Diagnostics hack, this breach also did not include financial information, but did compromise email addresses, passwords, and names of users. This is Yahoo!’s second announced breach in a matter of months, now having totaled more than 1.5 billion user accounts.

Yahoo!’s chief information security officer, Bob Lord, cited the incident’s contrast to the September attack, “we believe this incident is likely distinct from the incident we disclosed on September 22, 2016.” The data breach disclosed back in September was an assumed state-sponsored breach.

What to do if you’ve received a Yahoo! or Quest Diagnostics breach notice

No, it’s not the end of the world, and yes, there are steps that you can take to help protect those already breached accounts.

First, you’re going to need to change all of your passwords. Not just for these two accounts, but for ALL user accounts that use the same password that’s now been breached. It’s also important to change your password security questions, as those questions could be used for further hacking practices.

Second, you should monitor all of your credit card and banking statements to be sure that nothing slipped through the cracks. You should be doing this on a daily or weekly basis anyways, but during times of significant user hacks, this is especially important. It’s also suggested that you shore up all other accounts — particularly the ones that contain the most sensitive information — in a relative timely manner. Change your passwords, password question & answers, and delete any unnecessary accounts, ones that still exist but aren’t being used on a consistent basis.

And finally, you need to maintain proper password etiquette. This doesn’t mean changing your password every time you hear about a new data breach, but more like every other month or so. A consistent method of change will help secure your account, keeping hackers off balance, and helping eliminate any further depths of breach into your various other online accounts.

Remember that just because financial information was not stolen doesn’t mean that it can’t happen in the future, so the time to act is now. Hackers aren’t looking to steal the same information time and time again; they’re looking to use the information to further their exploits with new accounts that may have more sensitive data.