What you need to know about the Collection #1 data breach

If you haven’t yet heard about the ominous-sounding “Collection #1” data breach, you’ll be seeing it in the news soon. Collection #1 has been called “the mother of all breaches” due to the scope of the data released. Below is some background on this breach, along with tips for how to tell if your info is part of the breached dataset, and what to do if your email and password were compromised.

And before we start talking about Collection #1, I want to assure you that we know of no Alliant data that is part of this breach. We’re writing about it only because we want to help you be aware and alert when there is breaking news about data breaches so you can better protect yourself and your family.

What is Collection #1?

In mid-January 2019, a dataset of over 700 million email addresses – many including account passwords – were released for sale onto the so-called “dark web.” This breach is believed to be from several different sources rather than from a single company, which is why it has been dubbed a “collection.”

Were you in the Collection #1 breach?

Given how many email addresses were part of this breach, it’s safe to assume that at least one of the email addresses that you use was compromised.

If you’re really curious and have some time to do research, there are some “white hat” sites online that let you search for your email address(es) in a database of known breached emails. One example is the Have I Been Pwned (HIBP) site. (If that name confuses you, it might help to know that “pwned” is gaming slang for dominating or “owning” another player in the game.)

Please note that neither HIBP nor any other such site is a partner or vendor of Alliant’s, and we can’t vouch for the accuracy of their information. That’s why we’re recommending that the safest course of action is to assume that your personal emails were part of this breach and act accordingly.  

What should you do to protect your accounts?

When your email account has been compromised in a breach — or you suspect it has been — what should you do? I consulted Alliant’s Information Security team and they recommended some concrete steps you can take to better protect your identity and account security.

1. Change your email account’s password

We recommend that the safest course of action to help ensure that a breached email/password combination won’t make you vulnerable to fraudsters is to immediately log into that email account and change your password.

2. Change account usernames that use any part of your name

Many people reuse the same username on multiple websites or use an easy-to-hack username like their first initial and last name or their full name as one word. These usernames make you more vulnerable to fraud. For example, if my name were Jane Doe and I used jdoe, janedoe or Doe as my username, it would be easy for fraudsters to figure out.

If you are using an easily hackable username like the example above on any of your financial accounts, you should instead use a strong, hard to hack username. Basically, think of your username as being like a second password, and make it just as difficult to hack. If both your username and your password are strong, you’ll reduce the likelihood that any of your accounts can be hacked.  

3. Change your password on other accounts using your old email password

In addition to changing your email account password, you should stop using that old, potentially compromised password on any other accounts currently using it.

Although we have previously recommended to our members that they should never use the same password on multiple sites or accounts, we know that some people do reuse passwords. If you are one of those people, you need to go through any account that is using the old password and switch to a strong, unique password.

Changing a password that may have been breached is especially critical if you were reusing the email and password from one of your email accounts for any of your financial accounts or for shopping sites on which you have “saved” your credit card payment info.

4. Monitor your financial accounts

One of the best ways to know if your financial accounts have been compromised is to watch them like a hawk. But let’s be realistic. If you’re like me, you don’t always remember to log in to check for fraudulent activity. But you can still monitor your account with minimal effort using Alliant’s alert system.

You can opt in to get an email alert whenever anyone logs in to your Alliant account, so you’ll know immediately if someone other than you is attempting access. Or you can opt for us to email you when specific account transactions occur – any withdrawal or transfer or debit transaction over $50, for example. Alerts can be set up and customized on the Manage Alerts page in Alliant Online Banking. Alerts are easy to set up, and you can find out how in our automated alerts blog post.

5. Set up fraud alerts or a credit freeze

If your information has been compromised and you’re stressing about it, there are two other actions you can consider to give you some peace of mind and help protect you against fraud and identity theft: fraud alerts and credit freezes.

• Fraud alerts. When you’ve set up a fraud alert, if someone tries to open a credit card, take out a loan, rent an apartment or do anything else that requires a credit check, you’ll be contacted by the potential creditor to confirm that it is actually you taking the action. There are three types of fraud alerts, detailed in this Money Mentor article about identity theft protection.
• Credit freezes. When you set up a credit freeze, access to your credit report is “frozen” and no new loans or credit cards can be opened unless you temporarily “thaw” your credit using a PIN. Credit freezes are easier than ever to set up, as they are now free by law. They do, however, add a layer of inconvenience to loan transactions, so they aren’t the right option for everyone.

Pam Leibfried is a marketing content specialist whose love of words led to a writing and editing career. After a brief stint teaching English, she transitioned to corporate communications and spent 20 years at The Nielsen Company before joining Alliant’s content development team. Early in her work life, Pam’s friend Matt explained the benefits of a 401(k) and her dad encouraged her to start a Roth IRA. Their good counsel prompted her to prioritize retirement savings, which just might enable her to retire early so she can read more and live out the slogan on her fave T-shirt:  “I have a retirement plan: I plan on quilting.”