The RCIPS Financial Crime Unit has been made aware of an incident where a significant amount of money was stolen from a local individual as a result of their email information being compromised.
It is strongly suspected that the hackers were able to obtain the individual’s login information as a result of a data breach of a commercial website’s user database, which occurred several years ago. In light of this the FCU is taking the opportunity to remind members of the public to take steps to ensure the safety of their email and login information with the following tips:
1) As a general rule it is strongly advised to use an entirely different password for each website you use. You may wish to consider using a password manager to organize and retrieve strong passwords securely.
2) It is also advised to avoid linking your email address to websites through use of your email as a username, especially email addresses that are used to conduct sensitive business and financial transactions.
3) Most specifically, it is important to change your passwords immediately if a service you have been using experiences a data breach. If you are currently aware of any such breaches that may affect you and you have not changed your passwords yet, you should still do so immediately. It’s important to remember that even though a breach may have occurred some time ago, your information is still out there and could be used at any time. Just because you have not seen any suspicious activity yet does not mean it cannot still happen.
Because of the possibility that you may be unaware that a site you are using has suffered a breach, it may also be a good idea to proactively check an online breach database to see if any site you use has been compromised. One example is the website www.haveibeenpwnd.com, which can display any services associated with an email address you enter, and list which of those services has experienced a data breach. Again, if any of the sites which use that email address have been compromised, you should immediately change any passwords associated with that email address.
If you suspect that you have an email account containing sensitive information that has been compromised, please contact the FCU at RCIPS.FCU@gov.ky or at 949-8797.