Marriott breach where the data has never appeared in the dark web — as the purpose of the hack was simply to collect detailed records on people.
Publications such as the New York Times or the Wall Street Journal will often carry news of the big data breaches. Security focused publications such as Krebsonsecurity and SC Magazine are even better, often providing more detailed information as to how the breach took place.
You should be checking your bank statements for odd and unusual payments. If you see a repeated string of pizza purchases, your account may have been hacked or your credit card details stolen.
Have I Been Pwned? is the go-to website for people to check if their personal data has been compromised by a data breach. It was built by Troy Hunt on the heels of the Adobe breach where he saw the same accounts and passwords being hacked repeatedly. To use this, simply go to https://haveibeenpwned.com/, enter your email-address, and click on “pwned?” If you see the message “Oh no — pwned!” chances are that your email details have been included in a recent breach. This is limited to emails and does not include other important hackable details such as social security details or phone numbers.
Within the US, you can get one free credit monitoring report annually from each of the three major credit bureaus: Equifax, Experian and TransUnion. This is the traditional way to uncover suspect activity and the appearance of new accounts. However, Equifax itself has had its own major data breach making their own data handling processes a little suspect. Beginning in 2018, Americans have also had the ability to place a freeze on their credit files, keeping the three bureaus from releasing or selling your credit report. This is also a free service in comparison to the bureaus’ own “credit lock” services.
Yes, there are formal reporting requirements for companies following the breach of personal data of their customers and clients. Penalties for not complying can be significant for the companies. However, these notifications tend to come after news of the breach has already been in the press, making them a stale confirmation of an already known fact.