You are in a fantasy football league registered under your email and your password. Unbeknownst to you, however, the league’s site has been breached, and access credentials have been stolen. The site discovers the breach, investigates the breach, and gives notice to impacted individuals.
If you are lucky, the time frame from when the original breach occurred and when you receive notice is 60 days; more likely it will be a longer time frame – potentially 18 months or longer. In the meantime, because you reuse your password for multiple accounts, the bad actor that compromised the fantasy league site has already used your password to access your Gmail or AOL account, reset your password, and has logged into your bank account and drained your funds.
Sound like a bad made-for-TV movie or detective show episode?
Sadly, the scenario outlined above is true and happened to a gentleman in Texas, and was shared during a recent InfraGard¹ webinar. Continue Reading The Life of a Data Breach: The “Gift” That Keeps on Giving