MyFitnessPal breachNews moves fast, especially in the world of cybersecurity, and it can be hard to keep up. This week, we’re hitting on the important points of two recent data breaches you need to know about to help keep yourself informed and protected. Keep reading to learn the essentials about recent data breaches within a popular chain of department stores and a widely-used fitness tracker app — what happened, what data was stolen, who it impacts and what’s being done to recover. Plus, we’ve got some advice for how to face the endless barrage of breaches and stay focused on your cybersecurity without burning out.

Lord + Taylor and Saks Fifth Avenue hit by a payment card breach

What happened: A stash of 125,000 credit card numbers belonging to customers who recently shopped at Saks Fifth Avenue, Lord + Taylor and Saks Off 5th department stores was discovered on the dark web by researchers with cybersecurity firm Gemini Advisory on March 28. The group offering these stolen payment cards is known as JokerStash, and is responsible for other similar breaches in recent years such as Chipotle, Whole Foods and Trump Hotels.

When did it happen: Evidence uncovered thus far points to the hackers having access to the stores’ point-of-sale systems as early as May 2017.

Who was impacted: Though 125,000 card numbers were in the batch for sale, the hacking group claims to have approximately 5 million in total, according to Gemini Advisory. As of yet, no official numbers have been confirmed by Hudson’s Bay Co. of Canada (HBC), which owns the breached department stores. The company also reassured consumers that there is no evidence that any online customers or stores outside those indicated were impacted. Information gathered by Gemini Advisory’s researchers determined that the majority of the data came from stores in New York and New Jersey, but since only a small percentage of the total number of payment cards the group claims to have stolen were posted for sale, it’s hard to say yet how widespread this breach could be.

Information exposed: Credit and debit card numbers, as well as (potentially) other details related to them like expiration dates, CVV numbers and customer names. There’s no evidence yet that other details like social security numbers or driver’s license information was exposed, though the official investigation is still underway.

What’s being done about it: Though at first Gemini Advisory received no response when it informed HBC’s internal security team, the retail chain owner has stated that the source of the breach was identified and contained. The company is complying with law enforcement and conducting a thorough investigation, after which it will notify customers whose payment cards were exposed. Impacted customers will also receive protection in the form of free credit and identity monitoring service, and they will not be held liable for fraudulent charges stemming from this breach.

Unknown intruder accesses MyFitnessPal app user data

What happened: In a press release published on March 29, athletic company Under Armour announced that unknown actors had accessed user data for its health tracker app MyFitnessPal, viewing and potentially stealing private user information. So far, the identity of the unauthorized intruder is unknown.

When it happened: The intrusion is thought to have occurred in late February 2018, and the company became aware of the issue on March 25.

Who was impacted: All of the approximately 150 million users of the MyFitnessPal app and website were potentially impacted, though there hasn’t been any indication that anyone has used the information accessed to fraudulently access user accounts.

Information exposed: Email addresses, usernames and hashed passwords were exposed in this breach, which might not seem like a big deal, but depending on your password security, could lead someone to gain access to other more valuable accounts or hijack control of your email. It’s good to note that more sensitive details like driver’s license information, social security numbers or payment card details were not exposed.

What’s being done about it: Under Armour has retained a private data firm as well as engaged with law enforcement to investigate the breach and determine the full scope of it. Users are being alerted to the intrusion through emails, as well as in-app alerts, which urge them to change their passwords immediately. A note added to the MyFitnessPal FAQ on the breach on April 2 denotes that users who use other Under Armour apps with connected logins, such as MapMyFitness, will see their password updated across accounts when they change their MyFitnessPal password.

How can you deal with these breaches (and others like them)?

It’s all too easy to turn a deaf ear to the news about breaches, especially since there is an endless stream of them happening on a monthly, or sometimes weekly, basis. However, ignorance is not bliss when it comes to cybersecurity, and those who do nothing are likely to find themselves in a sticky situation at some point with no clue where to turn or what to do. When it comes to data breaches, whether you were definitely involved or only think you could have been, it’s important to assess the type of data that was accessed or stolen, and determine how a bad actor could use it for malicious purposes. Someone with access to your payment card information or other financial data has quite different options than someone with your username and password, but both can cause plenty of harm. One of the best solutions to prevent burnout (or cyber fatigue, as it’s often called) is to prepare for different kinds of worst-case scenarios ahead of time. If you have a plan of action for dealing with identity theft, scammers and other types of fraud, you will know what kind of action to take if the worst should happen.

Keep up with our data breach blog for breaking breach news, and follow our identity theft protection blog for all the tips and advice you need to keep your cybersecurity in tip-top shape.