LinkedIn BreachAs the midpoint of 2016 draws closer, data breaches are still a central focus of American attention as companies like LinkedIn, Wendy’s and others disclose intrusions and deal with the resulting fallout. While across the pond, the European Union is implementing the General Data Protection Regulation, the U.S. government has not yet enacted any meaningful laws that impact data breach notification on a federal level. Currently, 47 states and the District of Columbia operate under their own laws regarding data breach notifications (with Alabama, New Mexico and South Dakota being the odd states out). Given that the U.S. government has plenty of information security issues of its own, it’s no wonder that there has been no overarching agreement yet on legislation that would impact the entire country, but that isn’t for lack of trying. The Cybersecurity Information Sharing Act (CISA), signed into law by President Obama in December 2015 impacts businesses, but proposed legislation for single-breach notification laws remains in limbo while lawmakers argue the details. In the meantime, breaches are still occurring, and it’s important for citizens to keep up with what’s happening and how it might impact them. Here are three data breach headlines you should know about.

LinkedIn data breach numbers far higher than originally reported

Remember the massive LinkedIn data breach in 2012? At the time, it was reported that 6.5 million account passwords were exposed after a list was posted to a hacker forum. Unfortunately, new data recovered from a different source indicates that the number of compromised accounts in that breach is exponentially more — to the tune of 176 million accounts. As a result, LinkedIn is forcing accounts thought to be impacted to reset their passwords (but not all accounts on its site). If you’ve changed your LinkedIn password since 2012, chances are, your account is more or less secure — but it doesn’t hurt to change your password anyway, just in case. Frequent password changes are one way to stay ahead of would-be hackers.

It is thought that the original list of 6.5 million passwords were the ones that the hacker couldn’t crack, whereas the majority of others were easily puzzled out. An analysis of the data shows that of the 176 million records, more than 2.2 million comprised of the same 50 easy-to-guess passwords. Some of the results from the top 30 identified passwords include “123456,” “princess,” “abc123” and the mind-boggling “linkedin.” As we’ve pointed out time and again, convenience should never overshadow security when it comes to creating passwords for your accounts, and it is an especially poor choice to make your password the name of the website you’re logging into itself. It’s also important to never reuse passwords, especially when it comes to sensitive accounts such as online banking, email and other financial accounts.

Wendy’s breach investigation determined 300 locations were affected

Answers have finally arrived after fast food restaurant chain Wendy’s finished its investigation into potential credit card breach at multiple locations across the country. The initial reports that something had happened came in late January, thanks to banks and credit unions tipping off cybersecurity blogger Brian Krebs. Wendy’s confirmed that fewer than 300 of its 5,500 franchised stores were affected by malware installed on one particular point-of-sale system, burying the update in its first quarter press release on May 11. The company said the point-of-sale system used by the majority of its locations was not affected, and added that to date approximately 50 locations had unrelated, unresolved security issues. The breach initially began in fall 2015, and while Wendy’s said it has removed all malware at affected locations, it still pays for customers who have visited a Wendy’s location in the past year to keep an eye on their credit or debit card statements.

Noodles & Company, O’Charley’s probing data breaches

Restaurant goers can’t seem to catch a break, and those who are fans of Noodles & Company and O’Charley’s should take notice, as both chains are currently investigating breaches of their point-of-sale systems. Noodles & Company received reports of unusual activity on May 16 regarding potential credit card fraud linked to its systems, and it’s investigating the matter right now with law enforcement. The fraud was detected on cards used at various locations (Noodles & Company has 500 locations across the U.S.) between January 2016 and now.

O’Charley’s, another national restaurant chain, notified its customers of a payment card incident on May 20. Information obtained by criminals who installed malware on some point-of-sale systems at O’Charley’s locations included data from the magnetic stripes on cards — names and card numbers, etc. Customers who used their credit cards at restaurants between March 18, 2016 and April 8, 2016 may have been affected. All locations except for O’Charley’s restaurants located at 930 Windham Court, Boardman, Ohio and 2077 Interchange Drive, Erie, Pennsylvania and the O’Charley’s restaurant located in the Nashville International Airport are suspected involved.

Protecting yourself against data breaches

By this point, most people in the U.S. have likely been the victim of at least one data breach, if not multiple. It can be easy to grow complacent to the dangers as a result of this happening so often, but it is imperative that you do not. Taking steps such as carefully reviewing your debit and credit card statements to look for fraudulent charges, regularly viewing your credit reports and even freezing your credit can help protect you. Another option to consider is signing up for an identity theft protection service, which will help you monitor your credit reports as well as notify you of any detected changes. Plus, these services also monitor the Internet black market (or dark web) for your personal information, since that is where the majority of data stolen in breaches winds up.

To learn more about how these services can help, visit our identity theft protection reviews. Follow our data breach blog for more tips and news on what’s happening in the cybersecurity world.