Zacks data breach

RKS

I have been notified by Have I Been Pwned that my data is in the Zacks data breach. As far as I know, I have never set up an account with Zacks. I assume that some site that I have an account with uses Zacks as an underlying service for providing financial research data.

Does anyone know a way to find out what site that I have an account with might use Zacks as an underlying service? I don't know how to find where I need to change my password.

Alexandru_BD

Hi @RKS,

The Bitdefender Digital Identity Protection service works in a similar fashion, it sends an alert to the user about a breach, even if the breach itself includes little or outdated information and offers remediation steps as well, where available. As it happens here, we can't know for sure if that site shares data with third parties or how exactly the data ended up on the said platform. Without knowing the actual platform or how the data got there, it's impossible to know what account needs to be terminated or updated. If you suspect that this entity is partnering with a vendor of services that you normally use, you can contact them and request an explanation and if you have an account with them, exercise your right to be forgotten and request data deletion in accordance with the data protection regulations in effect.

I know that this sounds like going down the rabbit hole, but I see no other way of doing it. There's also the possiblity that a data broker is involved. A data broker is a company that collects personal information about you from multiple sources, processes that information, and then sells it to other companies that have an interest in knowing more about you, usually for marketing or risk mitigation reasons. Digital Identity Protection offers you all the tools and knowledge needed to remove your data from data brokers by using the 'Data Brokers' feature.

In my opinion, each party that collects and handles personal data should have a privacy policy and should clearly state with whom the data is shared and for what purposes. They should also provide easy ways of deleting the data from their systems.

Regards,

Alex

Alexandru_BD

Hello @RKS,

Most commonly, breaches include information about users’ emails, passwords, names and usernames, phone numbers, and physical addresses. Their exposed data creates a snowball effect that ultimately leads to the leak, sale, or trade of entire digital identities on the Dark Web. Breaches are not necessary found on a specific website.

They are in a compilation of usernames, passwords, phone numbers, etc. found in archives or texts on the Dark Web, in general. There are no mitigation steps in this scenario. If the breach was only about a password, you could have changed it, but the breach can also involve other types of data, such as phone numers, address, etc. And if these are listed somewhere on the dark corners of the web, there is no possible way to retrieve or delete them from there, because you don't have control over that leaked information.

Regards

RKS

@Alexandru_BD , I appreciate your attempt to provide an answer. However, this is just a generic description of how breaches work (which I am already aware of). What I am looking for is how to deal with the specific case of receiving an alert that my data has been found in a specific breach. The alert I received advised me to change my password on the Zacks site. I haven't ever set up an account on that site. My guess is that Zacks provides financial research services as a component of some other company's site that I am a customer of. I don't know how to discover which site that is.