Loading this week's briefing...
241 days
Average time before a company notices they've been hacked.
Hackers can be inside a company's systems reading your data for over 8 months before anyone knows. By the time you get the breach letter, the damage was done months ago.
$50
The price of a stolen employee login on the dark web.
Hackers don't always break through walls — they buy the front door key. "Initial Access Brokers" specialize in selling stolen company logins to other criminals.
11/day
Data breaches publicly disclosed every single day in America.
And that's just the reported ones. Right now there are likely dozens of companies whose systems have been broken into that you won't hear about for six more months.
This week's story
2013
The Target Hack: How Hackers Stole 40 Million Credit Cards Through a Heating Company
It was the week before Christmas, 2013. Americans were flooding Target stores for holiday shopping. Unbeknownst to anyone, hackers had been silently sitting inside Target's payment systems for three weeks — skimming the card info of every single person who swiped at a register.
Here's the wild part: they didn't get in through Target. They got in through Fazio Mechanical — a small Pennsylvania company that handled Target's refrigeration and HVAC systems. The hackers stole Fazio's credentials and walked right through Target's back door. By the time it was over, 40 million credit cards and 70 million customer records had been stolen. Target's CEO resigned. Over $200 million in damages.
The lesson
A chain is only as strong as its weakest link. The most sophisticated hackers find the side door — a vendor, a contractor, a third-party app. Same playbook, 13 years later.
🔒
Freeze your credit
Free at Equifax, Experian & TransUnion. Stops new accounts from being opened in your name.
🔑
Use a password manager
Bitwarden is free. One unique password per site means one breach doesn't unlock everything.
📧
Check HaveIBeenPwned
Visit haveibeenpwned.com — enter your email to see every breach it's appeared in. Free.
🚨
Enable login alerts
Turn on 2FA and login notifications on every account holding financial or health data.
Partner
Want to remove your personal info from the internet? DeleteMe continuously scrubs your name, address, and phone from data broker sites.
Learn more →
Get Real-Time Breach Alerts
Upgrade to Pro — we'll notify you the moment a company you use gets hacked. Add companies you bank with, shop at, or trust with your health data. $99/year.
Upgrade to Pro — $99/yr →