The area of Gulf Shores we decided on was Fort Morgan.  In contrast to its sister beaches down the road (Orange Beach, Pensacola, etc.), Fort Morgan is known for private beaches, being less populated, and in a word- it’s peace.
 
Well, we fell in love with Alabama and nothing disappointed.  The beaches at our location were fantastic and almost deserted. The sands were soft and white (but not too hot to walk on!), the calm surf allowed for superb fishing (for my father and I) and excellent wave-jumping (for our kids).  No rip-tide or under-tow, and God’s creatures of the sea were plentiful (many species of birds, crabs, fish, tiny sardines-types and even jellyfish!). 

Apart from little variations like sand granularity/color, shell volume, etc., there was one striking difference on the beaches of Alabama that separated it from other beaches that we have enjoyed on vacations (Florida, North Carolina, Georgia, etc.).   Ominously planted in the watery horizon were the unmistakable figures of offshore oil rigs.  And while the oil rigs didn’t take anything away from our delightful visit to Alabama and its beauty, we did encounter small and consistent traces of oil on the shores.  These traces of oil served as reminder of the terrible Gulf oil spill back in 2010 that many recognize as the worst spill in U.S. history.
 
Now call it the Information Security person in me, but as I jogged the beach one morning with the rolling waves crashing and lapping at my feet, my thoughts took me back to online security and I began thinking about a different type of spill:  a data spill (or more commonly referred to as a ‘data breach’). A data breach can be defined as an intentional or unintentional release of private and confidential information to an unwanted source (think hacker or other form of cybercriminal).  Not all data breaches are created equal, and they can appear in different shapes and sizes.  In most cases, data breaches are a result of an intentional effort by professional cyber thugs to seize your information. However, a breach on your data could also result with something as simple as you forgetting to wipe your smartphone or computer of its data prior to you throwing it out, trading it in or donating it to some charitable cause.   Regardless of how the breach occurred the bottom line is frightening- your private/confidential information including credit card info, account username and password info, personal health care info, online banking credentials may all be exposed and at the mercy of those whose goal is to do harm to you.
 
Reported data breaches are no longer uncommon, in fact, it is rare that a solid week may go by without media coverage of news of a new breach.  In most of our minds, the largest breaches still ring loud and clear in our minds.   For example, you may remember when Adobe Systems publically stated that it was a victim of a cyber attack and an estimated 130 million user records were stolen.  Do you know if you were one of those users?  How about when The Home Depot admitted that a data breach on its systems may have resulted in the exposure of 56 million credit cards numbers.  Or last year, when insurance giant Anthem made the admission that close to 80 million healthcare records including personal information like social security numbers, birth dates, etc. were compromised.  Is your health insurance covered by Anthem?  And even as recently as this May, LinkedIn told its users that a recent breach on its server may have resulted in as many as 100 million username, passwords and email accounts being stolen.  Do you have a LinkedIn account?   The noted data breaches above are some of larger ones more publicly known; however, unless you cover data security 24/7 for a living, you are probably not aware of each and every breach and that they affect millions on a daily basis.  The risk of identity theft is real, and is also why past articles have emphasized the importance of taking simple (yet effective!) counter measures like creating strong passwords for your online accounts and changing them regularly!

As the morning heat of the sun (and 100% humidity already at 6:30AM) starts to take a toll on me and my jog on the beach is nearing its end, I reach my hands down into the salty ocean and splash a little water over my face.  What I notice is something odd, for the first time all week I obtained a black residue on my fingers.   I can only assume that the black on my fingers are an oil remnant/particle from an oil leak/spill from the distant oil rigs.  An oil spill or oil leak is something you can see, touch or taste (though I would strongly advise against that), but what about its online counterpart, the data spill.  How can you know (see) if their information has been spilled/leaked online due to the hundreds of known exploits and data breaches?  There now may be a way…  I’ve recently come across the website “haveibeenpwned.com”, a site that allows a user to check to see if their email address has posted online, sold or made available in some other way to cybercriminals due to the hundreds of data breaches.
 
With a little research into the website, I found that the site was started by Troy Hunt, a Microsoft Regional Director who created haveibeenpwned.com as a free resource to quickly determine if your personal information may be at risk.  You may be thinking to yourself that Mr. Hunt’s domain name selection for this useful site seems a bit strange.  Let me explain.  Looking at the website name, we need to ask ourselves, what it means to have been “pwned”.  The definition of the word “pwned”, in its simplest term, means to “to own” or more specifically to show a complete domination over an opponent (usually referring to domination over an opponent with computer-like force).  However, in my hometown, I think we could say (and it hurts my heart to do so) that our Cleveland Browns have been “pwned” by the Pittsburgh Steelers over the last ten years.   The word “pwned” actually seems to have originated from the online game called Warcraft where a developer misspelled the worded “owned” accidentally in the game.
 
I have verified the authenticity of the website and even ran several tests on my own.  If an entered email account doesn’t register on the website as being compromised it displays a message that “Good news- no pwnage found”.  If an entered email does register as being breached the message, “Oh no – pwned!” will appear.  If you are curious to see if your email account has been compromised by any of a number of past data breaches (most of them are listed on the website), I would strongly recommend that you give the website a test.  And regardless if your email address has been “pwned” or not, it is important that you maintain strong passwords and that you are changing them regularly.  Please re-visit the July Protected with Purpose article for all the password recommendation tips.

Like an oil spill, a data breach is unexpected, unwanted, and can have very detrimental effects.  Both can be proactively prevented by being careful.  Get serious about having fresh and difficult passwords.  Change them often and don’t share them.  If you do experience a data-leak, take the time to clean up what you can immediately and with full measure.  Go to your main sites/accounts and update your passwords.  Make changes that can ensure your (online and data) safety moving forward.  And also, be prepared to experience residual effects of the data breach.  Be on alert in the coming weeks and months for curious behavior or results with your online accounts.  And as with an oil-spill, make the effort to clean each one up carefully and completely as it comes along, so there will be no repeat action.

I don’t know if it is ironic or sad that even in the midst of a Gulf-Shore vacation on pretty beaches and with great food and family, my mind is still drawn to paralleling that experience with today’s Security and Technology trends.  But, that’s who I am.  And what would we have to talk about in this article if the similarities had not hit me?   I guess in closing I will say that I highly recommend a trip to Alabama and I also recommend taking safety precautions to avoid any type of leak in your online activity and accounts.  Because once you have had a spill, it messy and almost impossible to get rid of the residue.