The Royal Cayman Islands Police Service’s Financial Crime Unit is advising the public to take steps to secure their email logins after the unit investigated a recent report of a victim losing money because of a website data breach that happened several years ago.
Police said a “significant amount of money was stolen from a local individual as a result of their email information being compromised.”
In a statement, the Financial Crime Unit said it strongly suspected the hackers had obtained the person’s login information as a result of a data breach of a commercial website’s user database, which occurred several years ago. Police did not disclose the name of the company or website.
Police are advising email users to use an entirely different password for each website they use, and suggested using a password manager to organize and retrieve strong passwords securely.
They also urge people not to link email addresses to websites through use of emails as a username, especially email addresses that are used to conduct sensitive business and financial transactions.
“Most specifically, it is important to change your passwords immediately if a service you have been using experiences a data breach,” police said. “If you are currently aware of any such breaches that may affect you and you have not changed your passwords yet, you should still do so immediately.
“It’s important to remember that even though a breach may have occurred some time ago, your information is still out there and could be used at any time. Just because you have not seen any suspicious activity yet does not mean it cannot still happen.”
The Financial Crime Unit also advises that, because of the possibility that users may be unaware that a site they visit has suffered a breach, it may also be a good idea to proactively check an online breach database to see if a site has been compromised. One example is the website www.haveibeenpwnd.com, which can display any services associated with an email address entered, and list which of those services has experienced a data breach.
“Again, if any of the sites which use that email address have been compromised, you should immediately change any passwords associated with that email address,” police said.
Anyone who suspects their email account containing sensitive information has been compromised can contact the Financial Crime Unit at RCIPS at [email protected] or at 949-8797.