Here and Now

How is Nina Lovel coping with the news that her Social Security Number is out on the Dark Web?

How many times has your personal information been stolen in a data breach? I’ve lost count of mine; the notifications go back for years. My first alert was back in the 2000s from my phone company, but there have been dozens since then. This past December, my security software notified me that my name, birthdate, social security number, mother’s maiden name, and a whole lot of passwords were found on the dark web. I felt a chill.

The dark web is a parallel Internet where stolen information (and much more) goes to be bought and sold. Nefarious actors hang out there, shop with crypto, and do it all anonymously. I have never been there myself; but my personal info and old passwords hang out there, draped in “For Sale” signs. My security software tells me it got there through any of thirty-five recent data breaches. THIRTY-FIVE??! Before you think you’re safe because you’re not online as much as I am, know this: being online is not the cause of data breaches. My information was stolen from the very same things that you do; things like seeing doctors, buying insurance, traveling, shopping, paying bills; just normal daily activities. It was stolen from my service providers. *Their* servers housing *my* information were breached. 

Why do the bad guys do this? Maybe they just want to read the notes from your doctor’s visits, or browse your power of attorney documents, or let a marketer know that you’re into sports memorabilia, but most likely they want to pretend like they’re you and open some new accounts or drain some existing ones. This is identity theft, and it’s a nightmare to untangle. You seriously don’t want it to happen. 

To be sure, there are other ways bad actors get your info; do tell me that by now you know not to click on email links or open attachments unless you’re positive you know the sender and they are who they say they are. And you know not to call any phone numbers that act like they’re from your bank; your bank doesn’t send emails like that. If you’re worried about something at your bank, go to their website and log in; that is how banks talk to you.

So, how do you find out you’ve been in a breach? The company will tell you, in a letter or an email, or both. Trust me, they’ll tell you, because they really do try hard to keep our stuff secure. They’re forthcoming so you’ll forgive them, and to make it up to you, they’ll offer to provide you with two years of identity theft monitoring: take them up on it! I’ve had so many breaches that I have staggering spans of identity theft monitoring and fraud alerts that overlap and outlast one another, and I say the more, the merrier. Helping you watch your financial activity is the least they can do in recompense, and you need to let them do it, every time.

Okay, so your info was in a data breach; what do you do next? If you have an online account with that company, go straight to their website and change your password. Do not pass Go, do not collect $200.00, and hope that you’re one step ahead of the bad guys. It may be that nothing bad ever comes from that breach; this is often the case. But you’ll find out for sure if you ever get the message, “Your information has been found on the dark web.”


Who gives you that notice? If you have security (fka ‘antivirus’) software on your devices (and you’d better!), those apps monitor the dark web and tell you if they find you there. Or, you may go to https://haveibeenpwned.com/ (use the exact spelling; I know it looks funny) and enter your email address to find out. But you’d still better have security software. Think Norton, McAfee, etc.
If you find out your Social Security Number is on the market (as have I), immediately create a fraud alert to each of the three credit reporting agencies (as have I). It’s free, it lasts for a year, and it will help prevent new accounts from being opened in your name. Cheat sheet: experian.com, equifax.com, transunion.com. I also change the passwords to all my financial providers regularly. Speaking of…

Herb shop ad

PASSWORDS

Now, here’s a touchy subject. Don’t you just hate it when something has a “password requirement”? What a pain to use both upper and lower case letters, numbers, and symbols, and to use at least fourteen of them! And then, THEN, it’s not even sufficient that you remember THIS complex password; every time you log on, they want to send you a text message with more numbers to enter, just to prove you’re you. Hey, don’t complain; it’s all for your own good.

Have you ever used the same password for several different websites? Don’t answer that; I already know. In the olden days I used the same password for years, until the “time to change your password and make it fourteen characters” era arrived. It was about the same time I got a smartphone. Hoo boy, did life get complicated. I went from knowing my one password, to having a little password notebook by my computer, to dragging that notebook along whenever I left the house. 

For a while, every breach letter sent me diving for my password-notebook, and I would patiently change every password to every website I had in that blame notebook. The word “patiently” is doing some heavy lifting here. This task was so tedious that I always abandoned the mission before I was halfway through the book. I wonder if the bad guys ever noticed that websites starting with “L” and after were more likely to use exposed passwords than those in the front of the book.

Then, a password manager changed my life! It is a little app on my phone that also serves my computer, and besides being a secure repository for all of my passwords, it is happy to create complex passwords when needed, and on top of that, it remembers those passwords, so I never have to. All I have to remember is one password to open the app itself, and from there on it will automatically populate my login credentials. Kinda like the olden days.

You can understand the concept of a password manager if you let Google remember passwords; that’s how they work. I prefer keeping my passwords in a separate vault where they are audited and encrypted. It bothers me that Google wants to snarf up my passwords like they’re caramel popcorn; it’s just a little too eager to do that. I use NordPass instead. There are several reputable password managers, including RoboForm, Nord Pass, 1Password, LastPass, Keeper, and more. Compare their features here: https://www.security.org/password-manager/best/, but don’t get bogged down; just pick one out and use it!

PASSKEYS

Passwords are fast getting upstaged by a much stronger security tool: passkeys. Jointly developed by Apple, Google, Microsoft and others, passkeys use public encryption with two keys: one that lives on your devices and one that lives on the site you are logging in to. 

To use a passkey, you must first be logged on to one of your devices using a password or biometric confirmation (face, fingerprint, etc.) Because your biometric login remains on your own device and is never used to log on to anything else, it is of no use to a bad guy, because the passkey is also on your device alone; it must be matched to its decrypting partner on the website you’re visiting in order to work. So. Stinkin’. Easy!

They are rapidly being adopted, but not all websites have passkeys yet. If you log on to a site and it offers you a passkey, the right answer is, “Yes, please!” When you have a passkey, the site will see it when you visit, and will ask if you want to use your passkey. When you click “yes”, poof–you’re in! Nothing to remember; nothing to worry about! Highest security there is, so far.

SHORE IT ALL UP

  1. I hope I’ve given you something helpful here; let’s wrap this thing up:
  2. Take advantage of credit monitoring offered when your info has been breached.
  3. Make sure you have security software on all your devices, and keep it up to date.
  4. Keep your phone and computers up to date too. I get how annoying it is when an overnight update slows down your iPhone, but there are security patches in every update and you sure don’t want to get behind on them.
  5. Conquer your fear of complex passwords by using a password manager.
  6. Just say “yes” to passkeys.
  7. Do not allow a shopping or payment website to “store your card info for future convenience”; that just puts it one more place to get snatched. Check out as a guest, and for *real* convenience, memorize your card info, yourself.
  8. Make life hard for a bad guy who tries to open an account using your stolen info. Freeze your accounts on each of the three credit reporting bureaus: (see fraud alert cheat sheet above). It costs nothing to freeze your credit, and you can visit each website and “temporarily lift a freeze” if you need to open a new account. I’ve had mine frozen for years, and it brings some peace of mind that I have to lift the freezes to even use the reports, myself.
  9. While you’re at it, check your credit report at all three of the above agencies periodically and take action if something is awry.

I wish you safe and happy scrolling/shopping/reading/watching/listening/creating, and please stay careful out there!

La Scala ad
Click here

You May Also Like

Las Palmas Cinco de Mayo 2026: Two Locations, Two Very Different Vibes

Entertainment

Las Palmas Cinco de Mayo 2026: Two Locations, Two Very Different Vibes

Some people want a full-blown party, others want something festive with the whole family. This year, Las Palmas is giving Rome both options!

April 2026   READ V3

Letters to the Emperor: The Roman Guide to April Fools’

Opinion

Letters to the Emperor: The Roman Guide to April Fools’

Humor author Mark Suroviec, M.Ed., reveals his ultimate DO’s and DO NOT’s guide to April Fools’ Day just in time to celebrate.

March 2026   Mark Suroviec

Hardy Home: Mountainside Mosaic

Home

Hardy Home: Mountainside Mosaic

Hardy Home is heading to the mountains to explore 2077 Big Texas Valley.

March 2026   Lauren Bachman