On March 8, 2023, Onex, a Canadian asset management company, announced that it had suffered a data breach. The breach affected approximately 600,000 individuals, and included personal information such as names, addresses, Social Security numbers, and dates of birth.
What Happened?
The breach was caused by a vulnerability in Onex's GoAnywhere Managed File Transfer (MFT) platform. The vulnerability allowed attackers to access and download files from Onex's servers. The files that were accessed included personal information of Onex's clients, employees, and contractors.
What Information Was Compromised?
The personal information that was compromised in the Onex data breach included:
Names
Addresses
Social Security numbers
Dates of birth
Employment information
Financial information
What to Do If You Were Impacted
If you were impacted by the Onex data breach, you should take the following steps:
Place a fraud alert on your credit report: This will make it more difficult for someone to open new accounts in your name. You can place a fraud alert by contacting one of the three major credit bureaus: Equifax, Experian, or TransUnion.
Monitor your credit report for any unauthorized activity: You can check your credit report for free once a year at AnnualCreditReport.com.
Consider freezing your credit report: This will prevent anyone from opening new accounts in your name, even if they have your personal information. You can freeze your credit report by contacting each of the three major credit bureaus.
Change your passwords for all of your online accounts: Use strong passwords that are unique to each account.
Be on the lookout for phishing emails: Phishing emails are emails that appear to be from legitimate companies, but are actually sent by cybercriminals. These emails often contain links or attachments that, if clicked, will install malware on your computer.
How to Protect Yourself in the Future
To protect yourself from data breaches in the future, you should take the following steps:
Use strong passwords and two-factor authentication: Strong passwords should be at least 12 characters long and include a mix of upper and lowercase letters, numbers, and symbols. Two-factor authentication adds an extra layer of security by requiring you to enter a code from your phone in addition to your password.
Be careful about what information you share online: Only share personal information with websites that you trust.
Keep your software up to date: Software updates often include security patches that can help to protect your computer from malware.
Be aware of phishing emails: Phishing emails are emails that appear to be from legitimate companies, but are actually sent by cybercriminals. These emails often contain links or attachments that, if clicked, will install malware on your computer.
Conclusion
The Onex data breach is a reminder that even large companies can be vulnerable to cyberattacks. If you were impacted by the breach, you should take the steps outlined above to protect yourself. You should also be aware of the steps you can take to protect yourself in the future.
Additional Information
In addition to the steps outlined above, you can also take the following steps to protect yourself from data breaches:
Use a VPN when you are using public Wi-Fi: A VPN encrypts your traffic, making it more difficult for cybercriminals to steal your personal information.
Be careful about what apps you install on your phone: Only install apps from trusted sources.
Keep your operating system and apps up to date: Software updates often include security patches that can help to protect your device from malware.
Be aware of the risks of social engineering attacks: Social engineering attacks are attacks that rely on human interaction to trick people into giving up their personal information.
