If you’ve wondered how hackers have found the virtual keys to your Facebook and financial accounts, security experts say one of the answers to that question is found in data breaches.

“I’m a security person. My information has been leaked in nearly 20 data breaches, by my estimate,” says Christopher Budd, director of threat communications for Avast Antivirus.

Budd says hackers can buy login data for next to nothing.

“There’s so many out there that the cyber criminals can go out, pay a few cents per record - literally - and get information that they can use to turn around and log in,” says Budd.

And that’s what makes the Attorney General’s 2021 data breach report so alarming.

This year, companies reported 280 data breaches. That’s up from 60 last year.

And those companies sent 6.3 million notices to Washington consumers, up nearly 500 percent from 2020.

“Now, we know what that scale is,” says Washington Attorney General Bob Ferguson. “And it’s not just a red flag, Jesse. It’s a bullhorn being announced to the whole state that we have a big, big problem.”

Businesses which have suffered data breaches that impact more than 500 Washington consumers must notify the AG’s office and consumers.

Another problem: ransomware. 150 cases were reported this year, which is more than the last five years combined.

“Whether you are a business that’s getting shut down because someone got all of your information and they are demanding a lot of money before they give it back to you, or you are an individual at your home, it’s stressful,” says Ferguson. “It’s financially very challenging and it jeopardizes all of your personal information.”

Some of those victims came from the Accellion breach. That’s the file sharing company that was attacked while it stored the personal information of more than a million residents for the State Auditor’s Office.

Exposed in that breach: names, social security numbers, dates of birth, bank account numbers, addresses and emails.

The question is: is this ever going to stop?

“No time soon, I’m afraid. And it’s not going to because it’s profitable,” says Budd.

And as long as it’s making money, consumers must coordinate their own data defense.

Do these things to protect your life online:

Use a password manager

You should have separate - and secure - passwords for each online account you have. Yes, that means Amazon should be different than Facebook which should be different than TikTok and Walmart or any other online retailer.

Christopher Budd recommends LastPass and 1Password.

Use multi-factor authentication

As the report above indicates, it’s only a matter of time before your personal data gets exposed. So it’s important to make it hard on the hackers. Multi-factor authentication adds another layer of protection by making you go through another step after putting in your password, like getting a text with a security code sent to your phone.

You can also use an app. Security experts say that is more secure because some scammers will go as far as “SIM swapping” to get control of your phone.

Google Authenticator and Microsoft Authenticator apps are Christopher Budd’s picks.

Keep your devices secure

Run security software. There are good free ones (Avast and Bitdefender)and many new devices come with their own versions already installed.

Keeping operating systems up-to-date will also make sure there aren’t any security holes that need to be plugged.

Don’t be an easy target for phishing

Phishing is when someone sends a text, email, or another communication online trying to get you to give up personal information or click on a link that installs malware.

You have to know the signs. And be suspicious of links and attachments. The default should be not to click on or download anything unless you know exactly where it’s coming from. Even then, it never hurts to pick up the phone to verify if someone you trust sends something unexpected.

Email Jesse right now at consumer@kiro7.com

©2021 Cox Media Group