What You Need to Know about the Norton LifeLock Data Breach

  • By Steven
  • Published: Jun 25, 2024
  • Last Updated: Jul 04, 2024

Norton LifeLock is a global player in consumer cyber safety with a growing portfolio designed to ensure users are confident in their online privacy, security, and identity theft protection. In January 2023, the company announced that many customer accounts were affected in a breach.

Norton LifeLock data breach

Norton's parent company, Gen Digital, claimed the attack did not arise from a breach of its IT security environment but from a cyber attacker using credentials obtained from the dark web to attempt to log in to customer accounts via credential stuffing. In credential stuffing, an attacker uses a list of stolen access credentials to initiate an automated process to access online accounts using the same login credentials. Attackers typically believe that many online users use the same username and password across multiple accounts.

Over 6,000 accounts were believed to have been compromised in the December 2022 breach. Gen Digital sent notices to over 6,400 customers whose Norton accounts were compromised in the attack. Gen Digital said intruders accessed information such as first names, last names, mailing addresses, and phone numbers. The notice also states that the company cannot rule out that saved passwords were also leaked in the breach.

When Was the Norton LifeLock Data Breach?

Although Norton's data breach notification did not become public until January 2023, the company indicated that a "usually large volume" of failed logins to customer accounts was detected in December 2022. Steps were taken to investigate the occurrence, and around December 22, 2022, the company determined that around December 1, 2022, an authorized third party attempted to log into thousands of Norton customer accounts.

How to Check If Your Data Was Breached

Norton sent notifications to over 6,400 customers whose accounts were believed to have been compromised. However, if you did not receive a notice and are worried your account may have been compromised, you may use online tools such as AmIBreached and HaveIBeenPwned to verify your Norton username and password are available for purchase on the dark web.

What to Do If Your Data Was Breached

If your data was breached in the Norton LifeLock cyber attack, you should consider changing the passwords to your Norton accounts urgently. If you have any passwords stored in the Norton Password Manager, you should also change them immediately. In addition, you should implement two-factor authentication for your Norton accounts for improved security.

Are There Any Lawsuits Because of the Data Breach?

There are no known lawsuits filed against Norton as a result of the December 2022 data breach.

Can My Norton LifeLock Information Be Used for Identity Theft?

If cyber attackers gain access to your username and password, they can use your access credentials to commit fraud, like making unauthorized purchases or transactions. Since the Norton LifeLock data breach potentially involved saved password leaks, your information may be used for identity theft.

What Can You Do to Protect Yourself Online?

There are several ways to protect oneself from falling victim or minimize the impact of a data breach, such as the Norton LifeLock data breach. These ways include the following:

  • Enable multi-factor authentication (MFA). MFA provides an added layer of security by requiring a secondary action to log into an account. Such an action may include confirming a code via phone call, text, biometrics, or app. Hence, even if your username and password become available on the dark web, you will still be protected.
  • Pay attention to breach notifications. If you get a legitimate notification that your account has been breached, act as fast as possible to change the access to other accounts that may use the same access credentials as the breached account.
  • Do not reuse passwords. Reusing passwords can lead to multiple account breaches, as an attacker may try your credentials on multiple online sites to gain access to your accounts.
  • Review your account statements. As a precautionary measure, you should review your account statements and credit reports for suspicious activities. If you notice suspicious activities, you should notify the company or institution with which you maintain the account.
  • Review the free resources provided by the Federal Trade Commission on avoiding identity theft scenarios.
  • Place a fraud alert on your credit report. Doing this informs creditors of potential fraudulent activity and requests that the creditor contact you before establishing any accounts in your name.
  • Put a freeze on your credit file. Under federal law, you can put a security freeze on your credit file free of charge. This prevents new credit from being opened in your name except with the use of a PIN number issued to you when you initiate the freeze.

Stay up to date on recent and common cybersecurity threats and best practices. IDStrong offers regular updates on such. This can safeguard you from falling victim to data breaches.

Related Articles

What is Data Leak and How to Prevent Accidental Data Leakage

Data breaches take many forms, and one of them is through data leak and accidental web exposure. M ... Read More

The Saga of T-Mobile Data Breach: 2013, 2015, 2021 and 2023 Hacks

T-Mobile has experienced a number of data breaches in the past decade. The first case occurred som ... Read More

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. ... Read More

Everything You Need to Know About Insider Data Breach

Data breaches are on the news frequently, but the average person doesn’t really know that much a ... Read More

The NSA Hack, How Did it Happen?

The National Security Agency (NSA) was the main attraction in a major data breach involving three ... Read More

Latest Articles

What is a Time-based One-time Password (TOTP)?

What is a Time-based One-time Password (TOTP)?

Authentication is the process that verifies the user's identity to control access to resources, prevent unauthorized users from gaining access to the system, and record user activities (to hold them accountable for their activities).

Corporate Fraud: Detection, Prevention, and the Role of Corporate Fraud Attorneys

Corporate Fraud: Detection, Prevention, and the Role of Corporate Fraud Attorneys

The growing scale of organizations and the more opportunities to push the boundaries have led to an upsurge in corporate fraud in recent years.

Is Upwork Legit and How To Protect Yourself?

Is Upwork Legit and How To Protect Yourself?

Doing business online has become simpler with the development of the Internet and mobile technologies. In general, both freelancers and clients benefit from the freelancing platforms.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Notice

By proceeding with this scan, you agree to let IDStrong run a Free Scan of supplied parameters of your personal information and provide free preliminary findings in compliance with our Terms of Use and Privacy Notice. You consent to us using your provided information to complete the Free Scan and compare it against our records and breach databases or sources to provide your Free preliminary findings report.

Rest assured: IDStrong will not share your information with third parties or store your information beyond what is required to perform your scan and share your results.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close