What is a data breach, and how do I deal with it?

pexels kevin ku 577585

The real victims of data breaches are consumers and the clients of those companies. The company may suffer some reputational damage, which they often take great pains to PR-spin away, but the personal information of their clients can and will be sold on the black market even many years after the data breach occurred.

Cybercrime and data theft has become so lucrative that US companies have spent more than  $6 trillion annually by 2021, up from $3 trillion in 2015. in 2019 for additional data security measures.

What is a data breach?

A data breach is any situation where information is accessed or dispensed without the proper authorization, which means that data breaches are not only caused by cybercriminals who hack their way through firewalls on top of firewalls to steal nuclear codes!

That crucial ‘what is a data breach’ question is more important than we think. Did you know that a massive number of accidental data breaches occur every day at small businesses? One example is when someone forgets to log out of their networked computer, and sensitive information is accidentally seen by someone who shouldn’t have access at all.

Any information that is accessed without authorization is a data breach, even when the information is exposed through accidental or non-criminal means.

How common are data breaches?

News outlets usually only cover big stories when millions of data points get stolen, but there are millions of small data breaches every day, caused by careless or spiteful employees at small companies around the world. Most of these smaller breaches won’t ever be discovered.

What types of data gets stolen in a data breach?

All types of data have some value, but some data is more sensitive and worth more than others. Stolen company secrets may be worth a lot to that company’s competitors, but there’s always a buyer for casually obtained personal information that forms part of a data haul.

Hackers can use your hacked calendar, social media info, or email correspondence to strike when you are on vacation. Your shopping preferences can be used to design a phishing campaign or social engineer a malware attack to steal your identity.

Replacing a stolen credit card is a hassle, but if someone gets hold of your social security number plus other personally identifiable information (PII) you may find yourself a victim of identity theft, which is a very serious matter. It can take a long time to mitigate and you may suffer enormous damage during the time it takes for you to finally reclaim your identity.

What happens to the stolen data?

Somewhere, somehow, someone will turn a profit selling your personal information. Data usually gets sold or auctioned off on the dark web, where cybercriminals will filter and redistribute it to other cybercriminals. Sadly, many marketing companies or data brokers, including people-finder sites, knowingly or unknowingly take part in this process and will use that information for their benefit.

People-finder services is one of the fast-growing industries on the internet, and your information is sure to find its way to a few of them.

Data breach techniques to watch out for

Even though we’ve heard about these techniques we still sometimes fall for cyber tricks. The most common techniques are malware attacks and phishing, and they are popular because they don’t require hard work or crafting a personal approach. Agents routinely use a wholesale mass email attack to distribute malware files or links. A few methods they use are:

  • Keyloggers: (criminals can read everything you type)
  • Ransomware (criminals can encode your files and demand payment to unlock them.)
  • Botnet malware (gives control of your device over to a third party.)
  • Technical support scam (An technical support imposter service calls unsuspecting users and talks them into handing over control of their computer.)

What steps can I take after a data breach?

  • Keep your contact information current to ensure that you receive notifications about breaches. The company has to alert you by letter or email.
  • Replace compromised credit cards immediately. Be sure to activate and use your new card as a way to confirm that your account has been de-linked from the compromised card.
  • Change your passwords, and never use the same password on multiple sites.
  • Consider freezing your credit bureau report, especially if your Social Security number was compromised. If you contact one of the three credit bureaus (Equifax, TransUnion or Experian), they must notify the other two on your behalf.
  • Use real-time transaction monitoring to check your accounts for suspicious or unfamiliar activity. If you spot a rash of small charges like $21.39 you should sit up and take notice. It may be the prelude to much larger transactions.
  • You should expect an increase in unusual emails or text messages. Phishing exploits often use domain names similar to the companies that suffered the breach.
  • Responsible companies often offer free credit monitoring after a data breach.
  • You are entitled to request a free credit report once a year from each credit bureau – obtain it from AnnualCreditReport.com.
  • Use a virtual wallet rather than your credit card for online shopping. Cryptocurrencies are becoming more widely accepted, and most retailers sell gift cards for use on their platforms.

Routinely watch for data breaches

Since most breaches happen on a small scale they go by unnoticed, therefore web browsers like Firefox and Google now offer an online service to alert you if a data breach involving your email address has occurred. There are also a few not-for-profit companies that can be very helpful, like haveibeenpwned.

You could also use one of the popular people-finder services to check how much information they’ve picked up about you. Rather than requesting the removal of your information from each site, use a reputable single-point service to remove it from several websites at once. OneRep has an automated removal service which will save you a lot of time and money. 

Prevention is still the best cure for data breaches

Be careful of what you do online. Don’t flaunt your lifestyle and every action on social media! Act immediately if you suspect that your data has been stolen, but it’s an even better idea to accept that your data has already been exposed.

Adopt a safer online lifestyle to help keep your personal and financial information safe, and to minimize the effects of the next major breach.