Over the years, millions of individuals have been affected by data breaches, where their sensitive data is accessed by unauthorized cybercriminals or publicly exposed. A data breach can result in huge financial loss if stolen data is used to compromise consumer identity, which also can affect a credit score.
Unfortunately, there is a great number of people who don’t know what to do if affected by a breach. At the same time, there are those in the know who do nothing.
What is a Data Breach?
A data breach is a cyber security incident that exposes sensitive data such as names, contact details, bank details, Social Security numbers, etc.
Data breaches are the work of criminals who aim to obtain specific data. Criminals do this through various methods, including phishing attacks, malware attacks, targeted attacks, vulnerability exploits, and loss or theft of devices. However, data breaches are also a result of technical or human errors. For example, a misconfiguration error exposed the car location data of 2 million Toyota customers in Japan and overseas for 10 years; and the work of an insider led to Tesla’s massive data breach.
Unfortunately, data breach cases keep rising. May 2023 alone saw numerous breaches from different organizations, including healthcare organizations, education institutions, the transportation department and even tech giants.
For companies, the consequences of data breaches are reputation damage, loss of consumer trust, intellectual property theft, financial loss and fines due to failure to conform with data protection legislation. While cybercriminals mainly target organizations, individuals also experience identity theft and financial crimes. This especially happens when stolen data is sold on the dark web or publicly published.
What action can data-breach victims take?
Unfortunately, no one is immune from a data breach. However, victims can survive a breach with less disruption. Once a data breach has occurred, the U.S. breach notification law requires businesses or governments to notify those affected immediately after its discovery.
Although companies are responsible for securing customer data in their possession, customers also have a role to play in securing their data. Essential steps to take include:
- Being aware of any site claiming to be a data breach check site.
Such sites could ask for personal information or ask a victim to click a link to verify their details. Hackers also take advantage of a breach and pose as the affected company to lure victims into clicking malicious links, primarily through emails. A user must, therefore, first confirm that a breach happened. This can be in the news or on the affected company’s website. - Change passwords for accounts exposed.
In most cases, affected companies will notify victims of their affected accounts, and their security team will provide instructions on how to stay safe. Such instructions include changing passwords on the breached site or any other account that uses similar login credentials. - Set up two-factor or multi-factor authentication (2FA/MFA).
This extra security measure will require a one-time user code to log in to an account in addition to the login and password. - Notify the bank.
If financial-related data was stolen, such as credit card information, the bank must be notified immediately to freeze the cards.
- Credit freeze.
Cybercriminals can use stolen data to open new accounts and take loans. To avoid a ruined credit score, individuals can request a credit freeze from major credit bureaus such as Experian, Equifax and TransUnion.
- Monitor personal accounts for any unusual transactions.
Although it depends on the type of data breach and exposed data, victims must look out for unauthorized transactions, including bank account transactions, medical bills, insurance claims and tax refund claims. - File a report with the Federal Trade Commission (FTC).
If criminals have already used personal data, filing an identity theft report will serve as proof to clear one’s name or dispute a fraudulent transaction. - Practice cyber hygiene.
These are practices that help individuals remain safe online. Aside from account security, consumers must use up-to-date software and operating systems, antivirus software, and avoid publishing too much personal information to minimize online footprints that fraudsters can easily access, such as on social media.
It is worth noting that data breaches are not detected immediately, which means that by the time users get notified, cybercriminals already have had access to the data for some time. And as technology advances, cybercriminals are taking advantage of new technologies such as generative AI for phishing attacks. This means that more data breaches may continue to be witnessed.
However, users can help prevent future data breaches by using strong passwords, being cautious of phishing scams, and regularly monitoring financial accounts.