Data breaches have become common, and if you’ve actively used online services in the past year, you might have been affected by them. For example, the massive 2.7 billion records that were leaked in this massive US data breach, the Advance Auto Parts breach exposed more than 2.3 million users’ personal information, while a recent AT&T incident allowed hackers to access around six months of customer call and text interactions. But what do bad actors do with all this data?
John from Jackson, Mississippi, asked a similar question that I want to highlight and address because it helps all of us:
What do you mean when you say a company has exposed 2.3 million or whatever in a data breach? This happens often but there is never any follow up. It’s like throwing address labels in a trash can and then they are carried to the landfill. So? What really happens with a data breach?
I get what you’re saying, John. Data breaches make headlines, but you rarely hear about the fallout. It’s tough to link a specific breach to a specific problem later on. Below is a detailed look at what a data breach actually means.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
Data breach explained
A data breach occurs when an unauthorized person gains access to information that is meant to be confidential, private, protected, or sensitive. Think of it this way: You have personal information that you trusted a friend with, but while sharing it, someone who wasn’t supposed to know it overheard it.
A real-life example is the AT&T data breach mentioned earlier. Your call logs and text interactions that were meant to be private and which you trusted AT&T to protect ended up in the hands of hackers. These details can now be used by the bad actors to scam you.
Data breaches can happen in a few ways. Hackers might target specific organizations or launch broad attacks hoping to steal certain kinds of data. They can also use targeted cyberattacks to go after specific individuals.
Sometimes, data breaches occur due to honest mistakes or oversights by employees. Weaknesses in an organization’s systems and infrastructure can also leave them vulnerable to data breaches.
MASSIVE DATA BREACH EXPOSES 3 MILLION AMERICANS’ PERSONAL INFORMATION TO CYBERCRIMINALS
Anatomy of a deliberate data breach
Here’s what typically happens in a data breach that’s deliberately caused:
Research: Cybercriminals often begin by identifying a target, such as a large corporation like AT&T, focusing on the type of data they want, which could include personal customer information. They search for weaknesses in the company’s security, which might involve exploiting system flaws or targeting network infrastructure.
Attack: The attackers make their initial move using either a network or social attack. Common methods include phishing attacks, where individuals are tricked into revealing personal information; malware attacks that can steal or encrypt data; and denial-of-service (DoS) attacks that disrupt services. These tactics can compromise the personal information of customers, such as names, addresses, phone numbers, and even payment information.
Exfiltration: Once inside the company’s systems, cybercriminals tunnel their way to confidential data. For individuals, this means that their personal information can be extracted and sold on the dark web, used for identity theft, or for other malicious purposes. The impact on individuals can be severe, including financial loss, damage to credit scores, and the emotional stress of having personal information exposed and misused.
WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM
What happens once the hackers have the data?
Once the hackers obtain protected and confidential data, they have various ways to profit from it. They can use compromised data for illegal activities, including identity theft, financial fraud, spamming, or even extortion. Information such as email addresses and phone numbers can be used in phishing scams.
Sometimes, this data is also posted on dark web forums for sale. It can be purchased by other criminals, who may use it for various illicit activities. Just as you don’t hear about every burglary, homicide, or battery, you don’t hear about each instance of these criminal activities.
They only make headlines when something significant occurs, such as the incident where hackers scammed a Colorado woman out of $25,000 or when a man was arrested for scamming a Kalispell woman of $150,000.
Data breaches impact not only customers but also the companies involved. These companies may face government fines or lawsuits. For example, AT&T is currently dealing with a class-action lawsuit due to a security breach in 2022 that exposed months’ worth of data from nearly all its customers. Similarly, T-Mobile is facing a lawsuit related to a data breach that affected millions of people.
CYBERCRIMINALS TAKING ADVANTAGE OF CROWDSTRIKE-LINKED GLOBAL COMPUTER OUTAGE
How to protect yourself from data breaches?
It’s primarily the responsibility of companies or online services to keep your data safe, but if it gets exposed, here are some tips to keep in mind:
1) Change your passwords
If hackers have recorded your passwords, they could access your online accounts and steal your data or money. ON ANOTHER DEVICE (i.e., your laptop or desktop), you should change your passwords for all your important accounts, such as email, banking, social media, etc. You want to do this on another device so the hacker isn’t recording you setting up your new password on your hacked device. And you should also use strong and unique passwords that are hard to guess or crack. You can also use a password manager to generate and store your passwords securely.
2) Enable two-factor authentication
Activate two-factor authentication (2FA) for an extra layer of security on all your important accounts, including email, banking, and social media. 2FA requires you to provide a second piece of information, such as a code sent to your phone, in addition to your password when logging in. This makes it significantly harder for hackers to access your accounts, even if they have your password. Enabling 2FA can greatly reduce the risk of unauthorized access and protect your sensitive data.
3) Monitor your accounts and transactions
You should check your online accounts and transactions regularly for any suspicious or unauthorized activity. If you notice anything unusual, immediately report it to the service provider or authorities. You should also review your credit reports and scores to see if there are any signs of identity theft or fraud.
4) Contact your bank and credit card companies
If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should inform your bank and credit card companies of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges, and issue new cards for you.
You should also contact one of the three major credit reporting agencies (Equifax, Experian, or TransUnion) and request a fraud alert to be placed on your credit file. This will make it more difficult for identity thieves to open new accounts in your name without verification. You can even freeze your credit if need be.
5) Use personal data removal services
Consider investing in personal data removal services that specialize in continuously monitoring and removing your personal information from various online databases and websites. These services employ advanced tools and techniques to identify and eliminate your data from people-search sites, data brokers, and other platforms where your information might be exposed. By using a data removal service, you can minimize the risk of identity theft and fraud, especially after a data breach. Additionally, these services often provide ongoing monitoring and alerts, keeping you informed of any new instances of your data appearing online and taking immediate action to remove it.
A service like Incogni can help you remove all this personal information from the internet. It has a very clean interface and will scan 195 websites for your information and remove it and keep it removed.
Special for CyberGuy Readers (60% off): Incogni offers A 30-day money-back guarantee and then charges a special CyberGuy discount only through the links in this article of $5.99/month for one person (billed annually) or $13.19/month for your family (up to 4 people) on their annual plan and get a fully automated data removal service, including recurring removal from 190+ data brokers. You can add up to 3 emails, 3 home addresses and 3 phone numbers (U.S. citizens only) and have them removed from data-broker databases. I recommend the family plan because it works out to only $4.12 per person per month for year-round coverage. It’s an excellent service, and I highly recommend at least trying it out to see what it’s all about.
Get Incogni for your family (up to 4 people) here
6) Sign-up for identity theft protection
Identity Theft protection companies can monitor personal information like your home title, Social Security Number (SSN), phone number, and email address and alert you if it is being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
One of the best parts of using Identity Guard includes identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.
Special for CyberGuy Readers: Save up to 52% with my top recommendation is Identity Guard.
See my tips and best picks on how to protect yourself from identity theft.
7) Alert your contacts
If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.
8) Recognizing and reporting a Social Security scam
If there is a problem with a person’s Social Security number or record, Social Security will typically mail a letter. You can learn more about recognizing Social Security-related scams, including how to report a scam quickly and easily online to Social Security’s Office of the Inspector General, by reading more at www.ssa.gov/scams.
Kurt’s key takeaway
The impact of a data breach may not be immediate, but once your data is on the internet, it can be misused by bad actors. They can steal your hard-earned money, cause emotional and mental harm, or affect your loved ones. So, even if you don’t see the immediate impact of a data breach, take action. Ensure your devices are protected, and keep a close eye on your bank accounts.
Have you ever noticed unusual activity in your accounts after a data breach was reported? Let us know in the comments below.
FOR MORE OF MY TIPS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.