Create an ArticleUser Guide

What is a Data Breach and what do we have to do in Case of a Data Breach?

Apr 03, 2021

iCrowdMarketing powered by iCrowdNewswire

You receive an email from a company that you do business with, informing you that they experienced a “data breach.” It goes on to tell you that your personal or financial information may have been compromised and that as soon as more information is available, they’ll inform you as soon as possible.

To the uninitiated, a “data breach” is like hearing a foreign language. To those who have had it happen before, or have followed it in the news, they know that it sounds like trouble, because if they’re being “informed,” it’s highly likely that their data was involved in the breach. So, what is data breach?

A data breach means someone got into a company’s secure server and stole personal or financial information about their customers. The cyberthief “breached” the data stored on their servers that was supposed to be secure. After all, companies go to great lengths to protect that sensitive information, from sophisticated firewalls and software that is supposed to alert a company that someone is attempting a breach to an IT department that is constantly monitoring all activity on their computers.

Recent Examples of Data Breaches


Data breaches are on the increase and are now affecting hundreds of millions of victims. Companies like Marriott, Yahoo, Twitter, Facebook, and Capital One, among others, have all experienced a data breach, and it’s costing them millions upon millions of dollars.

Data breaches aren’t just theft of data. They have real-life consequences for the people whose information was stolen. That could include identity theft, stolen Social Security numbers, and other financial information that would compromise a person’s banking or other financial and personal data. Once in the hands of a cybercriminal, that data could be used to steal bank funds, set up phony Social Security claims, create new credit accounts in the person’s name, steal medical identity theft, and more.

How Data Breaches Happen


It’s not always a cybercrook behind a data breach. According to statistics from CompTIA, about half of data breaches happen due to human error. An employee enters the wrong email address and sends sensitive information to the wrong person, or he or she falls for a phishing scam, or has a weak password, or accidentally shares the password with the wrong people.

Hackers also look for vulnerabilities in the company’s software - usually known as a “back door,” where they’re able to enter the main server. This often goes undetected until it’s too late, and a data breach occurs. And while half of data breaches happen due to human error, there are in fact cyber thieves out there doing targeted hacking of companies. If successful, rewards are great.

Another tactic is well-known phishing. A hacker sends an employee an email from his alleged “superior” or boss, and the minute the employee opens the email to respond, the hacker is in the system. The hacker can dump malware into the system, or place code in the system that allows access to the servers when wanted. Because those emails are allegedly coming from an employee’s boss, it’s hard to prevent employees from opening them.

An often-used tactic known as “keylogging” allows hackers to capture passwords and other sensitive data. Once they insert the keylogging software, through phishing or other means, they can capture an employee’s keystrokes, which would include typing in passwords. Once they have those, the hackers can come and go at will.

What Happens to Hacked Data?


Once a data breach occurs, the resulting stolen data is used for nefarious purposes. 65% of information taken in a data breach results in identity theft. Cybercrooks can file false tax returns with the IRS, claiming refunds required. They also use the stolen data for medical identity theft, where they use the stolen name, SSN, and other information to seek all types of medical treatment. An unsuspecting victim then receives a past-due bill from a medical provider, and the nightmare begins with trying to clear their name.

Other times, stolen data ends up being sold on the dark web. This is personally identifiable information or PII. It can include name, birthdate, government data like passport numbers or SSN, electronic and digital contact information including Internet access and passwords, school history, and more. A full package of this information will fetch a high price on the dark web, while the victim suffers untold financial and personal damage.

One of the problems with data breaches is that they often aren’t discovered for weeks or months after they happen. This gives cyber thieves plenty of time to aggregate the information and sell it on the dark web. By the time the breached company discovers the problem, extensive damage has already happened.

How to Protect Yourself


Be very careful who you divulge your SSN to as well as other sensitive data. Another key is to remove all private and sensitive information from people's search sites, like US Search, Intelius  Instant Checkmate and others, as this is another way hackers can access Social Security numbers and other key data that can be used to steal your money. You’ll need to spend a lot of time and energy finding the people search sites, and then follow each one’s protocols to opt-out. A better way is to use OneRep, specialized software that does this automatically for you on over 100 people search sites on the Internet.

Be sure you use strong passwords on all of your accounts. Experts urge using passwords of 10 characters or more, with a unique password for each account. As this would be hard if not impossible to manage, there is software available to handle it for you. The top ones include Bitwarden, Dashlane, and LastPass, among others.

Never keep your Social Security number in your wallet or where others can access it. Getting your SSN is a hacker’s key to doing some serious financial damage to you. Use common sense and good judgment when accessing the Internet, especially when logging on at public places like coffee shops and airport lounges. Use a VPN (virtual private network) like ExpressVPN, NordVPN, and CyberGhost, among others.

Being proactive is your best defense against falling victim to a data breach.

Tags: English