What Are Data Breaches?

There is a huge amount of personal data currently stored online – whenever you shop, make an application or create an account you are handing over information to an organisation you can hopefully trust. But, how secure is that information? What happens if it is stolen? Below we look at what happens when an organisation has sensitive data stolen, in what is known as a ‘data breach’.

What is a Data Breach?

A data breach occurs when sensitive or confidential data is accessed by a party who is not authorised to do so. This data can include things such as passwords, credit card numbers, health records or addresses. Data breaches can range in size from millions of records being lost to a single individual viewing information they should have not seen.

Data breaches have grown in frequency over the past decade as the sheer amount of information stored online has grown exponentially. A data breach may not always lead to criminal activity, but there can be other ramifications for the individuals whose information has been lost.

How Do Data Breaches Happen?

Data breaches can often conjure up images of hackers in a far-flung country gaining access to a private computer network and downloading huge amounts of information to use for nefarious purposes. Although this does happen, there are also more mundane occurrences that can lead to a data breach. For example, an employee of a company leaving a laptop on a train or an email containing sensitive files being sent to the wrong address.

According to the 2016 Data Breach Investigations Report produced by Verizon, “63% of confirmed data breaches involved weak, default or stolen passwords”. This is the most common way hackers gain access to a system, either by using software to guess a password, using ‘phishing’ techniques or installing software designed to record sensitive information – known as ‘malware’.

There may also be vulnerabilities in an organisation’s technology that allow cybercriminals to gain access or insert spying software. In some scenarios, data breaches may also be intentional and caused by a disgruntled ex-employee looking for revenge or someone who is motivated by politics or espionage.

Who is Affected by Data Breaches?

The impact of a data breach on consumers depends very much on the information that is released. Sometimes it may be financial information such as bank account details or credit card numbers, which could be used directly by fraudsters. If passwords or email addresses are leaked, it may just require users to change passwords, although it could also be used in a phishing attempt to gather more valuable information.

Sometimes the data that is released may not be used for criminal means, but can result in embarrassing or difficult situations for the consumers affected. Revelations about an individual’s health, their dating life or political affiliation may have an impact on their relationships or their career.

The biggest impact of a data breach can often be on the organisations losing the data. As well as affecting the confidence consumers have in that organisation, a data breach can also cost a company dearly in lost revenue. This is why it is crucial for organisations, commercial or otherwise, to ensure their protocols are up-to-date and in line with best practice.

How Can You Protect Your Data?

Handing your data over to a company involves a certain level of trust and you will usually have to rely on that organisation following best practice when it comes to securing your data. However, there are steps you can take as an individual to reduce your chances of becoming a victim of identity fraud. It’s important to ensure that you only give information to reputable companies that you feel you can trust, this is not fool-proof as many big companies suffer data breaches, but as a general rule do not risk handing over sensitive data unless you feel confident about doing so.

You should also make sure to change your password regularly and do not use the same password for many different accounts. If one password is lost in a data breach, it could then be used to access multiple accounts, especially if combined with other data like email addresses or security-question answers.

Remember not to store sensitive information on your computer or to share this kind of data on open social media networks. Fraudsters will often gather small pieces of data from different sources, so a password from a data breach combined with details from your Facebook account could prove incredibly valuable to a criminal.

If you are worried about the security of your personal data, your Equifax Credit Report & Score (which is free for the first 30 days then £14.95 monthly) includes WebDetect, which alerts you if we find your personal data on websites used by fraudsters.

Categories

Related Articles