in

Were you caught up in the latest data breach? Here's how to tell

Chris Ratcliffe/Bloomberg/Getty Images

Think you’ve been involved in a data breach? This guide will help you find out where and when, and it lists the steps you should take next.

Data breaches are security incidents we now hear about every day. They strike every industry, every sector, and every country. Victims might be individuals, small, independent businesses, non-profits, or large Fortune 500 companies. 

IBM estimates that the average cost of a data breach in 2022 for companies was $4.35 million, with 83% of organizations experiencing one or more security incidents. 

However, talk of the millions of dollars corporations spend to repair damaged systems, perform cyberforensics, improve defenses, and deal with the legal ramifications of a data breach doesn’t convey the cost felt by individual customers involved — and we’re not talking just financially.

For individuals, the costs can be more personal. And while financial damage may be a factor, individual victims may face targeted phishing campaigns, social engineering schemes, or identity theft. 

Here’s how data breaches occur, how they can impact you, and what you can do in the aftermath. 

Also: The best home security system (and if you need a subscription)

How to find out if you’ve been involved in a data breach

Typically, your service provider will contact you through email or letters, explaining that your information has been compromised. However, companies may take weeks or months to contact you — if at all, as unfortunately, many organizations will still place secrecy over consumer protection in a bid to hush up incidents and protect their reputations.

Therefore, it is up to you to keep an eye on the news for any recently disclosed data breaches.

Have I Been Pwned is a search engine that you can use to see if your data has been breached.

Screenshot by Charlie Osborne/ZDNET

Have I Been Pwned, operated by security expert Troy Hunt, is the first resource you should use to find out what data breaches you have been involved in and how extensively your data has been leaked. 

The search engine allows you to search either by your email address or phone number and will flag any breaches containing your data when they happen by cross-checking billions of leaked records added to the Have I Been Pwned database.

If you type in your details and are rewarded with a green screen, congratulations, you haven’t been involved in any notable data security incidents. However, if you have, you will see a screen (shown below) telling you which breaches have impacted you. 

Screenshot by Charlie Osborne/ZDNET

If you use a password manager, it may offer breach-monitoring services that will alert you when your passwords are exposed during a data breach. Password managers are able to periodically check for any evidence of your password and email combinations ending up posted online or being made available on the Dark Web, and will alert you to any changes you should be made aware of. 

Also: The best password managers: Easily maintain all your logins

Should you become embroiled in a security incident, you should check where the compromised password is in use. We always recommend that you use different and strong, complex passwords to secure your accounts (another area a password manager can help), and this is why: once one service is compromised, the same password and user combination could lead to an exposed account elsewhere.

1Password

Credit monitoring services, including Experian and LifeLock, are beginning to integrate data breach monitoring, too, as these situations can result in identity theft — a criminal act that can severely impact your credit reports and scores. However, unless you have notifications enabled, you may not be warned of any changes unless you have logged in or you have checked your email. 

Many credit agencies now also offer data breach monitors on a free or paid plan basis. If a set of credentials belonging to you are found in a new data leak, these organizations will tell you — allowing you to quickly take action.

Whether or not financial information is involved, if enough personal data is available online, ID theft and fraud are still a risk. 

AlsoThe best identity theft protection and credit monitoring services

Unfortunately, credit monitoring services are now necessary to be alerted to suspicious activity that could place your reputation, finances, and creditworthiness at risk. However, even if you aren’t willing to pay for a premium subscription, you should still consider signing up for a free option. 

If your payment card details, bank accounts, or other digital financial services have been compromised, call the provider immediately (or if you have a mobile app with the feature, freeze your cards). You must also inform your bank or financial services provider so they can be on the lookout for suspicious and fraudulent transactions. 

Screenshot by Charlie Osborne/ZDNET

What you do next depends on the severity and type of data breach. The likelihood is that you have already had your PII leaked in some form or another online regarding basic details — such as your name and email address. In this scenario, there is not much you can do. 

However, if your online account details have been compromised, whether or not passwords are hashed, you should change them immediately. In addition, if you are guilty (as many of us are) of reusing password combinations across different platforms and services, you should also change them at once. 

AlsoThe best password managers: Easily maintain all your logins

Try to improve them with complex combinations. If you’re not certain you can remember them, opt for a password manager. 

sankai/Getty Images

Whenever you can, enable two-factor authentication (2FA) — especially after you’ve become a victim of a data breach. 

Two-factor authentication implements a second layer of security on your accounts, so if your credentials have been leaked, attackers would also need access to your email account or handset to grab the verification code required to access your account. Granted, 2FA is not foolproof, but it’s better than relying purely on a compromised password to protect your privacy.

Two-step authentication, 2-step Verification SMS code password concept. Smartphone with special 2FA software and tablet pc with multi-factor authentication safety and secure login form.

Getty Images/iStockphoto

It would help if you also considered using a physical security key for any central “hub” accounts, such as your Gmail or Microsoft email address. 

A security key is one of the most reliable security options we have today. It might seem backwards to use a physical device to secure an online account, but even if an attacker manages to steal credentials, they are denied access without the physical key when they attempt to log in from a new device.

Also: The best security keys you can buy

For example, Google’s Advanced Protection Program requires members to use a physical key. This used to be quite an expensive investment, so it doesn’t hurt that prices have dropped in recent years.

Screenshot by Charlie Osborne/ZDNET

How do data breaches happen?

According to IBM, the most common initial attack vector cyberattackers use to break into a company’s network is the use of compromised credentials. 

These credentials can include account usernames and passwords leaked online, stolen in a separate security incident, or obtained through brute-force attacks, in which automatic scripts try out different combinations to crack easy-to-guess passwords. 

Other potential attack methods are:

  • Magecart attacks: Companies like British Airways and Ticketmaster have experienced these assaults, in which malicious code is quietly injected into e-commerce payment pages to harvest your payment card information. 
  • Malicious code injected into website domains and forms: The same tactics can be used to grab other forms of data from customers and visitors, with data stolen directly from unaware victims visiting a legitimate service. 
  • Business Email Compromise (BEC) scams: BEC scams require an attacker to pretend to be a company employee, contractor, or service provider. They latch on to email threads or contact a staff member — such as one working in the payments or customer service departments — to trick them into handing over information or paying an invoice to the wrong bank account. 
  • Insider threats: Sometimes employees have axes to grind, or they are made an offer by cybercriminals that they don’t refuse. This can lead to your information changing hands, such as in the case of a Russian national arrested for trying to recruit US company workers to install malware on their employer’s network. 
  • Negligence: Unsecured servers, left open and exposed online likely due to misconfigurations, are a principal reason for data exposure and breaches. Information may also be leaked accidentally by employees.
  • Falling for spam and phishing attempts: On an individual level, cybercriminals will try and get you to part with your PII and account information through spam emails, phishing domains, and more. 

How do data breaches impact you?

If you’ve been involved in a data breach as a user or customer, your records may have also been exposed, stolen, or leaked online.

Your personally identifiable information (PII), including your name, physical address, email address, work history, telephone number, gender, and copies of documents including passports and driving licenses, can all be used to conduct identity theft. 

ID theft is when someone uses your information without permission to pretend to be you. They may use your identity or financial data to conduct fraud and commit crimes. This can include tax-related fraud, opening up lines of credit and loans in your name, medical fraud, and making fraudulent purchases online.

Criminals may also ring up a company you use, such as a telecoms provider, and pretend to be you to dupe customer representatives into revealing information or making changes to a service, such as in the case of SIM-swapping attacks.

These scenarios can impact your credit score, make you financially responsible for a loan or payment you didn’t agree to, and lead to serious stress and anxiety in cleaning up your name and finances. As cybercrime is global, it can also be extremely difficult for law enforcement to prosecute the perpetrators. 

Blackmail, too, can be a factor. When extramarital affairs website Ashley Madison experienced a data breach in 2015, some users were contacted by cybercriminals threatening to tell their partners, friends, and colleagues about their activities unless they were paid.

What happens when an attacker is inside a network?

The attacker may conduct surveillance first, mapping a network to work out where the most valuable resources are — or to discover potential pathways to jump into other systems.

The majority of data breaches are financially motivated. Attackers may deploy ransomware to blackmail their victims into paying up to regain their access to the network. In so-called “double-extortion” tactics, hacking groups may first steal confidential information and then threaten to leak it online. 

Alternatively, some may grab and go, stealing the intellectual property they came for and then erasing their tracks. Others may test their access point and sell it to other cyberattackers via the dark web. 

In some cases, network intrusions are for one reason alone: to disrupt services and damage a company. 

Some miscreants download data and make these data dumps freely available online, posting them to resources such as Pastebin.

What is the dark web?

The internet as a system can be divided into three layers: the clear, the deep, and the dark web. 

  • The clear web: The clear web is the internet most of us use on a daily basis. Millions of websites and pages are indexed by search engines, and you can access them from a typical browser, such as Safari, Chrome, or Firefox.
  • The deep web: The deep web is the layer underneath, which requires a specific browser to access. The Tor network and a VPN are typically required. Websites are indexed using .onion addresses, and the entire network is based on the principles of security and anonymity. This helps in legal applications — such as circumventing censorship — as well as illegal operations. 
  • The dark web: The dark web is the next layer down and is an area that is associated with criminal activity. This can include the sale of information, illegal products, drugs, weapons, and other illicit material. 

The terms dark and deep web can be used interchangeably.

In this world, data is cheap and unnecessarily collected in bulk by companies that don’t protect it effectively or govern themselves in data collection practices well. When a breach occurs, you are most often just offered a year or so of free credit monitoring.

Unfortunately, it is up to individuals to deal with the fallout, and knowing you’ve been involved in a data breach is half the battle. Protecting yourself by maintaining adequate account security, changing your passwords frequently, and being on alert for suspicious activities are ways you can mitigate the damage these frequent security incidents can cause. 


Source: Information Technologies - zdnet.com

The best AirTag wallets of 2023

MIT PhD students honored for their work to solve critical issues in water and food