Definition: A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.
In 2018 a government survey reported that 40% businesses experienced some sort of cyber security breach and 20% of charities. nearly 75% of all such incidents we as a result of fraudulent emails and impersonation attacks, mostly with malicious website redirects.
These statistics apply only what has been reported in the UK, and only those included in this particular survey. Where your data is, may not be the UK….
Where’s your Data?
Much thought should be given to who has your data. Think way back to when you were signing up for a newsletter or filling out an online application. Even signing up for social media accounts or emails.
Your data is likely spread all over the world, some of it outdated and inaccurate but it’s likely a lot of it is real-time and accurate. Who has it though?
Over the past decade, there have been multiple high level, enterprise-class breaches, and while you may only have been one of millions, your details may have been leaked into the public domain.
Sony’s PlayStation Network reported that 77 Million users were compromised in 2011
In 2015, UK telecoms company TalkTalk reported that a “Group of 15-year-old Hackers” stole information on its 4 million customers
2017 brought about a breach reported by Equifax, where 145.5 Million consumer records where hacked into using open-source code in a web portal.
More recently, 2018 had the Facebook and Cambridge Analytica data breach, which effected roughly half a million users. Later in the same year British Airways reported the data theft of 380,000 customer records, including bank records.
Take Control of your Data
Check your bank accounts for suspicious activities. You can request copies of statements from your bank if you need them, and make sure you know what every transaction is. This is a good place to start.
Here’s a list of other things you can do:
- Google Yourself – you might be surprised what you find. Old accounts may still be active…remember MySpace? MSN?
- Make sure you have different passwords for everything, that way if one account is compromised, it’s limited to that account.
- Use complex passwords – consider a password manager rather than piece of paper sellotaped under the keyboard (Don’t, Please!)
- Don’t give up your data to anyone who asks for it – Treat your data like digital money
- Check your accounts to see if you have been included in a data breach. haveibeenpwned.com is a great and safe page if you’re curious.
- If you are in the database, STAY CALM! just go to your associated account and change your passwords.
- Consider multi-factor authentication wherever possible. This way if your password gets compromised, you have to have something else compromised too. This will give you time to change said passwords.
If you think your data is being unlawfully kept, or shared, or feel like you have suffered a material or non-material loss as a result of a data breach, you have rights.
Speak to the company involved first and foremost. They have obligations under GDPR to protect your data and should have a robust procedure in place. Most companies will have an appointed Data Protection Office (DPO) whose contact details should be easy to find.
If the company you are dealing with is not playing ball, you’re unhappy with the way they are dealing with your concern, or you just need more information, you should contact the Information Commissioner’s Office (ICO). They have a website where you can find contact details or chat online.
If you would like any further advice around data governance and privacy, speak to us on this thread or contact us at Centric Security.
Search for us on Social Media –