You may have heard the term data breach in the news and wondered what data breaches are and how they affect you. Whether you know it or not, it’s not uncommon for businesses to store information about most or all of their customers. This includes restaurants where you paid with your credit card, grocery stores where you use a shopper’s card, online websites and more. These companies may hold information about you, and if unauthorized people access that information, your information could fall into the wrong hands.
What is a data breach?
Data breaches are incidents in which sensitive personally identifiable information (PII) such as social security numbers, bank or credit card account information, passwords, or personal health information is exposed. Data breaches can be intentional (a cybercriminal or hacker accesses a company database) or accidental (an employee accidentally leaks customer information).
Governments, private companies, hospitals, and educational institutions have all experienced data breaches. Here are some recent or more prominent data breaches:
- Equifax (2017) – Disclosed personal information of 147 million people
- Facebook (2019) – Account information of 530 million users exposed
- Yahoo (2017) – Names, dates of birth, phone numbers and passwords of up to 3 billion Yahoo users
- Marriott (2018) – Disclosed information on up to approximately 500 million guests
- Crypto.com (2022) – 483 user accounts compromised with up to $35 million in stolen cryptocurrency stolen
How do data breaches happen?
Data breaches happen in different ways. In some cases, an insider with access to sensitive customer information decides to steal or misuse that information for his own benefit. In other cases, hackers use malware to gain unauthorized access to a company’s networks or databases, or an individual’s computer or personal device. Social engineering is another way a cyber criminal could use to gain access to your personal information. Finally, some data breaches happen accidentally when an unauthorized person accesses information without malicious intent.
Once inside a company’s network, a hacker can use a variety of different tactics. One possibility is that they access financial information to steal money from bank or credit card accounts. Another possibility is that they are looking for username, email address and password information in the hope that there are other accounts with the same username and password combination. Or they use their insider access to switch to another trusted network and steal more information.
How to avoid becoming a victim of a data breach
Your personal and financial information is one of the most important assets you have and it is wise to do everything you can to protect your information. Here are a few ideas to reduce the chances of your personal information being stolen:
- Regularly patch and update your operating system and the applications you use on your computers and mobile devices
- Make sure the websites you use have the highest level of security. For example, Google Chrome indicates if a website is secure by adding a lock icon to the left of the URL.
- Use strong or complex passwords, multi-factor authentication (MFA), and never share passwords across different websites
- Always shred financial documents and anything containing your personal information
No matter what precautions you take, your data can still be compromised. Even if you’re careful about who you give your data to, even the largest and most reliable companies can be hacked. Another thing you should do is monitor your financial accounts and credit report regularly. Look for unauthorized transactions or new accounts – these can be signs that your data may have been compromised. Credit Karma’s Identity Monitoring product is free and provides notifications when members’ email addresses are discovered in a data breach.
What should you do if your data is breached?
If you find that your information has been exposed, you should contact your financial institution to discuss the best course of action. This may include disputing fraudulent transactions, creating fraud alerts, closing affected accounts, or all of the above. You should also check your accounts and make sure you have strong passwords on all your accounts, especially any accounts that previously used the same password as the hacked account.
Check your credit reports regularly – You are required by law to have access to a free credit report from all three credit reporting agencies (Experian, Equifax and TransUnion) every year. It’s good financial practice to periodically review your report to see if there are any accounts on your credit report that you don’t recognize. These could be signs that your information is being used fraudulently. You can also use a service like Mint to regularly check the charges on your existing accounts. If you feel that you have been the victim of identity theft, you can follow the FTC’s guide to reporting identity theft.
The final result
A data breach is an incident where an unauthorized person accesses personal and/or financial information. While most companies do their best to protect the information they store about their consumers and customers, it’s always possible for malicious cyber criminals to see and use your data. Be careful what you do with your personal and sensitive information and who you share it with. It’s also a good idea to regularly review your financial accounts and credit reports. Look for unauthorized transactions and immediately report any you see to your financial institution.
How much does it cost to raise a child in…