It is understandable to be concerned about the safety of your data
if you have received a notification from a company saying there has been a data
breach or cyber attack. A data breach can result in sensitive information such
as your name, address, email, phone number, passport number, or credit card
details, being exposed to cyber criminals and can lead to identity theft,
financial loss, and long-term damage.
There have been numerous high-profile cases of data leaks in recent years. For example, in 2017, credit reporting agency Equifax suffered a massive data breach that exposed the personal information of approximately 147 million people, including their social security numbers and birth dates.
In 2018, the hotel chain Marriott announced that hackers had gained access to its Starwood guest reservation database, which contained the personal information of up to 500 million guests. In both cases, they advised consumers to protect themselves from potential identity theft and other forms of fraud.
In the UK, if a company suffers a cyber-attack that leads to personal information being leaked, the company must inform those affected and notify the Information Commissioner’s Office (ICO) which upholds information rights.
What should I Do if My Data Is Compromised?
If your data is compromised in a data breach, you’ll usually receive confirmation of this from the company that suffered the attack. Make sure you read the information carefully to understand how you may have been affected. There are a number of other steps you can take to protect yourself.
1. What Data Does the Company Hold On You?
You should find out what data the company has about you and what specific information was involved in the data breach. This will help you determine what steps you need to take to protect yourself. If for instance, you know that you provided bank details to the company, you’ll need to find out whether your details are at risk.
If you cannot recall what personal information the company holds about you, you have the right to request access to this. You can do this by writing to the company and making a subject access request.
It may be that the company doesn’t have enough information about the data leak at this stage and they are unsure how your information was affected. It may take them time to understand this, but it is ultimately their responsibility to find out the level of risk you have been exposed to.
2. Change Your Passwords
Depending on the information that has been breached, it may be a good idea to change your passwords. Use strong, unique passwords for each account and consider utilising a password manager to keep them secure.
3. Monitor Your Accounts
If you know that you have provided credit card information or bank details to the company, you could be at risk.
Criminals can take your personal information and sell it online on the black market. Other criminals can then use your details to commit fraud or theft. As such, it’s a good idea to check your bank and credit card statements for any unusual transactions or credit inquiries you didn’t initiate. Notify your bank straight away if you see anything suspicious.
4. Be Wary of Scams
Cyber criminals often use cyber attacks as an opportunity to target phishing attacks or other types of scams after they have gained access to people’s emails. Therefore, you must be cautious of unsolicited emails, text messages, or phone calls that ask for your personal information or request payments. Sometimes cyber criminals pose as legitimate organisations or individuals, so make sure you double-check every request or email before you share information or click on links or attachments.
5. Be Aware Of Fraud Attacks
According to The National Fraud and Cyber Crime Reporting Centre, many fraud attacks come from phishing scams. You can take action to prevent fraudulent activity such as checking with organisations before sending sensitive information or updating your anti-virus software. If you have been a victim of fraud, you are more likely to be a target of “fraud recovery fraud”. This is where fraudsters impersonate a lawyer or a law enforcement officer telling you that they can help you to recover money lost from fraud. They could contact you via email, phone or letter, often out of the blue. Be very cautious of people who contact you about this and report any concerns to the reporting centre.
6. Make a Complaint Or Compensation Claim
Depending on the nature and severity of the data breach, you can complain to the company through their official complaints procedure or through a regulatory body such as the ICO. You may also be able to make a compensation claim if you have suffered losses or stress.