A data security breach is a severe security incident wherein personally identifiable information (PII)/ protected Health Information (PHI)/financial data gets accessed by unauthorized individuals. Cyberattacks have become increasingly common with the increment in the technology advancements as we progress towards much sophisticated digital world. In the order of precedence, the most common type of data breach would be the personally identifiable information (PII) like social security numbers, credit card numbers, etc., with financial information following close by.
Is Data Breach a Profitable Business?
Cyber security is one of the most profitable business for attackers and this keeps growing on exponential basis. Personally identifiable information (PII)/ protected Health Information (PHI)/financial data can be used to compromise the identities, black mail/ steal money and cyber attackers with varied skillsets and expertise can buy or sell the leaked/stolen business credentials on the Dark web. In certain cases, data breach can happen accidentally, but the targeted attacks can happen because of one of the below mentioned reasons.
- Phishing Emails can be made look like delivered from a trusted source with malware infecting links or attachments incorporated in to the emails. This is one tricky tactics used by the bad guys to obtain confidential information, inject malware virus into the machines and directing users to dangerous websites.
- Accidental download of malware attachment can happen just by visiting a simple website or clicking on an add-on which can compromise any security outdated application or browser or any operating system, etc.,
- Well updated and maintained password would prevent easy gateway access for hackers to guess and breach financial and personal accounts.
- Outdated software/system vulnerabilities can create a black hole to attract hackers and steal data.
My Account Has Been Hacked—How to Avoid Running Into Similar Situation Again?
Passwords are sometimes the only thing between an individual data & cyber criminals and between safe and stolen data. If the same password has been used for multiple accounts, it would provide easy access for the cyber criminals to access all of them to steal financial data and to disrupt an individual’s digital life.
- Change password on regular basis (maybe once a year), but be cautious to change the password straight away if you hear any news about a website or an organization being hacked.
- Create stronger passwords and it is recommended to use at least 8 or 9 characters (longer the password better the safety),try to use a single password but keep changing the letters once in a while with characters. Secure password generator websites can be used as well to generate safe passwords.
- Don’t reuse the same password: Being hacked by reusing the same password in one website can compromise the password security of other websites irrespective of the strict security measures. Golden rule would be to use different passwords for different accounts. Extra precautions should be taken care for passwords of financial or sensitive data containing accounts. Password manager tools such as free Norton Identity Safe should be used instead of writing down on a sticky notes.
- Enable two factor authentication should be enabled. This service has been provided by many websites and it adds an additional layer of security by requiring to enter a code obtained via a text message or a token generator on the mobile phone. Even though an individual password has been compromised, the secondary security layer would make really hard for the bad guys to breach the data.
- Pay extra attention to the email account as it servers a door to an individual’s digital life. If an email account can be hacked, it would lead to the breach of all the email linked accounts.
My Account May Has Been Hacked—What To Do Now?
Immediate Course of Action:
Need to determine the type of breach. Is that an Online or a POS data breach? If it is an online data breach, expect the possibility of credentials such as username and password has been compromised. If it is a POS data breach, expect the credit card details are being hacked and check your online financial accounts for any illegal or unidentifiable activity. Irrespective of the credit or debit card usage, risks involved are usually similar wherein the acquired card details can be tagged to the magnetic strips on different cards for purchases across Brick & Mortar stores. It is always required to stay vigilant regarding any minor financial account transactions and prefer to use or open accounts with the credit card companies with sophisticated/strict cyber security handling strategies.
Be cautious about the security breach notifications or notices from the websites/vendors and the corresponding passwords should be changed immediately.
Passwords should be updated on regular basis to avoid being tricked into receiving and clicking on the links made available in the phishing emails.
Try changing the passwords for other websites if the same password has been used across all the accounts (especially for those accounts containing sensitive or personal information).
In case of any suspicious activity, make sure to contact and notify the banking or financial institutions regarding the doubtful transaction as soon as possible.
Make sure to setup alerts or signup for email/text alerts from the financial institutions so as to maintain close monitoring.
Contact the data breached company to obtain details regarding the type/magnitude of the data that has been leaked out and crosscheck about the policies/procedures that has been set in place to save consumers PHI or PII data.
Crosscheck with the organizations regarding the services or offers being provided for certain period of time after the data breach. Services like advanced notification system and credit monitoring packages might be made available for free till certain period of time.
Try to use the secure password along with two-factor authentication whenever feasible.
Credit reports to be checked on regular basis to make sure illegal accounts haven’t been tagged.
Cite this page