If you follow security news, you’ve likely heard people talking about big companies suffering data breaches. And you might worry about how these breaches can affect you as a user.
So what is a data breach? That’s what we’ll explain below, with advice on how to protect yourself from future breaches.
Security Incident, Security Breach, Data Breach: What’s the Difference?
The general term for a company or organization being hacked or attacked digitally is a security incident. This covers a wide range of issues like malware infection, phishing attempts, distributed denial of service attacks, and employees losing equipment or having it stolen.
A security incident may or may not result in the organization’s security being compromised. If attackers are successful in compromising the organization’s security, that is called a security breach.
A data breach is a specific type of security breach. This is where attackers successfully access data that they should not have been able to access. Typically, attackers will achieve a security breach, and then steal data resulting in a data breach.
But there can be other types of data breach too. For example, an organization may accidentally leave sensitive data in an insecure location. If people can access data they shouldn’t be able to, that’s a data breach.
What Are Examples of Some Famous Data Breaches?
One of the biggest data breaches in recent years was revealed in 2018. Hackers had attacked Facebook and were able to steal information about 30 million users. They performed the attack through Facebook developer APIs (application programming interface) and were able to obtain information about users such as their names, genders, and hometowns.
Another famous data breach happened to Equifax in 2017. Equifax is a large credit reporting company and holds data on a huge number of Americans. The hackers were able to gain initial access to the company’s systems through a consumer complaint web portal using a well-known vulnerability.
Then they used the web portal to access other parts of the network. They found usernames and passwords stored in plain text (which is a huge security mistake). They then used these passwords to steal data such as names, addresses, Social Security number, and dates of birth. In total, the breach potentially affected up to 145 million people.
Banking and credit card company Capital One also suffered a data breach in 2019. Hackers were able to steal the names, addresses, credit scores, and Social Security numbers of over 100 million customers.
The company had misconfigured a web application firewall, and a hacker was able to exploit this to gain access to the system. The hacker was a software engineer who had previously worked for Capital One’s web hosting company, Amazon Web Services.
How Do Data Breaches Happen?
There are many ways that data breaches can happen. According to a report by Kastle Systems, the most common cause of data breaches is hacking, followed by poor security. Hackers used malware in nearly 50 percent of data breaches. They used social engineering in a quarter of breaches.
Hackers can introduce malware to a target’s computer through techniques such as email spam. An email will trick a user into clicking a link which downloads malware onto their device. Another way to hack a system is through social engineering attacks like phishing. This is where hackers set up a fake website and trick users into entering their username and password into the site.
The hackers can then copy those usernames and passwords and use them to access secure systems.
Sometimes, affected organizations make mistakes which result in data breaches. For example, an employee may lose their company computer or have it stolen. If cybercriminals get their hands on that computer, they can use it to access the company’s systems.
Or, as seen in the case of Equifax, an organization may have poor security practices such as storing passwords in plan text. That makes it easier for hackers to steal data.
Affected by a Data Breach? Here’s What to Do
With so many companies suffering data breaches, the likelihood is high that you may be affected by one. Therefore, a great resource to find out if your information has been part of a breach is the website HaveIBeenPwned.com. You can enter your email address into this site to see if you have been affected by a data breach.
If your information has been included in a data breach, don’t panic. Firstly, check which sites are responsible for the breach. Now, go to each of those sites and change your password straight away. This should be enough to protect you in most cases.
Sometimes, you’ll need to take more drastic action. This would be if the breach has affected your bank, for example, or if very sensitive data such as your Social Security number has been leaked. In these cases, you may want to freeze your credit, start using a credit monitoring service, and/or check your credit reports to ensure no one is doing anything suspicious under your name.
If you believe someone else has opened an account under your name, contact the institution’s fraud department and let them know.
How Can You Protect Yourself From Data Breaches?
In order to protect yourself from data breaches, there are a number of steps you can take:
- Use strong passwords. Your passwords should ideally be a mix of numbers, letters, and special characters. Also, you should never reuse the same password for multiple sites or logins. Finally, never share your passwords with anyone.
- Use HTTPS when browsing the web. Using HTTPS ensures you connect to sites securely. This makes it harder for hackers to intercept your data.
- Be on the lookout for spam, phishing, and other suspicious communications. Be careful what you click on, especially if you received an unsolicited email message or are browsing a less-than-reputable website.
- Keep your devices and software up to date. Updating operating systems and other software can be a pain. But it’s a vital way to protect yourself from attacks. When a security vulnerability is disclosed, companies will update their software to protect against the vulnerability. If you don’t update, you leave a big hole in your security.
- Check your credit reports regularly. If you think someone might have stolen your data, they could use it to take out a credit card in your name. So you might want to use a credit monitoring service. This will send you alerts if the company detects suspicious activity on your accounts.
Take Steps to Protect Yourself From Data Breaches
With this information, you can be ready for the possibility of a data breach. And by following the steps outlined above, you can make it less likely you’ll be a victim of a data breach in the future.
If you work with data as part of your job, you should also consider how hackers could target your organization. To learn more, see our data handling tips to avoid security breaches at work.