Key data criminals seek to pilfer for exploitation - Essential measures to safeguard personal data
Millions of Britons have fallen victim to data breaches in the escalating cyber attacks against UK businesses and organizations. A recent example, the hack on Marks & Spencer, underscores the vulnerability of even large, established companies.
Following a cyber attack, speed is crucial for both potential fraudsters and victims. Dr Nicola Harding, the CEO of security service We Fight Fraud, explains that hackers monetize stolen data rapidly by selling it before individuals can change passwords or adjust security settings.
The stolen personal data often becomes a commodity in the criminal underworld, with immediate sale on the dark web. Hackers sell the information in bulk, but they are unsure of the actual monetary value.
Your most valuable data, such as full name, date of birth, and address, is highly attractive as it facilitates identity theft. National Insurance numbers are targeted for benefit or tax fraud, while bank details and credit card numbers are prime targets for direct financial thefts.
Online bank login details are known to change hands for £150 or more, depending on the victim's wealth. Medical records, useful for insurance fraud or creating fake identities, sell for up to £750. Even seemingly insignificant data, like pet names or childhood addresses, can be used to guess passwords or bypass verification checks.
Should you receive notification of a data breach, it means your personal information has been accessed without authorization. If criminals contact you claiming access to your data, do not comply with their requests and report it promptly to the authorities.
In addition to changing passwords and reviewing security settings, it is essential to enable two-factor authentication where possible and check financial statements regularly for unusual transactions. If the breach involved government-issued ID, such as a passport, report the loss and consider replacing the documents.
Password managers can create complex, secure, and continuously updated passwords that you don't have to remember. Use unique and regularly updated passwords for each account and ensure devices are up-to-date with security patches to minimize the risk of identity theft.
Simon Miller, of fraud prevention service Cifas, notes that every piece of data has value, and identity fraud accounts for nearly 60% of reported cases filed to the National Fraud Database. To minimize the risk, promptly secure your accounts, monitor your credit file, and check bank accounts daily.
Under UK GDPR and the Data Protection Act 2018, you have the right to timely notification of the breach, access to your data, and the ability to complain to the Information Commissioner's Office if the breach resulted from the organization's failure to protect your data adequately.
Organizations are legally obligated to safeguard your information, and if negligence is proven, you may be entitled to compensation for both financial loss and emotional distress.
To claim compensation, negligence must be proven, as companies falling victim to cyber attacks are typically treated sympathetically due to the ongoing battle to protect their systems against sophisticated attackers.
By following the recommended security measures, such as securing accounts quickly, monitoring accounts for unusual activity, and using a password manager, individuals can help protect themselves against identity theft and the potential consequences that range from mild inconvenience to a complete nightmare.
Sources1. https://www.ncsc.gov.uk/2. https://ico.org.uk/3. https://www.cybersecuritysaasy.com/4. https://www.wefightfraud.com/5. https://www.cyberhelpline.org.uk/
- In the aftermath of a cyber attack, it's important to secure one's insurance coverage, as personal data, including National Insurance numbers, can be sold on the dark web for purposes of benefit or tax fraud.
- Enhanced cybersecurity measures, such as enabling two-factor authentication and using a password manager, can reduce the risk of identity theft, which accounts for nearly 60% of reported cases, according to fraud prevention service Cifas.
