So far, 2021 has been a banner year for hackers. Data breaches have hit some well-known companies, including CVS, Walgreens, Mercedes Benz, the New York City Law Department, Scripps Healthcare, Peloton, Verizon, Microsoft, JP Morgan Chase Bank, Apple, Geico, the IRS – even the Houston Rockets basketball team. And that’s just for starters. Who can forget the Colonial Pipeline ransomware attack and the breach of JBS – a global beef supplier, which caused beef prices to soar. Some attacks, including the one against Apple, were attributable to the Russian hacking group REvil, which of course denied being involved.
Many attacks exposed countless customer records, had record ransomware requests and payments, and shut down operations of many of the companies who were breached by cybercriminals. For those customers whose data was exposed, mitigation includes credit monitoring, ongoing legal and expert help restoring their identity if it was compromised and other measures – that will cost the company that was breached a considerable amount of money over the coming years. It will also require a lot of time and effort on the part of those customers to ensure that their identity isn’t being used for nefarious purposes. The worst part is that it’s through no fault of their own that they have to go through this.
How Companies are Compromised
A data breach can happen due to a variety of reasons. Employees can make simple errors, such as leaving their laptops exposed while they’re in a public place, and a cybercrook can lift the login information and passwords of that employee while they’re distracted. Or, employees can fall victim to phishing email scams that will expose the company’s system to a cyber hack or other breaches. Unfortunately, this happens quite frequently.
Back door breaches are another way cybercrooks compromise a company’s data system. Hackers find vulnerabilities in the software or firewall and exploit them by embedding malware or other virus software that gives the crooks access to sensitive data. You have to remember that these people sit and work on stealing data for a living, so they’re going to ultimately find ways into a company’s system.
Another way data is breached is through a contractor or employee who is intent on stealing data from the company. They may be doing it as a way of retaliating for some perceived wrong or they may be doing it for money. Either way, if the data is successfully breached it will cause the company a lot of damage and it will cost the company a lot of money to remedy the problem. Companies have to be vigilant on what level of security they allow people to have.
How Data Breaches Happen
If a cybercrook is intent on breaching company’s sensitive data, they’ll find a way to accomplish their illegal deeds. Oftentimes a cybercriminal will send out phishing emails on company letterhead that look official, and even use the correct names of senior executives in the company to make it look even more authentic. Because the recipient sees the correct name of a company official, they’ll generally open the email and even click on an embedded link when instructed to do so.
Once data is breached, identity theft often follows. It can be financial identity theft, where the cybercriminal takes over a person’s bank account and steals their money, or it can be medical identity theft which is used to acquire medications or medical services or to steal funds from Medicare. The cybercrooks also use the breached data to steal tax refunds or create phony tax returns, or create synthetic identity – which is part real information and part fictitious info made up by the cybercrook. There’s a huge rise in this type of identity theft because it’s so hard to discover and could take a long time to even realize that a phony identity has been created.
Avoiding Data Breaches
One of the best ways to prevent damage from a data breach is to minimize all of your personally identifiable information that’s on the Internet. This includes social media, so you need to go through all of your social media accounts to make sure you haven’t posted any personal information about yourself like your address, phone numbers, birthdate and other information a cyber crook could use against you.
You should also remove all unauthorized personal information from people-search sites, which collect personal information about you, package it and then sell it to anyone willing to pay for it. If you’re doing this yourself, plan on devoting a lot of time and effort to this because it will take you quite a while to complete it.
What to do if You’re A Victim
If you find that you’re a victim of a data breach, report it to the FTC, which has developed a comprehensive guide on what you need to do after a data breach. You may want to consider putting a fraud alert or doing a credit freeze on your account with one of the major credit bureaus, including Experian, Equifax or TransUnion. It won’t cost anything, but you’ll enjoy peace of mind knowing that someone is looking after your credit accounts for you. You should also review your credit report every few months to search for suspicious activity that might have occurred, and immediately report it. Reviewing your financial accounts is also recommended just to be sure nobody is taking money from you.
By reviewing the information and following the suggestions listed above, you’ll have a good understanding of what a data breach is, what it can do to your finances and how to avoid it.