Data Breach Survival: Your Quick Guide

Hacked? How to Reclaim Control and Fortify Your Digital Life

It seems that nearly every single week, headlines announce another digital infiltration targeting a corporation or public entity, sparking widespread concern over the specific personal details that cybercriminals may have successfully acquired.

Just last month, the well-known footwear and athletic apparel corporation, Adidas, disclosed that the private details of certain clientele were pilfered. However, the company confirmed that sensitive financial data, such as credit card numbers, passwords, along with alternate payment credentials, remained secure.

A separate security failure involved the personal records affecting a massive quantity of individuals who applied for legal assistance across the jurisdiction of England and Wales, with the compromised files going back as far as 2010. These events followed closely after cyber-attacks that created significant operational chaos at both the Co-op and Marks & Spencer.

Check for Official Company Notifications

If a report surfaces about a digital security event involving a business or institution you engage with or previously dealt with, you should be vigilant for communications from them. Impacted organizations almost always communicate with their customers to provide additional details on the incident and offer guidance on what actions to take. The scope of a data leak can be specific; sometimes, only a certain group of customers is impacted, or the breach may be limited to people residing in specific geographical locations.

Image Credit - Freepik

Update Your Passwords and Security

Regarding the Adidas breach, it seems the people affected were those who had previously used the client support helpdesk, a detail that will exclude a large portion of their customer base. On occasion, the notification from the company may deliver positive information, confirming that your account was not part of the compromised set. In situations where your data was potentially exposed, the message you receive will typically contain advice on the steps you ought to follow, frequently including a hyperlink to a section with common inquiries. In certain scenarios, you could be presented with complimentary enrollment in a support program managed by a professional cybersecurity firm or a credit reference bureau.

For any business or institution that you have engaged with that reports a digital intrusion, you must change your login credentials for that specific app or website without delay. It is essential to always maintain formidable passwords and never utilize an identical one for multiple accounts. General guidelines suggest creating a passphrase that is a minimum of 12 characters in length. You should incorporate a mix of digits, symbols, and both uppercase and lowercase letters. Steer clear of information that is simple to figure out or discover through online searches, including your pet's name, birthday, or a beloved sports franchise.

The UK's National Cyber Security Centre advises that an effective technique for making your passphrase hard to guess involves stringing together three unconnected words. An illustrative example they offer is something similar to Hippo!PizzaRocket1. Furthermore, the digital security firm NordVPN recommends that you think about employing a password management tool, which can create and house powerful, distinct passwords for you.

Identify and Avoid Phishing Attempts

Activate two-factor authentication whenever possible. This is a feature you can enable on your email account and other critical online services to introduce an additional protective shield. The process requires you to supply a second piece of verification that is uniquely yours. This typically comes in the form of a code produced via an authenticator application or delivered as a text message to a mobile number you have on file with the service. You should turn this security feature on across every service that makes it available.

Scammers frequently use phishing emails that mention a widely publicized cyber-attack as a way to lure in people who are clients of the compromised business. At times, these con artists possess personal details they acquired from the security incident or another source, which they use to make their communications sound more convincing. Never select a hyperlink or download a file from a message via email, SMS, or social media unless you have absolute certainty that it is authentic. This action might lead to a counterfeit website or install malicious software engineered to harvest your private information.

Image Credit - Freepik

Keep a Close Eye on Your Credit

M&S informed its potentially impacted customers that they might get deceptive emails, phone communications, or text messages pretending to originate from the retailer, so they should exercise caution. The company also reminded everyone that its representatives will never reach out to request personal account details, such as account login names, and they will absolutely never ask a customer for their password. If an individual claims to represent a company you do business with and you feel anything less than 100% confident about their identity, you should delete the message or end the call. Should you wish to follow up, find the organization's official contact information yourself to verify the communication.

When your private information gets compromised, it becomes prudent to keep a watch on your credit history, which is the comprehensive dossier of your economic past that creditors use to evaluate your risk. This helps you detect whether criminals are trying to secure credit or alternative financial items using your credentials. As an example, should your workplace suffer a digital breach, the details that might have been unlawfully accessed could encompass your full name, residence, birthdate, National Insurance identifier, bank information, salary details, and occasionally even identity papers like your passport. A genuine risk exists that this sort of information can be consolidated and applied to perpetrate identity theft.

Rethink Social Media and Shopping Habits

In the United Kingdom, the main credit reporting agencies are Experian, TransUnion, and Equifax. You have different options for accessing your credit file, with some methods being free of charge and others requiring payment. Both ClearScore and Credit Karma provide lifetime admittance to your credit history at no cost. Experian provides a service called Identity Plus. It oversees your private, monetary, and credit data, and notifies you upon finding any questionable activity. This is a paid subscription, but an organization might cover the expense for you if your information was compromised in a breach on their systems.

Should you receive a rejection for a loan, a new credit card, or another financial product despite possessing a solid credit score, or if your bank statements mysteriously stop arriving, it might be an indication that another person has co-opted your credentials. More telling signals include receiving letters about debts you did not incur or noticing a purchase you did not make on your bank transaction history.

Image Credit - Freepik

Protect Your Data Online

Stay vigilant when using social networks. Banking industry sources report that the majority of financial and retail frauds originate from social networks and key tech sites. Once more, you must stay alert because swindlers may have acquired personal information which they can leverage to create the illusion you are engaging in a dialogue with a trusted person. Recent times have seen a significant surge in "Hi Mum" schemes, where criminals impersonate friends or family on platforms like WhatsApp. A person might contact you, posing as a close relative, claiming they have a new mobile device, are blocked from their bank account, and need you to transfer money for an urgent bill. Do not feel pressured to move funds, regardless of the claimed urgency. Pause to confirm you are genuinely in touch with a relative or friend.

When you complete a purchase online, sellers frequently present the option to save your card information for a more streamlined checkout process in the future. In some instances, you must actively unselect a checkbox to prevent this from occurring by default. By consenting to this, you might be authorizing a third-party service, instead of the merchant you're making a purchase from, to hold onto your details. Your card information has a smaller probability of being illicitly acquired if you avoid letting it be stored across more retail systems than absolutely needed, even if this means your future purchases take a bit more time.