Everything you need to know about a data breach

Every now and then, we hear a familiar headline: A company suffered a data breach, and now millions of customers’ details are exposed. A recent example? In August of 2019, a  Chinese group of hackers called “Fallensky519” was reported to have hijacked a health care site in India, stealing the personal information of around 68 lakhs of doctors and patients. It was later confirmed that the group was selling all the data on the dark web.1

We give companies a lot of information about ourselves – addresses, financial details – and place a lot of trust in them to keep it safe. It’s never fortunate when a business that you are associated with suffers a cybersecurity incident, especially a data breach. But it’s an unavoidable reality in this day and age.2

Many people still get confused when they hear about data breaches – what they are and how they affect our privacy. Once you have a good understanding of that, you might want to implement some better practices to keep your private data a little bit safer.

What is a data breach?

A data breach occurs when a cybercriminal or unauthorised user breaks into a company’s internal network and gains access to the files that contain customers’ information. While they may or may not take that information, simply knowing that they had access to it is reason enough to believe that all the information has been compromised.

Information that’s commonly targeted during a data breach includes:

• Email addresses
• Passwords
  
• Physical addresses
  
• Full names
  
• Ages
  
• Credit cards and debit cards
  
• Government-issued information (like your Aadhaar Card Number)
  
• Answers to recovery questions
  
• Purchasing habits
  

All of this information can be used by cybercriminals in future attacks, including identity theft, blackmailing, or worse of all, your data could be sold on the Dark Web. Email addresses and passwords, for instance, can be used as fodder for credential stuffing attacks. It’s a type of cybercrime where someone uses software to run through thousands of email and password combinations in minutes, hoping to gain access to someone’s account. At times, they get lucky, which ultimately means that more victims suffer from data loss.

New regulations like the General Data Protection Regulation (GDPR) might be implemented all over India in the not-so-far future to hold companies more accountable for how they handle customers’ personal data. While brands with household names put crores into their cybersecurity, start-ups and smaller businesses often lack the funding to do so and can be prime targets for cybercriminals.

How can a data breach affect you?

Victims of data breaches are almost always removed from the cybercrime scene so that it would seem no hijacking occurred in the first place. But even without your knowledge of the heist, data breaches are a big deal because of the effects you might have to endure in the later future.

Once a company suffers from a data breach, it’s likely that the customers might not trust in their services again since they’ve failed to keep their pledge to protect the information collected. It’s extremely difficult to remain trustworthy after all the precious data of assigned purchasers are lost to cybercriminals, including their financial details. They could have enough personal information to take out loans in the victims’ names, make large purchases, and generally impersonate innocent people.

Many people tend to use the same password across all of their accounts, even though it’s not a very good idea. If a cybercriminal were to learn only one of those passwords in a data breach, they could then have access to all of the victim’s accounts that use it. Although GDPR laws are set to pass in India as well, many companies still don’t immediately announce a data breach. This might lead a cybercriminal to gain access to multiple accounts before a victim even realises it.

The good news is that when a data breach is announced, companies often offer a remediation package for those who were involved.

How to protect your data online

Cybercrime has evolved, and data breaches are a great example of that. While you might not have the power to stop a company from suffering a data breach, you could improve your online habits and increase the chances of your data protection so that you can prevent a hacker from exposing your info. Adopting best practices and using solutions like Norton 360 helps protect against cyberthreats.

When it comes to protecting your information, here are a few tips that’ll help:

• Be careful of who you give your information to. While you can’t get away from giving your details to your phone company or favourite retailer, think hard about whether if you really want that new e-commerce website or news outlet, that you’ll probably never visit again, to have your email address and financial details. Larger companies have better cybersecurity, while many smaller companies simply don’t have the resources to protect your data. It’s best if you initially choose an experienced firm, or enquire about the security info of the specific site you’re going to subscribe to.
• Create different passwords for all of your accounts. It might be easier to use the same password for all of your accounts, but the hacking risk will be high even if only one of those is breached. Use a password manager like the one included in Norton 360 to keep track of all your account details and make it more difficult for cybercriminals to access them.3
• Install antivirus software. Companies aren’t the only ones who can leak personal information to cybercriminals. If your computer gets a virus or malware infection, you could be responsible for giving up your personal and financial information. Use antivirus software to help protect against cyberthreats.
• Use a VPN online. Suppose you’re giving personal information to companies when you’re online banking or shopping on a public Wi-Fi connection. In that case, you could be handing it over to cybercriminals at the same time since you’re using a network that can be easily compromised by hackers, who could possibly steal information that’s transmitted over it.4  Using a VPN to encrypt your data and traffic would be the best solution.

Above all, while data breaches are primarily a company’s responsibility to prevent, users can also stay aware of such cyberthreats roaming online and take different steps to protect their data. As mentioned before, installing a strong antivirus on your devices would be enough to secure your privatized info from being hijacked by the cyberthieves. Security software like Norton 360 can go a long way in helping to protect against many other cyberthreats, including data breaches.

1 https://www.csoonline.com/article/3541148/the-biggest-data-breaches-in-india.html#:~:text=Hackers%20steal%20healthcare%20records%20of%206.8%20milli on%20Indian%20citizens&text=Details%3A%20Enterprise%20security%20firm%20Fir eEye,Chinese%20hacker%20group%20called%20Fallensky519.

2 https://www.nortonlifelockpartner.com/security-center/online-safety-scams-phishing-spoofing-hoaxes.html

3 https://www.nortonlifelockpartner.com/security-center/strong-passwords.html

4 https://www.nortonlifelockpartner.com/security-center/public-wifi-risks.html