Data Breach: Don’t Let it Get You!
by Amruta Phansalker
Check out the end of this post for a fun quiz to see if you can spot potential data breaches!
We hear of data breach incidents often. But what are they exactly, and why should we worry about them?
Did you know that your data can be accessed in an unauthorized manner, and then sold for a profit? Whether the authorized owner is you or a large corporation, breached data is precious because it can be sold for a tidy sum. Take the case of MySpace, where data belonging to 360 million users was accessed and put up for sale on the dark web. [1] But the thing about data breaches is that they are not always as drastic as the breach at Myspace. Often, data breaches are surreptitious, such as when an unsuspecting individual has someone “peep into their computer” and get a good look at confidential data.
Why are data breaches so often talked about?
The pervasiveness of the internet means that people are now information foragers, meaning that their internet behavior is characterized by brisk decisions. [6] It is not uncommon to visit multiple websites, navigate between web pages, and exit them equally rapidly, all the while sharing data. Think about the number of times you answered surveys, filled out forms, shopped online, uploaded photos, wrote emails, or left comments on blog posts all in the same online session.
With our data becoming digital, cybercriminals need to find innovative ways to access your data. Interestingly, many data breaches are simply a result of “everyday occurrences” such as loss of phones or accidental exposure of data. These seemingly smaller incidents are twice as likely to occur as larger, more dramatic breaches.
It is not just companies that should be concerned about data breaches. You and I should be, as well.
Companies have a good reason to worry about data breaches, given the losses they may incur. But that doesn’t mean that you and I are not vulnerable. There are many types of breaches you could encounter in the ordinary course of life. Here are a few examples [4]:
- Malware
This refers to a special type of computer program that harms your computer or gains access to your data without your knowledge. Common methods for distributing malware include email attachments, malicious applications, or suspicious websites.
- Password attacks
In a password attack, an attacker submits multiple passwords and passphrases in the hopes of getting the correct password. Once the attacker gets the correct password, the data protected by that password is exposed.
- Phishing
Phishing attacks involve emails that purportedly come from credible institutions such as banks. The emails employ deceptive strategies to gain access to your personal information. Have you ever received an email from your bank asking you to reset your password, but the sender address looked strange? If so, this might have been a phishing attempt.
- Credit Card Skimming
Credit card skimming uses a special type of a chip to steal information stored on your credit cards. This is typically achieved by hiding the chip in ATMs, payment terminals, or gas pumps that have been compromised. Financial data stolen in this way is either sold or used by scammers to make their own fake credit cards. [3]
- Recording Key Strokes
This is a type of a data breach where a special type of malware called a keylogger records everything that you type, such as your password. The “logged” data is then accessed and either sold or used for other fraudulent purposes. [4]
- Negligence
Theft of computers, laptops, or phones are common accidents which are very likely to happen. Sometimes though, mere carelessness might be at fault. For example, imagine a case in which you are not careful while accessing your financial data and somebody “looks over your shoulder” and sees your data. [7]
What happens to this stolen data?
Skimming equipment: $300, Counterfeit card equipment: $5,000, Using a fake credit card: Priceless. [3] You read that right! Stolen data is precious, and it can be used to make a lot of money. Cybercriminals will typically make an inventory of your data by first carefully categorizing it and then packaging it. Personal data as well as financial data can be sold in bulk, with the most recent data fetching the highest price. A full set of a person’s information such as social insurance number and address fetches anything between $1 and $ 450. [5] With financial data however, thieves can get a little creative. For example, a stolen credit card can be used to create fake cards, which in turn are sold or used inappropriately. Cybercriminals also specifically target more lucrative accounts. For example, military addresses are valuable and hackers can use them to breach government networks.
Protecting your data is in your hands
Personal data is precious and needs to be protected. Here are a few simple security tips to help you avoid having your data stolen [4]:
- Beware of Malware
Malware is typically distributed via emails. Don’t download attachments or install programs if the sender of the email is unknown to you. [11] You can often report suspicious emails via your email provider. If you receive suspicious emails to your work email, immediately inform your IT team or your supervisor.
- Protect your passwords.
Think of passwords that are not easy to guess and make it a habit of committing them to only your memory or to a digital vault which can only be accessed by you.
- Don’t let them phish!
Do not succumb to phishing attempts. Credible institutions such as banks or email providers will never ask for your sensitive data over email. If you receive such emails, either report them or ignore them.
- Swipe your cards with care.
Skimmers usually tamper with unattended card swipe machines or ATMs in inconspicuous locations, which is why it is always a good idea to use an ATM at popular locations. If you notice suspicious transactions in your credit card statement, report them immediately.
- It makes sense to be careful.
Public networks are vulnerable to security attacks, which is why you should access sensitive data such as bank details only on personal computers. For example, shared computers could have keylogging software, which means that every keystroke on that computer is recorded. Be cognizant of your surroundings when you are accessing your data. Remember, a peek over your shoulder can result in an inadvertent data leak!
It goes without saying that data breaches cannot be completely averted. However, simple safety habits are a great start because they contribute to making you “digitally safe”.
Has your data ever been breached? What made you aware that it was a data breach? What steps did you take when you discovered the breach?
References
[1] Swinhoe, D. (2021, January 8). The 15 biggest data breaches of the 21st century. CSO Online. https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html
[2] Ponemon Institute. (2020). Cost of a Data Breach Report. https://www.ibm.com/security/digital-assets/cost-data-breach-report/#/
[3] Barker, K. J., D’Amato, J., & Sheridon, P. (2008). Credit card fraud: awareness and prevention. Journal of Financial Crime, 15(4), 398–410. https://doi.org/10.1108/13590790810907236 [note: this resource is not open access]
[4] Moshkovich, D. (2020, September 9). 7 Most common types of data breaches and how they affect your business. HubStor. https://www.hubstor.net/blog/7-common-types-data-breaches-affect-business
[5] Collins, K. (2015, September 15). The price of a stolen identity on the dark web. Quartz. https://qz.com/460482/heres-what-your-stolen-identity-goes-for-on-the-internets-black-market/
[6] Baker, M., & Abel, S. (2013). Every Page Is Page One: Topic-Based Writing for Technical Communication and the Web (Illustrated ed.). XML Press. [note: this resource is not open access]
[7] Edwards, B., Hofmeyr, S., & Forrest, S. (2016). Hype and heavy tails: A closer look at data breaches. Journal of Cybersecurity, 2(1), 3–14. https://doi.org/10.1093/cybsec/tyw003
[8] Kemp, S. (2021, February 11). Digital 2020: October Global Statshot. DataReportal – Global Digital Insights. https://datareportal.com/reports/digital-2020-october-global-statshot
[9] Statista. (2021, March 3). Cyber crime: number of breaches and records exposed 2005–2020. https://www.statista.com/statistics/273550/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/
[10] Authors, T. G. (2018a, October 23). Survey: Nearly Half of U.S. Adults Experienced a Data Breach in the Past Three Years. The State of Security. https://www.tripwire.com/state-of-security/security-awareness/survey-personal-data-breach-results/
[11] Security Breach Examples and Practices to Avoid Them. (n.d.). UC Santa Cruz. https://its.ucsc.edu/security/breaches.html
Written by Amruta Phansalker
Edited by Rachael Bradshaw
Featured image : Data by JohnsonGuo (CC by 0 1.0) from Wikimedia Commons.
People said…