How to know if your data has been compromised? Data breaches are security incidents we hear about every day now. They affect every industry, every sector, and every county; victims ranging from small independent businesses to large Fortune 500 corporations.
IBM estimates that the average cost of data breaches for U.S. companies in 2021 is $4.24 million, with an average increase of $1.07 million if remote work is involved — a statistic for businesses now adapting to work-from-home and hybrid work arrangements.
However, talking about the millions of dollars businesses spend on repairing compromised systems, completing network forensics, improving defenses, and paying legal fees doesn’t necessarily reflect all the losses borne by individual customers affected by data breaches.
For individuals, losses can be more personal. Financial losses can be one aspect, but losses can also come in the form of salaries, savings, and investment funds.
Here’s how data breaches happen, how they affect you, and what you can do to fix them.
How did the data breach happen?
According to IBM, the most common initial attack method for cyber attackers to break into a company’s network is to use compromised credentials. This is responsible for 20 percent of data breaches.
These credentials may include account usernames and passwords, which may have been leaked online, stolen in separate security incidents, or leaked through brute force attacks, where attackers use automated scripts to try different combinations to crack the easy-to-guess password.
Other potential attack methods are:
- Magecart attack: Companies such as British Airways and Ticketmaster have experienced this type of attack, where malicious code is quietly injected into e-commerce payment pages to steal your payment card information.
- Malicious code injection into website domains and forms: The same strategy can be used to obtain other forms of data from customers and site visitors, including stealing data when unwitting victims access legitimate services.
- Business Email Compromise (BEC) Scams: BEC scams require the attacker to pretend to be a company employee, contractor, or service provider. They lock email threads or contact staff — such as those working in payments or customer service — to trick them into handing over information or making payments to the wrong bank account based on invoices.
- Insider Threats: Sometimes employees are sharpening their knives, or cyber criminals make offers to them that they didn’t refuse. This could cause your information to change hands. For example, the arrest of a Russian national for trying to recruit employees of a U.S. company to install malware on his employer’s network.
- Negligence: Insecure servers – which may remain open and exposed online due to misconfigurations, are a major cause of data exposure and breaches. Information can also be accidentally leaked by employees.
- Falling into Spam and Phishing Traps: On an individual level, cybercriminals will try to get you to leak your Personally Identifiable Information (PII) and account information through spam emails, phishing domains, and more.
My Data has been compromised. What would an attacker do?
An attacker might start by monitoring, mapping the network to find out where the most valuable resources are—or discovering potential ways to jump into other systems.
Verizon says 71 percent of data-related incidents are financially motivated. Attackers may deploy ransomware to blackmail victims into paying a fee to regain access to the network. In a so-called “double extortion” tactic, hackers may first steal confidential information and then threaten to leak it online.
Or, some might just hit and run, steal the intellectual property they want, and then erase their traces. Others may test their access points and sell them to other cyber attackers via the dark web.
In some cases, network intrusions are done for just one reason: disrupting services and harming companies.
Some criminals download the data and make it freely available online, posting them on resources like PasteBin.
What is the dark web?
The Internet as a system can be divided into three layers: the bright web, the deep web, and the dark web.
- Clearnet: Clearnet is the internet that most of us use every day. Millions of websites and pages are indexed by search engines and you can access them using a typical browser like Safari, Chrome, or Firefox.
- The Deep Web: The Deep Web is the next layer of the web that requires a specific browser to access. VPN and Tor networks are usually required. Websites are indexed using .onion addresses, and the entire web is based on the principles of security and anonymity. This facilitates legitimate applications—such as circumventing censorship—but also facilitates illegal behavior.
- Dark Web: The dark web is a layer further down, which is the area associated with criminal activity. Information, illegal products, drugs, weapons, and other illegal materials may be sold here.
The terms dark web and deep web are interchangeable.
How has a data breach affected you?
If, as a user or customer, your data is compromised, your records may also be exposed, stolen, or leaked online, as follows:
- Securitas: In January, researchers disclosed that unsecured AWS buckets belonging to the security firm were exposed online. Airport employee records and personally identifiable information were compromised,
- Shanghai Police Department Database: In July, reports emerged that data collected by the Shanghai Police Department was found to be sold on the dark web, involving the data of about 1 billion Chinese citizens.
- Robinhood: A security incident in 2021 resulted in the theft of personal information and email addresses of approximately 5 million people.
- Facebook: In 2021, data containing the information of 553 million users was published online two years after it was stolen.
- Volkswagen, Audi: Last year, the two companies admitted to a data breach affecting 3.3 million customers and interested buyers.
Your personally identifiable information (PII), including your name, address, email address, employment history, phone number, gender, and copies of documents such as passports and driver’s licenses, can be used for identity theft.
Identity theft is when someone uses your information to impersonate you without your permission. They may use your identity or financial data to commit fraud and crime. This can include tax-related fraud, opening lines of credit and loans in your name, medical fraud, and making fraudulent purchases online.
Criminals can also call companies like your telecommunications service provider and pretend it’s you to trick customer representatives into revealing information or changing services during SIM swapping attacks, etc.
These situations can affect your credit score, and make you financially responsible for loans or payments you didn’t agree to. In addition, they can cause serious stress and anxiety when your name and property are stolen. Because cybercrime is global, it is also difficult for law enforcement to prosecute perpetrators.
There may also be blackmail. When the Ashley Madison data breach occurred in 2015, cybercriminals contacted some users, threatening to tell their partners, friends, and colleagues what they had done if they didn’t pay.
How do I know if I have been affected by a data breach?
Often, your service provider will contact you via email or letter stating that your information has been compromised. However, it may take weeks or months for these companies to contact you – if they still do.
So you can also keep an eye on the news for any recently disclosed data breaches, and you can also use some handy tools:
Have I Been PWNed?
Run by security expert Troy Hunt, Have I Been Pwned is your go-to resource for finding out if you’ve been affected by a data breach and how much your data was compromised.
The search engine allows you to search by your email address or phone number, and flags all breaches containing your data by cross-checking the billions of breached records in the Have I Been Pwned database.
If you enter your details and get a green screen result, congratulations, you haven’t been caught in any notable data security incident. However, if you are affected, you will see a screen like the one below, telling you which data breach affected you.
If you use a password manager, such as 1Password, Keeper, or Dashlane, it may offer a leak monitoring service that will alert you when your passwords have been compromised.