What to do if your data is part of a major breach
By Michael Lloyd
You pay for goods and services daily with the knowledge that the company you're paying is likely storing some of your information somewhere, but you may not have considered that it might be unsafe -- until now.
Blue chip companies appear to be leaking customer data left, right and centre at the moment. Corporate giants including TalkTalk, British Gas, Vodafone, Marks and Spencer and even the UK government reportedly exposed customer information or succumbed to hackers in the last quarter of 2015. In 2016, Tesco Bank was victim to a data breach.
In many cases, the information obtained in cyberattacks and data leaks won't contain enough detail to allow hackers direct access to your bank or credit card accounts. Most companies store account information in redacted form on their databases, blanking out key portions of customers' card and account numbers. However, cybercriminals will look to use the information they steal in other ways.
For instance, much of the data accessed in these types of attacks and leaks makes its way into marketplaces on the so-called dark web, meaning you can't just Google them. But fraudsters looking to target vulnerable people know how to find these marketplaces, and they go there to shop for data.
If you suspect your personal details may have been accessed in a breach, you'll need to take action to protect yourself.
your bank or credit card issuer.
If you suspect any of your banking or credit card information may have
been accessed in a cyberattack or leak, contact your bank or card issuer.
"Pre-emptive action is important," Simon Dukes, chief executive of fraud prevention service Cifas, said in an emailed response to questions. "If you are a victim of a data breach then you should tell your bank or card issuers that your details have been compromised."
They may decide to monitor your accounts for suspicious activity. Doing this may also work in your favour if anyone accesses your accounts fraudulently, as you'll be able to say you've taken steps to protect yourself, letting you off the hook for liability.
on the alert for vishing and phishing attacks.
Scammers are increasingly using hacked data in vishing attacks, in which they call potential victims and pretend to be from the compromised company. These vishers are convincing, and often gain information that allows them access to victims' bank or credit card accounts. Alternatively, thieves may persuade targets to grant remote access to their computer, exposing online banking facilities and other valuable personal information.
Never grant remote access to any of your devices or disclose your PIN, online passwords or card details to a cold caller, regardless of how much information they seem to have about you or your relationship with the company from which they claim to be calling.
"Fraudsters can sound very plausible in the wake of a breach, but it's important to understand that no legitimate organisation will ever ask you to do this," Dukes said. "Also, if you willingly divulge information or transfer money to a fraudster, then you may be liable for losses that occur as a result. Be alert, be cautious, be prepared. And if you have elderly or vulnerable friends or relatives who have been affected by a data breach, make sure they are [prepared], too."
Hackers might also send you emails or text messages (called phishing and smishing, respectively) that purport to be from the hacked company, asking you to click a link and update your personal information. Cybercriminals can then use the details you enter -- along with any other information they already have about you -- to access your accounts. Clicking links may also download malware onto your device, which criminals can use to harvest your personal information.
If you receive any suspicious phone calls, emails or text messages, call the company using the number on the back of your card or on the company's official website.
Move quickly to change passwords on any hacked accounts. If you use the same login details for any other accounts, change them there, too. Hackers know that many people use the same password across all their accounts, and may try to access any accounts they can.
The government's Cyber Streetwise campaign advises using three random words for your passwords. You can also choose a phrase, then use the first letter of each word in the phrase as your password. For example, "The quick brown fox jumps over the lazy dog" becomes "Tqbfjotld". Make it even more secure by adding numbers and symbols, or capitalizing certain characters.
You should not be using the same password for all your accounts, so if you do, consider changing your login credentials, regardless of whether or not you suspect your data was compromised.
your accounts and credit record.
In addition to keeping your own eye on your accounts for fraudulent activity, consider signing up for credit record monitoring services. These will alert you if anyone tries to make credit applications in your name, and offer some protection if hackers attempt to steal your identity. All of the credit reference agencies offer these types of services, and if you're a TalkTalk customer, you can get a year's worth of free monitoring from Noddle, as a precaution after its data breach.
If a company you do business with has failed to keep your data safe, you might want to reconsider your relationship with it. Contact the firm in question to find out if it will allow you to terminate your contract. However, some companies may charge a fee if you terminate a contract before it's over.
Updated: 9 November 2016
- Industry responds to FCA's proposal on persistent credit card debt – Here's what industry experts have to say about the FCA's proposal to help credit card consumers in "consistent debt" ...
- Open banking FAQs answered – What is the new "open banking" initiative, how will it work and how will it benefit you? ...
- FAQs on FCA proposal for helping consumers with persistent credit card debt – The FCA is suggesting new rules for credit card companies to help those with "persistent debt". Here's what you need to know ...