What to do if your personal information has been compromised.
Do you think your personal information has been compromised? You’re probably worried? Yes. For good reason. If your personal data falls into the wrong hands it can be used for criminal activity and fraud. Identify theft created from compromised personal data is a huge problem across the world. In 2017, nearly 60 million Americans were the victims of identify theft.
Anyone using the internet is vulnerable to security breaches and malicious threats. These can lead to unintentional consequences and leakage of information. Personal information: names, social security numbers, bank account information, credit card details, phone numbers and email addresses are all pieces of valuable information that — once stolen — can be traded on the dark web.
Same goes for corporate firms and financial institutions, they also bear the risk of security breaches and information theft. Without serious implementation of firewalls and another security setup, data hackers can access a company’s private information.
How information gets compromised?
Apart from common online threats: phishing, spyware and hackers. You should also be mindful that many instances of personal information leaks occur by simple human error such as misplacing documents, losing computer equipment or just sending information to the wrong recipient.
A few examples of how data might be compromised in companies;
- Non-standard processes are used for data protection and migration
- Could be an employee of the company mixed with attackers
- Weak security infrastructure
- During the migration of information, a serious virus took over the system
- Unauthenticated access to the personal information of the organisation
Motives behind the breach
Whenever a security breach takes place and personal, as well as financial information, is stolen; you should be considering all the possible factors. There could be tons of motives and objectives of the hackers behind the breach, and most common ones are listed below:
- Access to the financial assets of the company/organisation/individual.
- Using the personal information of the company, or employees, for blackmailing or other leverages.
- Just staying back and to spy over all the crucial activities of a company for its third parties or competitors.
- Installing crucial malware in the systems and taking control of everything including all the financial transactions taking place.
There could be various motives behind an attack or hacking to gain a company’s or your personal information. But, the most important thing is, what to do when your personal or financial information gets leaks either deliberately or accidentally…. This is where GDPR comes in.
What is GDPR?
Known as General Data Protection Regulation which operates in Ireland and most other European countries. GDPR give more data protection rights to individuals by setting standardised guidelines across the board.
This means you will have more control over the privacy of your personal data. A breach under GDPR rules is a serious offence for a company, that could result in a fine of up to €20,000,00.
Under GDPR personal data is defined: ‘as data that can identify a living person.’ Under GDPR rules: a company must notify you within 72 hours if they have experienced a data breach of your personal information.
What to do?
You have received a data breach notification from a company that indicates that your data has been compromised. Firstly, look to what steps have the company taken to protect your data? Then…
Change your passwords
When someone has access to all of your personal and financial accounts they can cause a lot more damage than you think; you could be deprived of your accounts forever, or even money if they get their hands on it!
Try to change all your passwords within an hour of the hacking. This is the safest time limit advised by the authorities, during which you can pull back the control of these accounts. Log every unauthorised user out, and use two-factor authentication.
Investigate what got stolen?
Get to know what got stolen from you! If it was some casual or public information from a website or a bunch of usernames without any other data, then you might be okay.
But if it was sensitive personal information or financial credentials, then you will have more to worry about. Finding what was actually stolen from you will help you tackle the situation. That is why you should know what was actually taken from you in the breach and act accordingly.
Contact your financial institutions
Sometimes companies don’t know they have been hacked for several weeks, but you might have noticed unusual charges on your bank statements recently, this is often one of the first signs that your personal data might have been compromised.
You should contact all relevant financial institutions immediately. Inform them of the unusual activity and that you suspect that you may have been a victim of a data breach.
If it’s identity fraud?
Someone that steals your personal information such as bank details, ID cards, social security numbers they could try to impersonate you. This is a serious matter. If someone is impersonating you, it is a criminal offence and should be reported to the Gardaí.
If your data was stolen and the theft resulted in financial loss, then under GDPR rules you have a right to seek compensation. But, what about if your loss was psychological? GDPR also allows for compensation for distress caused by having your personal data breached or misused. You can find out more about data breach and GDPR here.
Criminal and hackers are devising more ways to access your personal data online; it’s important to use as many methods as possible to protect your identity, be careful what information you share online and remember to check companies’ data protection policies.