Data breaches can be annoyances that force you to change your passwords, or they can lead to fraud and identity theft that can drain your bank account or wreck your credit. They often involve large companies or organizations that collect and store your personal information such as passwords or credit card information.
They may happen through deliberate hacking or malware attacks, or from companies negligently storing your information in a way that others can access it.
It’s very likely some of your personal information has been exposed through a data breach. From 2005 through 2018, an estimated 9,700 data breaches exposed more than 1.5 billion records in the United States, according to Statista, an online portal for global statistics and market research.
What Are Data Breaches?
A data breach happens when data is exposed from a company or organization’s computer system without the system’s owner authorizing it. The data may include people’s personal information such as email passwords and financial and medical information.
- DATA BREACH
- Data that’s left unsecured and vulnerable to hacking because of either negligence or malicious activity becomes exposed
- Cyber attackers break into a computer system to steal information or take control of the system until the business or organization pays a ransom
- IDENTITY THEFT
- A criminal steals and uses a person’s personally identifiable information for financial gain or other purposes
Data breaches can happen because of hacking or malware attacks, which use malicious software to take over a computer. But data breaches may also stem from: leaks inside an organization; skimming devices that steal credit card information; mistakes or negligence that inadvertently expose information; or the loss and theft of computers, drives or files.
Largest Data Breaches
The first data breach to compromise more than a million records happened in 2005. The number of breaches has grown significantly since then.
15 Major Data Breaches Between 2013 and 2018
|Marriott International||500 Million||2014-18|
|Friend Finder Networks||412 Million||2016|
|Experian (Court Ventures Hack)||200 Million||2013|
|Deep Root Analytics||198 Million||2015|
|Massive American Business Hack||160 Million||2013|
|Under Armour (MyFitnessPal)||150 Million||2018|
|Heartland Payment Systems||134 Million||2008|
|Target Stores||110 Million||2013|
|Firebase (a service from Google)||100 Million||2018|
In March 2019, Facebook announced that it had stored between 200 million and 600 million user passwords in a readable format. Cybersecurity journalist Brian Krebs reported that Facebook employees had been able to search the list since 2012. Many of those affected were users of Facebook Lite, which the company designed for users in areas with low connectivity.
What It Means for You
Your personal information may be valuable to cybercriminals. Gathering enough information may allow someone to steal your identity to apply for loans or credit cards or take over one or more of your online accounts.
- Your name
- Date of birth
- Social Security Number
- Member ID number
- Email or physical address
- Telephone number
- Bank account number
- Credit card information
- Medical information
Many data breaches may expose only limited information. But the 2018 Marriott International data breach is an example of a treasure trove of personal information being exposed.
The Washington Post reported in 2018 that the breach included passport numbers and other travel information for 500 million guests at the company’s various hotel chains. It included where people traveled and who they traveled with.
How to Protect Yourself
You can take steps to minimize damage ahead of a data breach. Having a different username and password combination for every online site you use is one of the most effective safeguards. If you use the same password for every site, a data breach in one could compromise the security of the others.
Strings of meaningless words along with symbols and numbers make for the safest passwords. Sites such as CorrectHorseBatteryStaple.net can generate these kinds of passwords for you.
Remembering several different complex passwords can be difficult or even impossible. A password manager can store your passwords, so you need to remember only your master password.
It’s also a good idea to activate two-factor verification if your online accounts offer it. It requires a code be sent to your phone or email to access an account from a new device.
Also consider using digital wallets such as PayPal, Apple Pay or Google Pay to make online payments. Digital wallets allow you to make secure payments and don’t store your credit or debit card information online.
Steps to Take After a Breach
While some states require companies to notify people affected by data breaches, there is still no formal way to see whether your information has been affected by a breach. Some companies may wait months or years before telling people their information has been compromised.
But if you do learn of a breach that involves your data, you should immediately take steps to minimize the damage.
Determine exactly what was exposed. Names and street address are the least harmful losses. But email addresses and passwords or credit and debit card information can be much more harmful. Consider requesting replacement cards.
Change your password on the affected account. If you use the same password elsewhere, change it on every website where you use it. Cybercriminals may try to use it elsewhere if they have your email address as well.
You should also monitor your credit report to spot suspicious or fraudulent activity. If the affected company offers you free credit monitoring, take it. But make sure you actually use the service. Be sure to check your credit report with all three major credit bureaus: Experian, Equifax and Transunion.
If you see suspicious activity, you should consider requesting the credit bureau to place a freeze on your credit reports. It will cost around $5 to $10, but it will not affect your credit score and it will prevent a thief from making charges to your accounts. You should still continue monitoring your credit reports.
Beware of phishing, spam and other fraud and scams following data breaches. Cybercriminals often attempt to trick people who may be affected by a data breach to give up more information. They may send emails with links to fake sites that look like webpages belonging to the affected company. Check the email address of the sender or the URL of any website to which it links to make sure it is legitimate. Or avoid the link entirely and go directly to the company’s website to search for information. Never give out your account password over the phone or by email.
Also consider filing your taxes early. If your Social Security number has been stolen, cybercriminals may file a fake return to get a refund in your name. Filing early can help you beat them to the punch.
15 Cited Research Articles
- Barnett, E. (2011, January 19). What Is the Difference Between Spam, Malware and Phishing? The Telegraph. Retrieved from https://www.telegraph.co.uk/technology/8267578/What-is-the-difference-between-spam-malware-and-phishing.html
- Cochrane, M. (2018, December 3). Why Data Breaches Should Scare You, and How to Protect Yourself. The Motley Fool. Retrieved from https://www.fool.com/investing/2018/12/03/why-data-breaches-should-scare-you-and-how-to-prot.aspx
- Irby, L. (2019, January 8). How a Data Breach Could Affect Your Credit. The Balance. Retrieved from https://www.thebalance.com/how-a-data-breach-could-affect-your-credit-960777
- Johansen, A.G. (n.d.). (n.d.). 7 Steps to Take Right After a Data Breach. Lifelock. Retrieved from https://www.lifelock.com/learn-data-breaches-steps-to-take-right-after-a-data-breach.html
- Lifelock. (n.d.). A Brief History of Data Breaches. Symantec. Retrieved from https://www.lifelock.com/learn-data-breaches-history-of-data-breaches.html
- Norton. (n.d.). What Is a Data Breach? Symantec. Retrieved from https://us.norton.com/internetsecurity-privacy-data-breaches-what-you-need-to-know.html
- O’Flaherty, K. (2019, March 21). Facebook Exposed up to 600 Million Passwords – Here’s What to Do. Forbes. Retrieved from https://www.forbes.com/sites/kateoflahertyuk/2019/03/21/facebook-has-exposed-up-to-600-million-passwords-heres-what-to-do/#44785c6fbc90
- Paul, K. (2018, April 3). Everything You Wanted to Know About Data Breaches, Privacy Violations and Hacks. MarketWatch. Retrieved from https://www.marketwatch.com/story/at-what-point-should-you-be-concerned-about-a-data-breach-2018-04-03
- Shaban, H. (2018, November 30). What You Should Do After the Marriott Data Breach. The Washington Post. Retrieved from https://www.washingtonpost.com/technology/2018/11/30/what-you-should-do-after-marriott-data-breach/?utm_term=.b3c2cb2c7e33
- Statista. (2019). Annual Number of Data Breaches and Exposed Records in the United States from 2005 to 2018 (in Millions). Retrieved from https://www.statista.com/statistics/273550/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/
- Telford, T. and Timberg, C. (2018, November 30). Marriott Discloses Massive Data Breach Affecting up to 500 Million Guests. The Washington Post. Retrieved from https://www.washingtonpost.com/business/2018/11/30/marriott-discloses-massive-data-breach-impacting-million-guests/?utm_term=.e1370b7a076c
- Trend Micro. (n.d.). Data Breach. Retrieved from https://www.trendmicro.com/vinfo/us/security/definition/data-breach
- Tressler, C. (2014, March 5). Data Breaches: What’s a Person to Do? Federal Trade Commission. Retrieved from https://www.consumer.ftc.gov/blog/2014/03/data-breaches-whats-person-do
- U.S. Federal Trade Commission. (2013, March). Free Credit Reports. Retrieved from https://www.consumer.ftc.gov/articles/0155-free-credit-reports
- Wagenseil, P. (2018, November 30). What to Do After a Data Breach. Tom’s Guide. Retrieved from https://www.tomsguide.com/us/data-breach-to-dos,news-18007.html