What you need to know about the effects of data breaches

9 Feb 2021

Image: © NicoElNino/Stock.adobe.com

A new report examines how data breaches can put individuals at risk of cybercrime and how people can protect themselves online.

Data breaches are a common challenge in today’s world. Last month, a report from DLA Piper showed that there was an average of 331 breach notifications per day in Europe over the previous 12 months.

It also highlighted some of the largest GDPR fines issued to date, including a €450,000 fine for Twitter for a data breach discovered in 2018 and a €35m fine for H&M in Germany for storing and exposing employees’ personal information.

But when major data breaches hit the headlines, what does it mean for the individuals whose data has been compromised? How would someone even find out if they have actually been compromised?

In a recent survey from security company F-Secure, almost one in five respondents knew they were using one or more online services that had been breached. Of those, 60pc reported experiencing one or more types of cybercrime in the previous year.

F-Secure surveyed 4,800 people across 12 different countries: Brazil, Finland, France, Germany, Italy, Japan, Mexico, the Netherlands, Poland, Sweden, the UK and the US.

The survey, which was conducted in May 2020, asked participants a variety of questions about their internet habits, their experiences of cybercrime and any measures they take to protect themselves and data from online threats.

Laura Kankaala, a security consultant with F-Secure, said personal information stolen from organisations can then be easily used against people through identity theft or fraud. “With more and more information being stored digitally, what criminals can do with people’s information keeps getting worse,” she said.

‘It’s kind of like if someone broke into your house. Even if you’re able to buy back the belongings you lost, it does leave you feeling vulnerable’

While the immediate news of a data breach at a company might not resonate with individuals straight away, Kankaala said one of the biggest problems comes when exposed credentials such as passwords are reused.

“Sometimes even companies don’t recognise they have been breached, or they may become aware of the breach only after a long period of time. The problem is that the impact of a breach can really expand in the case of a reused or guessable, ‘generated’ passwords,” she said.

“So, if some small online store is breached but the victim has reused their password for their private email where they recover all other accounts, the impact may spread all thorough their online accounts.”

Notably, the F-Secure survey found that of those who had used an online service that had been breached and had experienced cybercrime, 69pc said they reused passwords with slight variations.

Cybercrime was more common among survey respondents with kids than without. According to the survey, 36pc of respondents with kids experienced some sort of cybercrime in the 12 months prior to filling out the survey, compared to 23pc of respondents without kids.

Staying safe online

While individuals can’t prevent major data breaches from happening, they can take steps to ensure their own accounts and passwords stay as protected as possible.

For a start, every password for every online service should be different. This does not mean variations of the same password, but rather entirely different codes. Unfortunately, by making them easy for you to remember, you’re also making it easier for cybercriminals to take advantage.

The good news is that there is a variety of password managers that will take the sting out of this problem. Enabling two-factor or multifactor authentication is another important step to staying secure online. While any type of multifactor authentication is better than none, it’s also worth familiarising yourself with the different types, as some may be better than others.

If you’re not sure if you’ve been affected by a data breach, a quick way to check is sites such as Have I Been Pwned?, which will flag if your email address has been involved in a breach.

According to the F-Secure report, once personally identifiable information is stolen, one of the easiest ways for attackers to profit is by selling it to other criminals either directly or using underground or dark web sites.

Kankaala said not only can recovering a hacked social media account be difficult, but people often don’t recognise the value of that data until it’s gone. “These accounts are not ‘just social media’ or ‘just email’ – they hold records of our past, pictures we may have not stored anywhere else or conversations that are either private or something we’ll miss once they’ve been deleted,” she said.

“[A] data breach can cause direct monetary or data losses to the victims. But more than that, it really impacts the way we see technology. It’s kind of like if someone broke into your house. Even if you’re able to buy back the belongings you lost, it does leave you feeling vulnerable.”

Jenny Darmody is the editor of Silicon Republic