Limit the damage of data theft

Asset 35

I’m a victim of data theft; what do I do now?

Posted on 10 November 2017 by Beaming Support

With a new data breach appearing to hit the headlines each week, data theft is on the radar for anyone that’s created an online account in their lifetime (so that’s probably anyone reading this!).

It’s wise to keep an eye on your accounts for suspicious activity such as log-ins from a location you have not recently been to or credit/debit card transactions you have not authorised.  If you believe you may have been subject to data theft, we’ve got some steps to take to prevent further damage and hopefully reclaim what’s been taken.

1.Find out what’s been stolen. Of course, you need to know what information might be available to criminals looking to perpetrate a data theft. Visit https://haveibeenpwned.com/ and enter your email address or a user name for a specific account. The website will tell you if your details have been compromised, which account was compromised and what details were known to have been stolen in the breach.

2.If password data was stolen, change your password for that account immediately (even if you’re advised that the information was encrypted) and if you used the same password for other sites, make sure you change that too. We recommend using different passwords for each account, in case of future breach. Once criminals have your password and username for one service, this information can be entered into a piece of software used by criminals to check whether the same log in details have been used on other sites. It makes it really important that passwords for critical accounts such as your email are always different to passwords you use for other tasks, such as online shopping.

3. Sign up for two factor authentication (2FA) on any sites that offer it. Many more websites and services are now offering 2FA as part of their sign in process. In order to log in to an account with 2FA enabled, the user must provide not only their usual log in details (username and password), but an additional piece of information that only they have access to. For example, upon logging in to an email account from an unusual location, your email provider may send a text message including a special one off code to your mobile phone. The code must be entered before access to the account is granted. This adds an extra layer of security and ensures that a criminal with your account log in details will be unable to access your account, unless they also have your telephone.

4. If card details were stolen, contact your bank immediately. Ask for an alert if they detect suspicious activity (many banks will do this anyway) and for a new card to be issued, with the old one cancelled. Usually if your card details have been stolen and the issuing bank is unable to prove that you were careless or negligent in “losing” them, then they will refund the money. Read more:  http://www.which.co.uk/consumer-rights/advice/my-card-has-been-lost-or-stolen-and-used-to-purchase-goods

5. Make social media accounts private and be careful to remove any “friends” or “followers” you aren’t certain you know in real life. Many people make information freely available online that can be used to commit data theft. Once a criminal has an email address and password that belongs to you, imagine how much more information they could gain access to if they knew your date of birth, mother’s maiden name and place of birth. Most people’s social media pages give this information away quite easily.

6. Monitor your credit report for accounts opened in your name. With the information they’ve gleaned about you, criminals may use your data to open credit accounts and borrow money. A credit reference agency will provide a report and can help you to contact lenders to help resolve the problem if a credit account has been falsely opened in your name.

Need more guidance on cyber security?

Beaming’s Business Guide to Cyber Security will help you identify weak spots in your business and gives practical guidance on protecting against cyber attacks.

  • This field is for validation purposes and should be left unchanged.

Improving your business’s cyber security

  • This field is for validation purposes and should be left unchanged.