As more and more companies experience crippling data/security breaches, the wave of compromised data is on the rise. Data breach statistics show that hackers are highly motivated by money to acquire data, and that personal information is a highly valued type of data to compromise. It is also clear that companies are not sufficiently prepared for breaches. Between 2005 (when most data breach reporting began) and 2021, there have been over 12,000 recorded breaches. 3,950 of those confirmed data breaches occurred in 2020 alone, with a cyberattack effort occurring every 39 seconds. This is a reality which is getting worse every day.
What is a data breach?
A data breach is any incident where confidential or sensitive information has been accessed without permission. Breaches are the result of cyberattacks where criminals gain unauthorized access to computer systems or networks and steal the private, sensitive and/or confidential personal and financial data of the customers or users contained within. The U.S. Department of Justice defines a breach as “the loss of control, compromise, unauthorized disclosure, unauthorized acquisition, access for an unauthorized purpose, or other unauthorized access, to data, whether physical or electronic.” Our law firm views breaches as events which, at least generally, would not happen but for inadequate cyber security protocols. With the advent of cloud computing and increased digital storage, data breaches are more prevalent now than ever, often impacting millions of consumers in just one attack on a company, and whereby cybercriminals can access any of the following:
- Customer or patient names
- Telephone numbers
- Email addresses
- Medical health records
- Credit Card numbers and security codes
- Banking and other financial information
How Do Data Breaches Occur?
A data breach occurs when a cybercriminal infiltrates a data source and extracts confidential information. This can be done by physically accessing a computer or network to steal local files or by bypassing network security remotely. While most data breaches are attributed to hacking or malware attacks, other breach methods include insider leaks, payment card fraud, loss or theft of a physical hard drive of files and human error. One Verizon study tells us that 71% of breaches are financially motivated and that ransomware accounts for nearly 24% of incidents where malware is used. This is of major concern since, at least, 36% of external data breach actors in 2019 were involved in organized crime. The most common cyber-attacks used in data breaches are:
Ransomware is software that gains access to and locks down access to vital data. Files and systems are thereby locked down and a fee is then demanded, commonly in the form of cryptocurrency. The most common targets in such attacks are enterprise companies and businesses.
Malware, commonly referred to as “malicious software,” is a term that describes any program or code that harmfully probes systems. The malware is designed to harm your computer or software and commonly masquerades as a warning against harmful software. The “warning” attempts to convince users to download varying types of software and, while it does not damage the physical hardware of systems, it can steal, encrypt or hijack computer functions. Malware can penetrate your computer when you are navigating hacked websites, downloading infected files or opening emails from a device that lacks anti-malware security. Common targets in such attacks are individuals and businesses.
Phishing scams are some of the most common ways hackers gain access to sensitive or confidential information. Phishing involves sending fraudulent emails that appear to be from reputable companies, with the goal of deceiving recipients into either clicking on malicious links or downloading infected attachments, usually to steal financial or confidential information. The most common targets in such attacks are individuals and businesses.
Denial of Service (DoS)
A Denial of Service is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. It is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. The most common targets in such attacks are sites or services hosted on high-profile web servers such as banks.
Breaches Are On The Rise
According to recent surveys, 25,575 records are accessed in the average data breach. Since the beginning of (and due to) the COVID-19 pandemic, the FBI tells us that there has been a 300% increase in reported cybercrimes. In fact, by 2025, cybercrime will cost the world economy an estimated $10.5 trillion annually.
So, why is this happening? Well, for one, studies show that 38% of all users have passwords that never expire. Perpetual passwords are like ticking timebombs. What’s more, cybercrime protections at businesses can be wholly inadequate. In fact, 28% of data breach victims are small businesses, enterprises that typically lack the funding to institute sophisticated cyber security systems. But, whatever the size of the business, the inability to quickly detect and respond to data breach can be devastating. According to a 2020 study by IBM, the average time to identify a breach was 228 days. Just imagine what cyber criminals could do with your information during that span of time.
Some other alarming statistics include:
- Despite the very high number of publicized data breaches, the actual number of data breaches is likely far greater since many of those breaches have unknown numbers of compromised records.
- Social media data breaches accounted for 56% of data breaches in the first half of 2018. (IT Web)
- Cloud-based cyber-attacks rose 630% between January and April 2020. (Fintech News)
- Confirmed data breaches in the healthcare industry increased by 58% in 2020. (Verizon)
- More than 93% of healthcare organizations experienced a data breach in the three year period preceding 2021. (Herjavec Group)
- Between 2017 and 2019, there was an 80% increase in the number of people affected by health data breaches, situations where very intimate personal information was accessed by criminals eager to sell it on the dark web.
- in 2018 alone, American citizens had 446.5 million exposed records. (Statista)
- Worldwide, data breaches exposed 4.1 billion records in the first six months of 2019, and then 36 billion records in just the first half of 2020.
Data Breach Prevention
A surprising number of data breaches are relatively simple to avoid. Indeed, while you cannot fully control how businesses and other organizations use and/or maintain your sensitive information, you can certainly protect your own business and home systems. To do so, you need to be diligent, but most people are not; a whopping 64% of Americans have never even checked to see if they were affected by a data breach although data breaches are happening all the time. Roughly 1 in 13 web requests lead to malware, and yet, users remain surprisingly trusting toward large businesses to protect their identities. Until industry is better regulated to maintain your personal and financial information, here’s what you can do:
Get Educated: Reading the material on this website is an excellent start, but also remain aware regarding to which companies you’ve given your personal, medical and/or financial information. Check periodically; if there have been data breaches reported against any of those companies with whom you’ve done business or facilities where you’ve sought medical treatment or obtained prescriptions, take action. Not only should you seek legal counsel immediately and perform a search using the tools on this page to determine the likelihood that your sensitive data was accessed, but consider contacting the authorities, initiating a credit freeze and/or purchasing credit monitoring services.
Contact Companies: Consider contacting facilities and companies who possess your personal information, and ask them what measures they are currently taking to protect it. If you don’t get a satisfactory answer, demand that they do more, and then contact us.
Backup Your Data: In some circumstances, the information you’ve given to third parties can also be backed up on your own home or work system. Don’t trust that companies to which you’ve given your information will necessarily have access to that information tomorrow–especially if they’ve recently experienced a cyber-attack. Create your own personalized storage and recovery system.
Request Data Deletion: If you have not done business with a company for a long time and do not intend to further do business with it, ask it to purge your data from its network. Companies often maintain your personal data exclusively for their own marketing purposes. Unless you welcome those marketing efforts, consider asking them to delete your data.
Use Available Tools: Use a password generator and password manager. Don’t open suspicious emails. Be vigilant for any suspicious activity on your email account. If you use the same password as the email account anywhere else, change it immediately. Check sites you regularly use to ensure they’re safe.
Protect Credit Cards and Passwords: This measure is one you will hear the most from cyber security experts. We should all know by now how important it is to change passwords frequently, and to not transmit financial or other highly protected information across the Internet unless absolutely necessary, and only to persons or companies you can trust. But what passwords are you choosing? And to whom within your family or company or larger network have you given access to your credit cards? Do you give critical information to vendors over the telephone? Answers to these questions will indicate whether or not you are already a pro at keeping your data secure.
Please understand that no single measure or set of measures will comprehensively protect you, but these guidelines should take you far to protect your identity from criminal threat.
Checking If Your Data Was Breached
Hackers and scammers are a constant threat online. Everything from social media accounts to email addresses can come under attack at any time. You’re well advised to search and run reports regarding the health of your data on a regular basis. If you are concerned about whether your data has been accessed by cyber criminals, there are a number of free online resources available to you, including:
California Attorney General Data Breach Search
Additionally, there are numerous paid services that can assist you in determining whether your sensitive information has been accessed in a data breach. You should not wait to get a letter regarding a data breach to check if your information is vulnerable. You probably won’t get one. Our firm can also help you in this regard, and we strongly encourage you to contact us to determine whether your information is really secure. Contacting us is always free of charge, always confidential and may be your best resource for keeping your information and identity protected and for submitting a claim for financial compensation in the event your data was breached. If your information was accessed, you are probably entitled to substantial compensation. Don’t pass up that opportunity.
What To Do If You’re Hacked
No hack is the same, but cybercriminals’ motives usually are. They usually want money and/or the satisfaction of knowing they were able to infiltrate an otherwise secure network. And yet, while their motives might be clear, how you should respond to such an attack might not be. Indeed, according to a 2020 Verizon study, an estimated 56% of Americans have no idea what steps to take in the event of a data breach although highly sensitive personal data was involved in 58% of those breaches. That same study revealed that 86% of breaches were financially motivated and 10% were motivated by espionage. If you believe you have been hacked, consider the following steps:
Notify your friends, family members and internet “followers.” Most hackers are focused on financial gain. If and when they get access to your account, they may try to blackmail you or others associated with your hacked account. This form of social engineering can be highly effective. When individuals receive a message from their family members or friends to send information, codes from a cell phone, etc., they will often do it. Consider creating a page with information you can send to others associated with your accounts to ensure those people are kept safe.
Today, most online services will let you know if you attempt to log into their services with a unique computer, IP or browser. If you do not recognize a login attempt, you should take immediate action and secure your account by:
- Changing the password;
- Adding 2FA (Two-Factor Authentication); and
- Adding whatever additional security levels the service provides.
If you are certain that you have been hacked, experts suggest the following steps:
- Change passwords on all online accounts to which you still have access, securing them as quickly as possible;
- Ensure you have secured your main email account, changed the password, implemented a recovery email, and enabled Two-Factor Authentication;
- Inform your friends and family members you have been hacked to ensure they are not, in turn, scammed by the hackers now pretending to be you;
- Perform an assessment of which accounts have been hacked and what information the hackers have received about you and/or your network;
- Do not create a new profile or account on the same platform you were hacked using the same credentials such as the same email address or phone number. That makes it much harder to recover your account;
- Never pay a ransom, unless advised to do so by law enforcement. If hackers approach you and ask for a ransom, contact local law enforcement, file a police report and consider retaining a third party who can talk to the hackers, so as to not directly involve yourself. Most hackers are in it for the money. As soon as they understand you won’t give them money, they will oftentimes leave you alone and move on to their next victims.
Once you have a full overview of the situation and have secured all other online accounts, you can sometimes recover your hacked accounts. For example, check your emails and see if you can find security alerts from the service to which you’ve lost access. Some companies and services offer the option of resetting recent changes to your account. Try to reset your hacked account’s password, using both email and SMS options where applicable. If that doesn’t help, visit the service’s help portal so as to report a hacked account. Contact the service directly if it offers a telephone number or support email address. While waiting for a response, monitor changes on the hacked account. For the worst extortion attempts and hacking breaches, consider involving your local law enforcement and filing a police report.
Finally, call us. Seriously…call us. We have extensive experience addressing privacy issues and can serve as an invaluable resource to you, not to mention your advocates for a substantial financial recovery.