A data breach is any incident where confidential or sensitive information has been accessed without permission. Breaches are the result of cyberattacks where criminals gain unauthorized access to computer systems or networks and steal the private, sensitive and/or confidential personal and financial data of the customers or users contained within. The U.S. Department of Justice defines a breach as “the loss of control, compromise, unauthorized disclosure, unauthorized acquisition, access for an unauthorized purpose, or other unauthorized access, to data, whether physical or electronic.” Our law firm views breaches as events which usually would not have happened but for inadequate cybersecurity protocols. With the advent of cloud computing and increased digital storage, data breaches are more prevalent now than ever, often impacting millions of consumers in just one attack on a company, and whereby cybercriminals can access any of the following:

• Customer or patient names
• Addresses
• Telephone numbers
• Email addresses
• Usernames
• Passwords
• Medical health records
• Credit Card numbers and security codes
• Banking and other financial information

According to recent surveys, 25,575 records are accessed in the average data breach. Since the beginning of (and due to) the COVID-19 pandemic, the FBI tells us that there has been a 300% increase in reported cybercrimes. In fact, by 2025, cybercrime will cost the world economy an estimated $10.5 trillion annually.

So, why is this happening? Well, for one, studies show that 38% of all users have passwords that never expire. Perpetual passwords are like ticking timebombs. What’s more, cybercrime protections at businesses can be wholly inadequate. In fact, 28% of data breach victims are small businesses, enterprises that typically lack the funding to institute sophisticated cybersecurity systems. But, whatever the size of the business, the inability to quickly detect and respond to data breaches can be devastating. According to a 2020 study by IBM, the average time to identify a breach was 280 days. Just imagine what cyber criminals could do with your information during that span of time.

Some other alarming statistics include:

• 58% of all healthcare data breaches are initiated by Insiders. (Forbes)
• Despite the very high number of publicized data breaches, the actual number of data breaches is likely far greater since many of those breaches have unknown numbers of compromised records.
• Social media data breaches accounted for 56% of data breaches in the first half of 2018. (IT Web)
• Cloud-based cyberattacks rose 630% between January and April 2020. (HIPAA Journal)
• The healthcare industry is the leading industry victimized by data breaches. (Statista)
• More than 93% of healthcare organizations experienced a data breach in the three-year period preceding 2021. (Herjavec Group)
• Between 2017 and 2019, there was an 80% increase in the number of people affected by health data breaches, situations where very intimate personal information was accessed by criminals eager to sell it on the dark web.
• Worldwide, data breaches exposed 4.1 billion records in the first six months of 2019, and then 36 billion records in just the first half of 2020. These numbers grow annually.

A surprising number of data breaches are relatively simple to avoid. Indeed, while you cannot fully control how businesses and other organizations use and/or maintain your sensitive information, you can certainly protect your own business and home systems. To do so, you need to be diligent, but most people are not; a whopping 64% of Americans have never even checked to see if they were affected by a data breach, even though data breaches are happening all the time. Roughly 1 in 13 web requests lead to malware, and yet, users remain surprisingly trusting toward large businesses to protect their identities. Until industry is better regulated to maintain your personal and financial information, here’s what you can do:

Get Educated: Reading the material on this website is an excellent start, but also remain aware regarding to which companies you’ve given your personal, medical and/or financial information. Check periodically; if there have been data breaches reported against any of those companies with whom you’ve done business or facilities where you’ve sought medical treatment or obtained prescriptions, take action. Not only should you seek legal counsel immediately and perform a search using the tools on this page to determine the likelihood that your sensitive data was accessed, but consider contacting the authorities, initiating a credit freeze and/or purchasing credit monitoring services.

Contact Companies: Consider contacting facilities and companies who possess your personal information and ask them what measures they are currently taking to protect it. If you don’t get a satisfactory answer, demand that they do more, and then contact us.

No hack is the same, but cybercriminals’ motives usually are. They usually want money and/or the satisfaction of knowing they were able to infiltrate an otherwise secure network. And yet, while their motives might be clear, how you should respond to such an attack might not be. Indeed, according to a 2020 Verizon study, an estimated 56% of Americans have no idea what steps to take in the event of a data breach although highly sensitive personal data was involved in 58% of those breaches. That same study revealed that 86% of breaches were financially motivated and 10% were motivated by espionage. These statistics are updated in its 2022 Data Breach Investigations Report. If you believe you have been hacked, consider the following steps:

Notify your friends, family members and internet “followers.” Most hackers are focused on financial gain. If and when they get access to your account, they may try to blackmail you or others associated with your hacked account. This form of social engineering can be highly effective. When individuals receive a message from their family members or friends to send information, codes from a cell phone, etc., they will often do it. Consider creating a page with information you can send to others associated with your accounts to ensure those people are kept safe.

Today, most online services will let you know if you attempt to log into their services with a unique computer, IP or browser. If you do not recognize a login attempt, you should take immediate action and secure your account by:

• Changing the password;
• Adding 2FA (Two-Factor Authentication); and
• Adding whatever additional security levels the service provides.

If you are certain you have been hacked, experts suggest the following steps:

• Change passwords on all online accounts to which you still have access, securing them quickly;
• Secure your main email account, change the password, implement a recovery email and enable Two-Factor Authentication;
• Inform your friends and family members you have been hacked to ensure they are not, in turn, scammed by the hackers now pretending to be you;
• Perform an assessment of which accounts have been hacked and what information the hackers have received about you and/or your network;
• Do not create a new profile or account on the same platform upon which you were hacked using the same credentials (e.g., the same email address or phone number);
• Never pay a ransom, unless advised to do so by law enforcement. If hackers approach you and ask for a ransom, contact local law enforcement, file a police report and consider retaining a third party who can talk to the hackers. Do not otherwise directly involve yourself. Most hackers are in it for the money; as soon as they understand you won’t give them money, they will oftentimes leave you alone and move on to their next victims.

Once you have a full overview of the situation and have secured all other online accounts, you can sometimes recover your hacked accounts. For example, check your emails and see if you can find security alerts from the service to which you’ve lost access. Some companies and services offer the option of resetting recent changes to your account. Try to reset your hacked account’s password, using both email and SMS options where applicable. If that doesn’t help, visit the service’s help portal to report a hacked account. Contact the service directly if it offers a telephone number or support email address. While waiting for a response, monitor changes on the hacked account. For the worst extortion attempts and hacking breaches, consider involving your local law enforcement and filing a police report. Finally, consider using any one or more of the numerous paid services that can assist you in determining whether your sensitive information has been accessed in a data breach. You should not wait to get a letter regarding a data breach to check if your information is vulnerable. You probably won’t get one.

Finally, call us. Seriously…call us. Our firm can help you determine if your information is truly secure. Contacting us is always free of charge, always confidential and may be your best resource for keeping your information/identity protected and for submitting a claim for financial compensation in the event your data was breached. If your information was accessed, you are probably entitled to substantial financial compensation. Don’t pass up that opportunity.