Privacy Breach
What Is a Privacy Breach?
A privacy breach is when someone accesses someone else’s personal information without being authorized to do so.
It typically starts with attackers infiltrating a protected computer network and viewing or stealing data. Common causes of privacy breaches are social engineering (including phishing attacks), weak and stolen credentials, malware, and insider threats.
Privacy breaches expose personal and sensitive information, which can lead to reputational damage, identity theft, and other negative outcomes for those affected.
Third-party definition
The improper or unauthorized handling of personal information. – Government of Canada
Why Your Personal Information Is Affected In Breaches
People’s personally identifiable information (PII) is among the most commonly breached record types and has been for a while.
There are several reasons why hackers go after personal information, including:
- Financial gain. Hackers may target personal information such as credit card numbers, bank account details, or login credentials to commit fraud, steal money, or make unauthorized purchases.
- Identity theft. Personal information like Social Security numbers, birth dates, and addresses can be used to steal someone’s identity. Criminals can apply for credit cards, loans, or government benefits in the victim’s name, causing financial and reputational damage.
- Espionage. State-sponsored hackers or cybercriminal groups may target personal information to gather intelligence, conduct espionage, or disrupt the operations of governments, businesses, or organizations.
- Blackmail and extortion. Hackers may steal sensitive personal information and use it to blackmail individuals or organizations for money or other favors. For example, ransomware attackers increasingly steal data rather than encrypt it and demand payment in exchange for not leaking it online.
- Data breach sale: Personal information obtained from data breaches is often sold on the dark web to other cybercriminals for further exploitation, including phishing attacks, identity theft, or credential stuffing.
- Targeted attacks: Hackers may use stolen information to target specific individuals or groups, such as high-profile individuals, celebrities, or employees of certain organizations, for political, ideological, or personal reasons.
Personal information is a valuable commodity, and hackers target it for various malicious purposes, posing significant risks to individuals, businesses, and society as a whole.
How to See If Your Data Was In a Privacy Breach
Organizations will sometimes notify their customers if they experience a breach. However, just because you’ve never received a breach notification from a company does not mean your data was never stolen.
Some organizations purposely don’t disclose breaches, while others may not even know they’ve been breached. In some cases, organizations might know they’ve been breached but not what data was stolen. There are also organizations that wait for days, weeks, or months to disclose breaches.
Another way to know if your data was affected is to use tools like HaveIBeenPwned.com. HaveIBeenPned can show you if your personal data was compromised in known breaches. By signing up for HaveIBeenPwned alerts, you can also have it notify you of any new breaches you’ve been involved in.
Something to note is that these kinds of tools only know about publicly discovered and disclosed privacy breaches. In other words, there’s likely a ton of personal information stolen in breaches we simply don’t know about.
What to Do If You Were Part of a Privacy Breach
If you know or suspect that personal information was part of a privacy breach, you should consider taking the following actions:
- Change your passwords.
- Set up multi-factor authentication.
- Contact any relevant institutions (banks, government agencies, etc.)
- Monitor your accounts and credit reports.
- File an Identity Theft Report with the Federal Trade Commission.
Beyond that, continuously monitor your digital footprint. Depending on the personal data exposed in a privacy breach, criminals might combine it with other available information, including on your social media and data brokers, to carry out attacks like identity theft and phishing.
Remember: the less information there is about you online – breached or otherwise – the safer you are.