Another day, another data breach. Unfortunately, this is now so common that we are becoming desensitized to the problem and its repercussions. Are we jaded by talk of GDPR, privacy, and compromised records, or do we still think it won’t happen to us? As we share more and more data online and rely on technology every day, we inevitably give up some our right to privacy and become more vulnerable to cybercrime. If you haven’t yet become a victim of cybercrime, or your data hasn’t yet been compromised in a breach, it’s likely a question of when and not if. In 2017, roughly half of the US population had their personal information stolen in the Equifax breach alone, and it’s worth noting, this was only one of 1579 breaches reported in that year according to the ID Theft Centre.
We know that breaches and hacks are inevitable . The odds dictate that your information will be breached at some point. But what does it really mean when your data is compromised? Just what are cybercriminals doing with the information they steal, and how much is this data really worth? In this blog we’ll look at what happens to personal data after a breach, the value of stolen data, and ways that you can protect your personal information and take back control.
GDPR is a new EU regulation which came into effect in May 2018. This new legislation was designed to update the existing Data Protection Directive, since the previous directive was established long before the internet dramatically changed the way we use, share and create information.
What does GDPR mean to me?
GDPR governs the protection of personal data as a human right. The legislation protects the data of EU residents regardless of where the company is based or where the collection is taking place. GDPR mandates that organizations must implement the appropriate technical and organizational measures to ensure the security of personal data.
What data do organizations hold about me?
Individuals in Europe now have the right to obtain the personal data that companies collect about them, a right that still does not exist in the US. While different companies hold different kinds of data for various reasons, we should expect that data such as our names, addresses, email address, date of birth and marital status are common, there really is no limit to what companies can collect about us. Here is a list of some of the information that Google has for most people…
- If you have location enabled on your phone, Google knows everywhere you’ve been since you first used it on your device. You can check your own timeline
- Everything you have ever searched for and deleted
- Where you work
- Places you’ve visited
- Everything you’ve ever watched on YouTube
- All of the apps you use
- Your workout routine, how many steps you take in a day and all of the workouts you’ve done
The list above merely scratches the surface of the personal data that is being stored about you. So what exactly does Google do with all of this information? Ever wondered how ads are so targeted that it can be downright scary? Well Google takes this information and creates an ad profile based on your information like your age, location, gender, hobbies, profession, relationship status, income, etc. which in turn allows companies to market to you more effectively and in some cases invasively.
The good, but probably scary news is that you can find out exactly what information Google is holding about you by running this report. When talking about data collection and privacy we can’t ignore Facebook, but we could write a whole other blog on the data that Facebook is holding about you. You can find out what information Facebook is storing by running this report.
A company I deal with had a data breach, how do I know if I was affected?
With so many data breaches being reported it’s a good idea to check if your email appears on a compromised list, you can easily check yours at haveibeenpwned.com. Larger breaches like the Equifax or Marriot breach will have dedicated websites which allow individuals to check if they have been affected.
My information has been compromised, what should I do?
If you have received notification from a company to say you have been affected here are some helpful steps you can take.
- Determine what type of information was compromised in the breach
- Change all affected passwords immediately
- Contact your bank or credit card company if your payment information has been compromised
- Find out what assistance the breached company is offering and accept their help, this could be free credit reports or identity theft protection for example.
- Monitor all of your accounts closely
- Be aware of scams
- Pay attention to your inbox and be careful what you click as you could be targeted with phishing emails post breach
- Use two-factor authentication when possible
My details were compromised, should I be worried?
Breaches will only increase in frequency for the foreseeable future, and your data will be compromised. Follow the steps above and monitor your accounts closely. Be vigilant, don’t use the same passwords between different accounts, and use complex passwords and two-factor authentication when possible.
Where does my data go once it’s stolen?
Regardless of how your data is stolen, what might surprise you is that cybercriminals don’t tend to use the data themselves. They typically opt to post it on forums on the Dark Web where it will be sold for profit.
What exactly is the Dark Web?
Hidden in the depths of the deep web (web pages that aren’t identifiable by search engines), lives the Dark Web, a layer of the internet so hidden it is only accessible with specific software designed to access it. Thought to be 400-500 times larger than the surface web (accessible by standard browsers and search engines) the Dark Web is popular with criminals as it offers anonymity and untraceable means of communication, bypassing internet censorship and therefore allowing for illegal activities.
You can find out if your information is available on the Dark Web by clicking here.
How much is my data worth?
The value data of data changes and is affected by many factors including supply and demand but here are the 10 most common pieces of information sold on the Dark Web and the general range of what they’re worth—according to Experian:
- Social Security number – $1
- Online payment services information – $20 – $200
- Credit or debit card info – $5 – $110
- Drivers license – $20
- Loyalty accounts – $20
- Diplomas – $100 – $400
- Passports – $1000 – $2000
- Subscription services – $1 – $10
- Medical records – $1 – $1000
- General logins – $1
How can I protect myself against identity theft?
Data breaches are inevitable in today’s world and cybercrime is on the rise, and while this is largely out of your control, there are some things you can do to mitigate the risk and protect yourself. Here are a few tips:
- Practice good password hygiene
- Monitor your presence on the Dark Web
- Consider identity protection services for yourself and your family
- Make sure you have the most up to date software to protect you. New technology like BlackFog Privacy ensures that the data that is on your device stays on your device.
What else can I do to protect myself online?
Every application you use or website you visit is collecting information about what you’re doing online. The good news is that you can block the exfiltration of unauthorized data. To protect against modern threats individuals need to adopt a multi-layer defence strategy to protect privacy, prevent data loss and put a stop to unauthorized data profiling and data collection. Deploying a solution like BlackFog, that blocks outbound data flow will ensure that no unauthorized data ever leaves your device.
How can I take back control of my data?
Adopting a preventative approach to privacy and cybersecurity is now more important than ever to protect your data and your privacy. While you can’t control how organizations protect your personal information, you can take steps to protect your personal data on your device. New technology like BlackFog Privacy will put a stop to unwanted data collection and profiling so you can use your devices with confidence knowing that your data is secure and your privacy is intact.