What is a Data Breach?

You may have heard the term data breach in the news and wondered what data breaches are and how they affect you. Whether you realize it or not, it is not uncommon for companies to store information about most or all of their customers. This may include restaurants where you’ve paid with your credit card, grocery stores where you use a “shopper’s card”, online websites and many more. These companies may store information about you, and if that information is accessed by unauthorized people, your information may fall into the wrong hands.

What is a Data Breach?

Data breaches are incidents that expose sensitive Personally Identifiable Information (PII), like Social Security Numbers, bank or credit card account information, passwords or personal health information. Data breaches can be intentional (a cybercriminal or hacker accesses a company database) or accidental (an employee accidentally exposes customer information). 

Governments, private corporations, hospitals and educational institutions have all experienced data breaches. Here are a few recent or more prominent data breaches:

• Equifax (2017) — The personal information of 147 million people exposed
• Facebook (2019) — 530 million users’ account information exposed
• Yahoo (2017) — names, birth dates, phone numbers and passwords of up to 3 billion Yahoo users
• Marriott (2018) — information on up to approximately 500 million guests exposed
• Crypto.com (2022) — 483 user accounts compromised with up to $35 million in cryptocurrency stolen

How Do Data Breaches Happen?

Data breaches happen in a variety of different ways. In some instances, an insider with access to sensitive customer information chooses to steal or mishandle that information for their own gain. In other cases, hackers use malware to gain unauthorized access to a company’s networks or databases or an individual’s computer or personal device. Social engineering is another way that a cybercriminal might use to gain access to your personal information. And finally, some data breaches happen by accident where an unauthorized person accesses information without malicious intent.

Once a hacker is inside a company’s network, they might use a variety of different tactics. One option is that they might access financial information to steal money from bank or credit card accounts. Another possibility is they might look for username, email address and password information in the hopes that there might be other accounts with the same username and password combination. Or, they might use their inside access to move on to a different trusted network to steal further information.

How to Prevent Being a Data Breach Victim

Your personal and financial information is one of the most important assets that you have, and it’s smart to do what you can to keep your information secure. Here are a few ideas to reduce the chances that your personal information is stolen:

• Regularly patch and update your operating system and the applications that you use on your computers and mobile devices
• Make sure that the websites that you use have the highest level of security. For example, Google Chrome indicates whether a website is secure by adding a lock icon to the left of the URL.
• Use strong or complex passwords, multi-factor authentication (MFA) and never reuse passwords across different sites
• Always shred financial documents and anything with your personal information on it

Still, no matter what precautions you might take, your data still may be compromised. Even if you are vigilant about who you give your data to, even the biggest and most reliable companies may end up getting hacked. So another thing you’ll want to do is regularly monitor your financial accounts and credit report. Look for unauthorized transactions or new accounts — those can be signs that your data may have been compromised. Credit Karma’s Identity Monitoring product is free and provides notifications when members’ email addresses are spotted in a data breach.

What Should You Do If Your Data Is Breached?

If you do find that your data has been exposed, you’ll want to contact your financial institution to discuss the best steps to take. This may include disputing fraudulent transactions, creating fraud alerts, closing affected accounts or all of the above. You’ll also want to make sure to review your accounts and make sure that you have strong passwords on all of your accounts, especially any accounts that had previously used the same password as the breached account. 

Regularly check your credit report — by law, you have access to a free credit report from all three credit bureaus (Experian, Equifax, and TransUnion) every year. It is a good financial practice to regularly review your report to see if there are any accounts on your credit report that you don’t recognize. Those could be signs of your data being used fraudulently. You can also use a service like Mint to regularly review charges on your existing accounts. If you feel you have been a victim of identity theft, you can follow the FTC’s guide on how to report identity theft.

The Bottom Line

A data breach is an incident where personally identifiable and/or financial information is accessed by an unauthorized individual. While most companies do their best to protect the information that they store about their consumers and customers, it is always possible that your data may be seen and used by malicious cybercriminals. Be vigilant about what you do with your personal and sensitive information and who you share it with. It’s also a good idea to regularly review your financial accounts and credit reports. Look for unauthorized transactions and report any that you see to your financial institution immediately.