Our personal data is at risk. Data leakage events have been a constant for a few years now. Millions of people around the world are affected. The risk that the exposed data will be used for fraudulent purposes is imminent. This guide will recommend what you should do in case you are the victim of incidents like this. Without further ado, the first recommendation is not to minimize them at all, because you can even have financial damages that are difficult to recover from.
Unfortunately, the fact that you take all the necessary measures to protect your personal data is not enough. The organizations and institutions that manage your data have a large share of responsibility, not only in the way they handle your data, but also in how they protect it from the many existing risks. One of the most important is that of data breach.
Basically, what happens is that your data is exposed to anyone who wants to have it and carry out all kinds of fraudulent activities. It is important to size the danger of data being exposed such as your social security number, mobile number, credit card number (and security code), bank and financial details, medical history, and more.
The possibilities that a cybercriminal has from the moment they access the personal data of others are endless, and we emphasize that, unfortunately, not only we are responsible for protecting what is ours. So what are organizations and institutions like banks, telephone companies etc doing?
Recommendations in the event of a data breach
Confirm that you have indeed been a victim
This is the most important step. There are occasions when one may receive an email informing that your account is at risk and that you must urgently access it. Supposedly, from there you must follow the instructions to protect it and that the situation does not recur.
This is a typical phis hing scenario, many people “fall” in a matter of seconds, their bank account access data, for example, becomes the hands of cybercriminals. If in principle you had not been a victim of data breach, now you become a victim of phishing-type attacks.
The latter is even more dangerous because, from the moment your data falls into the hands of others, from there they can carry out operations without your consent. Consequently, it is good practice to insure yourself about the potential event of data leakage through official communication channels, such as telephone.
Also, check digital channels such as their official website or social media profiles. As part of a good action plan, the organization affected by a data breach event must communicate what happened. Likewise, it must provide the necessary guides so that those affected know which area to turn to, what number they should call or where they should go to carry out the corresponding management.
Check what types of data have been filtered
Above we had discussed the importance of dimensioning the seriousness of the fact that your personal data is exposed. Imagine that an online store of your choice reports that its infrastructure has been violated and that, as a consequence, the entire customer database was leaked. This database contains highly sensitive personal data such as credit card numbers and the most important data: the security code (CVV).
What should you do in that case? Immediately, you call the bank or the credit card issuing company to proceed with the corresponding block. Thus, no transaction can be carried out, even if it has the security code. If you don’t do this, anyone with your credit card details will be able to make transactions without your consent.
Despite the fact that there are banking and financial entities that have ways of corroborating the legitimacy of each transaction, not all of them put them into practice. So the user is extremely unprotected and little or nothing could be done if he discovers transactions that he does not recognize.
Now, let’s imagine a more delicate situation: having your social security number taken over. In countries like Spain, the United States and Mexico, this number is almost as important as the identity document. Especially since this is a fundamental requirement to carry out various procedures such as requests for loans to housing funds and access to the country’s medical services.
If they seize that number and add the vulnerabilities that government platforms could have, many fraudulent actions could be carried out on your behalf. Ultimately, this would cause too much damage that takes a long time and sometimes money to resolve.
Get advice regarding the backup plans of the responsible organization
Once you have contacted the organization affected by the data breach, you should ensure that you have access to potential compensation for the damage caused. Whether to a greater or lesser extent, it is your right to receive help from this organization.
One of the most important data breach events in history is from the Equifax company that occurred in 2017. This is one of the largest credit reporting agencies. He was responsible for the data breach of 147 million people in the United States. Among the many data that were exposed, we can highlight the full names, social security numbers, date of birth and the driver’s license.
Equifax proposed compensation actions ranging from the cession of the company’s own services for free for 10 years, to more considerable payments of up to $ 20,000 if the victims prove the damages caused.
We do not urge you to insist on claiming your compensation for damages, as it is great to receive free stuff. We reiterate, it is your right. At the end of the day, the organization responsible for the situation could have caused you serious harm, hours wasted making arrangements, requests and much more. Of course, you must claim compensation because your personal data has been exposed to third parties and that is serious.
Web browsers such as Mozilla Firefox are aware of this and make available a tool that lets you know if you have been the victim of any data breach, which will automatically notify us if our email has been leaked. With it you can know about the responsible organization and what data has been exposed. We must not forget: our data is the most valuable asset, it is both our right and obligation to protect it from threats.