What is a data breach and how does it affect me?

If you’re relatively active online or keep up with the news, chances are you’ve seen a headline or two with the term “data breach.” You might have shrugged it off as something only the FBI or tech companies deal with.  

But here’s a new (and shocking) headline for you: it could involve you too.  

Data breaches aren't as complex as you might think, but they are quite common. We like to assume that they could happen to anyone that gives their personal information to a business, service, or just about anyone else. No, that doesn’t mean you need to live off the grid — but it does mean you should stay alert. And this deep dive into data breaches will teach you how. 

What is a data breach?  

A data breach is an incident in which confidential, sensitive, or protected information is stolen or taken from a system by an unauthorized person — and without the knowledge or authorization of the system’s owner. There are three different types of data breaches:  

• Physical breach: the physical theft of documents or technology (for example: your work laptop).  

• Electronic breach: the unauthorized access or attack on a system or network.  

• Skimming: the capture and recording of magnetic strip data (think: your credit card), which can occur when an external device is installed on a merchant’s POS without them knowing.  

How do data breaches happen?  

Most data breaches can be traced back to a simple oversight by an individual, flaws in a company’s infrastructure, or an intentional attack. There are a few ways data breaches can happen:  

• An employee using a co-worker's computer and reading files without having the proper permissions. This isn’t malicious or intentional, but because it was viewed by an unauthorized person, the data is technically breached.  

• A person (on the inside) purposely accesses and shares data with the intent to cause harm to individuals or the company.  

• An unlocked laptop or electronic goes missing.  

• Hackers from outside use various attack methods to gather information from a network or individual, like phishing, brute force attacks, and malware: 
  

• • Phishing is designed to fool you into a data breach. Think of a spammy email or text message you might have received, posing as your benefits coordinator in your HR department and asking for sensitive information. (Which they would normally never do.) Some of these attacks can be thoughtfully designed and look pretty legitimate, so it’s best to double-check with the supposed sender if the email was rightfully sent to you. 
    

  • Brute force attacks are essentially hackers trying to guess your passwords, typically using software tools to crack into your sensitive information. This is why it’s important to have a strong password — and use a different password for each of your various accounts. 
    

  • Malware is short for “malicious software,” and it’s a tactic hackers use to corrupt your computer and steal your data — all while being completely undetected. It can usually show up as a “warning” on your computer that attempts to convince you to download a software to protect against a “detected” form of fraud. (So don’t click on it.) 

     

What can criminals do with your personal information? 

Let’s say a data breach happens and your personal information — sometimes referred to as personally identifiable information (PII) — is stolen. Sometimes, it can just be your full name and email address, or it could be your:  

• Birth date  

• Home address  

• Social Security number  

• Passport number  

• Driver’s license number  

• Credit card number(s) 

• Medical records  

• Insurance information  

• Login credentials (such as usernames and passwords)  

Criminals can use your information in a number of ways, and any form of PII is considered a goldmine to these folks. While just having access to your name and home address seems relatively harmless, for example, criminals can find a way to do a good bit of damage. Specifically, identity thieves can use your personal information to:  

• Open a new credit card or loan.  

• Change a billing address so you no longer receive bills. (And no, they’re not doing you a favor). 

• Open new utilities accounts in your name.  

• Open a new bank account.  

• Use your debit card number to withdraw funds or your credit card number to make purchases.  

• Obtain a new driver’s license or ID.  

• File your taxes. (This is still not a favor.)

• Use your information if the criminal is ever arrested.  

• Visit doctors and undergo medical treatments using your insurance. 

Pretty scary, right? But like most people, you’re probably thinking how uncommon this is — after all, you don’t know anyone in your inner circle that has dealt with this! While that may be true (and seriously, kudos to you and your friends for avoiding the headache of restoring your identity!), these days, it’s not a matter of if... it’s when. (Keep reading to see what we mean.) 

Data breaches in the news  

In our digital age, it’s no surprise that data breaches are on the rise. And it doesn’t just happen to the small guys with limited security resources. It can happen to anyone, even the big players:  

• LinkedIn (700 million) 
• Android users (100+ million)  
• Volkswagen (3 million)  
• Capital One (100 million)  
• Equifax (147 million)
• Mercedes-Benz (1.6 million)
• Target (110 million)
• Uber (57 million)
• Kroger (1.4 million)
• Robinhood (7 million)
• T-Mobile (100 million)
• GoDaddy (1.2 million)
• Microsoft (250 million)
• Anthem Blue Cross Blue Shield (78.8 million)
• Facebook (553 million) 

How do you know if your information is exposed?  

Here are a few red flags, according to the Federal Trade Commission (FTC):  

• Check your bank statement often (at least every month) to make sure there aren’t any withdrawals or transactions you didn’t make.  

• If your personal checks are suddenly no longer welcome at places they used to be.  

• Bills and regular mail stop coming.  

• You get phone calls from debt collectors about unpaid amounts for which you can’t account.  

• You get mail in your name that’s obviously intended for another person. (This person could be using your name and address.) 

• There are suspicious items on your credit report.  

• You get medical bills in the mail. Or worse, you’re told you’ve reached your maximum benefit of your medical plan even when you know you didn’t use them up.  

• You get W-2s for companies for whom you’ve never worked or the IRS notifies you of another tax return filed in your name. (Learn all about tax fraud here.) 

• More certainly, you get an email or letter stating your information was compromised in a data breach.  

• Your wallet and its contents are lost or stolen.  

However, there is a way to know if your information is exposed without having to wait until your spidey senses (or, you know, a letter from the IRS) come in. And that’s with an all-in-one, full-service identity protection plan — like this one from Kasasa Care and industry-leader Experian®. 

With three tiers of identity protection to choose from, each plan monitors over 600,000 pages and millions of data points (including on the dark web). And with real-time alerts*, you’ll be the first to know if your Social Security number, name, birthdate, address, and more are found where they shouldn’t be. (Plus, you’ll have access to 24/7 restoration assistance, lost wallet protection, and a Limited Power of Attorney if you need them.) The best part? It starts at just $8 a month — a steal compared to the $3.3 billion lost to fraud in recent years.** 

Steps to take after a data breach  

No matter if you’ve got the peace of mind from identity protection or you’re still on the fence about the service, everyone should know what to do if you’ve been a victim of a data breach.  

1. Stay alert.

If you have been a victim of a data breach, the company may send you a notice or letter to inform you. Keep the letter — and everything else related to the incident. Pay attention to the news regarding the breach, your mail (if anything unfamiliar is sent to you), and your online presence (such as your email).  

2. Set a fraud alert or freeze your credit.

Setting a fraud alert will warn lenders that you may have been a fraud victim. You can do so with the three major credit reporting agencies: Equifax, TransUnion, and Experian. This precaution will let potential lenders know that they should take the extra step of contacting you before opening any new line of credit in your name. The fraud alert will stay on your credit report for 90 days, but you can renew the alert when it expires if you feel that you need to. 

For a more secure line of defense, consider a security freeze. This means that your credit report will not be accessible to potential lenders — that is, until you unfreeze your account. Contact one of the three major credit reporting agencies to place a freeze on your report. 

3. Monitor your financial accounts and credit reports. 

If you’re normally one that turns off notifications, now would be the time to change up that practice (just for a little bit). Set up any alert features your financial institution may have and make it a habit to check your accounts for suspicious activity often. 

You can also check your credit score by requesting a (free!) credit report. Every American is entitled to a free copy of their credit report from all three major credit bureaus (Equifax, Experian, and TransUnion) every 12 months. You can request your free credit report here. 

Though data breaches seem (and are) pretty scary, we still don’t recommend going off the grid permanently and abandoning your digital life to avoid them. We just recommend you surf, work, and exchange information smartly — all while staying alert to the potential dangers, too. (Oh, and to consider an identity protection plan for the ultimate line of defense in our digital age.) 

Stay safe, friends!  

*Applicable for Kasasa Protect Plus and Kasasa Protect Premium packages only. 

**2020 Consumer Sentinel Network Data Book, FTC