Our email address, or addresses, are used for everything online. They become the basis of our identity to which everything else is linked such as name, birth date, addresses and other sensitive information. Increasingly however, we are seeing data breaches even of major organisations in whom we place considerable trust. These larger breaches are featured prominently in news cycles, but many other smaller breaches do not get a mention. As a result, you may not have any idea that your personal information has been compromised.
What is a data breach?
A data breach can be defined where personal information of individuals is exposed to unauthorised people. This could be either via an illegal hack to access a system or even a mistake by an organisation with its data that leaves it accessible to public scrutiny.
Data breaches can result in small revelations to external parties, or they could be very serious where financial information or medical records are accessed. Irrespective of the level of breach, any personal information can lead to identity theft and a fraud being perpertrated on the unsuspecting victim.
For the organisations experiencing the data breach, these can have considerable impact on their professional reputation and result in a loss of trust. If customers do not feel confident in leaving their information with an organisation they will find an alternative supplier.
The Australian Broadcasting Commission (ABC) recently published a story on stolen and compromised data. Checking your email will show in graphic detail what has been compromised with data breaches. You will find the story at See your identity pieced together from stolen data – ABC News
How to check for data breaches on your email
There are several online services to check if your email address has been compromised. Of these, the most popular would appear to be “Have I Been Pwned”. Simply go to the website and enter your email address in the search box and the site will return the results of all breaches of that email address. In testing three email addresses, the site found two had been compromised and one was clean. One email address had been compromised on 20 occasions and the second on 9 occasions.
You can subscribe to receive notifications if your email address appears in any future data breaches. Early notification will enable early action on your part, particularly if you are not notified by the organisation that they have been breached.
What to do on breached accounts
If your email address has been compromised, the above site will list the sites on which this has occurred. It is suggested that you immediately go to that site and change your password.
Changing passwords and establishing accounts
There are a number of things you can do when changing your password or setting up an account to minimise risk.
- Do not use the same password on multiple accounts. If your email address is compromised on one website, you will be exposed on every website that combination has been used.
- Use a Password Manager to generate difficult passwords that combine upper and lower text, numbers and special characters when creating password. There are free ones around such as Bitwarden and Lastpass that are excellent.
- Using a Password Manager eases the burden of having to remember passwords or record them in a little book. Those days are long gone.
- Enable two factor authentication (2FA) on your accounts. This adds an extra layer of security. In addition to your password, you will be required to enter a code from an authentication program where the code numbers change every 60 seconds. Both Google and Microsoft offer authenticator programs that can be used.
- Keep all your software up to date. This includes any websites you may have in addition to programs on your computer. Software companies regularly update software to patch security vulnerabilities that have been identified. By not updating your software, you are exposing yourself to a known vulnerability that could be exploited by nefarious characters.
Common signs of data breaches
Subscribing to a service such as the one suggested above can act as an early warning system. There are other signs that may indicate a breach. These include:
- receiving emails from addresses you do not know;
- receiving emails inviting you to click on a link also known as phishing attacks;
- irregular activity on your bank account;
- an increase in spam emails indicating your email address has been sold or published;
- emails from legitimate services advising suspicious activity on your account
With data breaches increasing in frequency, old attitudes towards passwords and security need to change. Using unique passwords on all accounts in addition to two factor authentication can be highly effective in keeping your information safe. These can all be stored in free password managers. By regularly checking for data breaches and subscribing to services that alert you to breaches, you have a greater ability to stay a step ahead of hackers.