It’s sadly becoming more common to see articles about a website data breach – but what does that mean and how does this affect you?
With the majority of us choosing online banking, saving, purchasing, trading and registration for a whole array of sites and services, it’s worth taking a few moments to review your security.
What is a Data Breach?
The security firm, Norton, defines a data breach as “A data breach is a security incident in which information is accessed without authorization.”
Most commonly, data breaches occur when there are outdated security policies on a website or online platform.
Often, personal data breaches can involve an unauthorised third party, such as a hacker, gaining access to your information. Another example of a data security breach is when personal data-containing technology is lost or stolen.
The visual guide below shows the huge amount of personal data which has been compromised and the sites involved:
Have I been caught in a data breach?
Many of us don’t realise that our email address and passwords are not as secure as we first thought. For those of us who have been using the web for while may be surprised to learn how many sites they use have been hacked!
Luckily there are is a free tool to allow you to quickly check to see if your email address, or even your telephone number, has been part of a data breach.
HaveIBeenPwned is a simple, free to use tool which allows you to easily check any email address or phone number to see if it has been involved in a data breach.
If your details have been involved in a breach you will see a list of sites where your compromised data may appear.
You are also able to subscribe to a notification service to receive automatic email alerts anytime your details appear as part of a leak.
Be aware of what site you’re using to keep track of your online security because some illegitimate sites use data mining to get your name, email address, and login information to use in future attempts to commit fraud.
What do I do if my email or phone number was breached?
Some important steps to take if your data was breached can include:
- Monitor your bank and other financial accounts. Check your accounts on a regular basis for any unfamiliar activity. If you see suspicious activity with any financial data, contact the institution involved immediately.
- Change your passwords immediately. Use a complicated and unique password for each of your online accounts. It’s common to use the same password as it’s easy to forget passwords but this leaves you vulnerable if any website is breached using the same password.
- Sign up and use 2-Factor Authentication (2FA) where available. 2FA is an extra layer of security used to make sure that people trying to gain access to an online account are who they say they are. First, a user will enter their username and a password. Then, instead of immediately gaining access, they will be required to provide another piece of information, most commonly a code from a text message or authentication app.
- REMEMBER – When signing up or purchasing on any site, use only secure URLs. Reputable sites begin with https://. The “s” is key. This is especially important when entering credit card or other personal information.
How do I complain and claim compensation
If you discover that an organisation has lost your personal information, there are steps you can take to protect yourself and, in some situations, seek compensation.
The following guidance has been provided by Which.co.uk
Organisations are bound by the Data Protection Act 2018 (GDPR) to keep your data secure.
This means that they must take measures to prevent unauthorised or unlawful processing of your personal data.
They must also protect against accidental loss or destruction of, or damage to, your personal data.
If your data is lost and it causes you financial damage or distress, you may be able to make a claim for compensation from the organisation that lost it.
Complain to the company that lost your data
If you’ve suffered distress or financial loss as a result of your data being compromised, the first thing you must do is contact the organisation that you believe is responsible.
Outline what distress and/or losses you’ve suffered, and how you expect it to compensate you. It’s important to note that you can now make a claim relating to distress alone – you do not need to have also suffered financial loss.
Complain to the ICO
You can also take your concerns with how the organisation processed your data to the Information Commissioner’s Office (ICO).
By law, the ICO can’t award compensation or give advice on the level of compensation that should be due, even when it has said that in its view the organisation did indeed breach the GDPR. But its opinion can be influential in making your claim against the organisation that has compromised your data.
Go to the small claims court
If you can’t agree with the organisation that compromised your data on the fact that you are due compensation, or on the level of compensation, you can make a claim via the small claims court.
A good piece of evidence to take to court is if the ICO agreed with you that the GDPR was indeed breached
You can use our advice on how to make a claim in the small claims court.