Four simple steps to protect your data following a data breach
Negligent business processes, human error and cybercrime are causing a growing number of data protection act breaches. And, if you have been the victim of a breach or cyber-attack, it is vital that you know how to react.
What to do when you find out your data has been breached
STEP ONE: Protect your finances
A data protection act breach can result in financial theft. And, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. To protect your money you should:
- Contact your bank (or credit card provider) immediately if you are worried that your financial data has been exposed
- Look out for any bills or emails showing goods or services you haven't ordered
- Check your account for any unfamiliar transactions and alert your bank or card provider immediately if there is any suspicious activity
- Keep an eye on your credit score for any unexpected dips
- Call Credit and Experian to ensure credit isn't taken out in your name
- Understand that a genuine bank or other financial organisation will never contact you out of the blue to ask for your PIN or full password
- Know that a legitimate bank or other business would never ask you to move money to another account for fraud reasons.
STEP TWO: Watch out for further attacks
All too often, cyber-criminals get access to your name and email address following a data protection act breach. And they might use this to try and extract additional information from you (such as your banking details). As such, you should:
- Follow any security instructions provided to you by the company which breached your data
- Never automatically click on a link in an unexpected email or text. This could result in you giving a fraudster access to your personal or financial details
- Always question uninvited approaches in case it's a scam. Instead, contact the company directly using a known email or phone number
- Don't assume an email or phone call is authentic. Just because someone knows your details (such as your name and address or even your mother's maiden name), it doesn't mean they are genuine
- Be careful who you trust - criminals may try and trick you by telling you that you've been a victim of fraud. Criminals often use this to draw you into the conversation, to scare you into acting and to reveal your security details
- Know that criminals can make any telephone number appear on your phone handset, so even if you recognise a name or number, or if it seems authentic, it might not be genuine
- Don't be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot
- Listen to your instincts. If something feels wrong, then it is right to question it
- Have the confidence to refuse requests for personal or financial information. Stop the discussion if you do not feel in control of it
- Never hesitate to contact your bank or financial service provider on a number you know
- Beware of any unsolicited communications that refer you to a web page asking for personal data
- Don't accept friend requests from people you don't know on social media and review your privacy settings
- Report any suspected phishing attempts to the police and Action Fraud.
STEP THREE: Put some data protection best practices in place
If you are concerned that your data might be at risk, there are some steps you can take to stop the threat from escalating. For example, you should:
- Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you
- Change your passwords
- Use a different password for every account (if you are worried about remembering them all you could sign up to a password manager)
- Make sure your devices are protected by internet security software and that this is kept up-to-date.
STEP FOUR: Make a data breach compensation claim
Every day, data protection act breaches are causing misery and upset to people across the UK. Organisations have a duty to protect your sensitive data. And letting other people access this is a complete failure of this responsibility. So, why shouldn't you seek compensation for this inability to look after your information correctly if it has caused you distress?
If you want to make a data breach compensation claim you should:
- Contact the ICO to let them know about your concerns. The ICO might investigate the data breach and, while it does not award compensation, if it believes that the organisation in question broke the law, you can use this information in court to help prove your claim
- Make sure that if you are offered any form of compensation or free services from the organisation that put your data at risk, you check the small print. Be careful that in accepting an offer you are not giving away your rights to pursue a separate data breach compensation claim at a later date
- Write down your version of events ASAP, including any impact resulting from the data breach as this could provide valuable evidence in court
- Contact Hayes Connor Solicitors. Our expert, online fraud and data protection solicitors will advise you on whether you have a valid claim and will be pleased to answer any questions you might have. If you are not sure whether your information has been misused or mishandled, we can find this out for you. Our initial assessment is always free. We'll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.
Crucially, if an organisation has failed to protect your personal data, you have a right to claim compensation. Even if you haven't suffered as a result.
For more advice on how to keep your data safe, follow our #NotJustHackers campaign onTwitterandFacebook.