When you hear about a large scale data breach—and how could you not hear about them, considering 2014 had the highest ever number of data breaches reported to date—you may wonder how it really affects you. Even if your credit card, bank account number, or Social Security number weren’t affected, the breach can still have serious consequences, but all too often consumers ignore the threat. After all, if hundreds of millions of consumers had their information accessed in a single event, how much danger are you really in?
The bigger question is, “What happens to my information once a hacker accesses it?”
The answer to that question depends entirely on what their plans were and how much information they accessed. If they were able to retrieve consumers’ financial information, those numbers usually get sold on black market websites in large batches. But what about the data breaches where the thieves only found customers’ names, mailing addresses, phone numbers, and email addresses, for example? No big deal, right?
Well, that’s not necessarily true. With your email address, a thief can hack into your email account and change your password, which gives him a lot more access than you originally thought. From there, he can use your account to access other sites, like your Amazon or eBay accounts. He can make large purchases on these sites using your stored payment method, diverting the shipping address to one of his choosing. He can then resell the items while you get the bill.
Once he has access to your email address, he can also change your password on any number of websites since he’ll have access to the “Forgot your password?” feature. He can then conduct business under your name in virtually any way he wants.
Truthfully, this is an arduous process, and remember, the hacker just got millions of email addresses. Sure, it’s possible he may never get around to bothering with you. But you’re not out of the woods yet.
Another common use for hacking into entire lists of email addresses is to ramp up phishing, spamming, and scamming efforts. While most of us can spot a spam email from miles away (“Cheap Viagra, available here!” or “I need your help! My father is the former king of Nigeria and we want to give you our fortune!”), what is harder to avoid are the increasingly sophisticated phishing emails that look like the genuine article, but are really meant to infect or infiltrate your computer and your privacy.
These emails often resemble a communication from a company you actually do business with, and remember, the hacker has your email account and can therefore search through it to see which banks, credit cards, utilities, or shopping sites you use. You then receive an email telling you there’s a problem with your Chase MasterCard, your Bank of America checking account, your Verizon cell phone, your iTunes account, your PayPal account…whatever. Anywhere you actually do legitimate business is up for grabs since the hacker has your email inbox.
These phishing emails will then direct you to a link to enter your account information, which you may do believing that this is a genuine direction from your provider. At the same time, the link may be installing malicious software on your computer which will then dig around and get the rest of the information the hacker wanted.
In order to prevent these types of problems, there are a few crucial steps you must take.
- Secure EVERYTHING (especially your email account) with strong, unique passwords that contain a combination of letters, numbers, and symbols.
- When you’re informed of a data breach, take it seriously. Follow up by changing your passwords on all of the sites where you do business, and if you’re offered credit monitoring as part of the aftermath, make sure you take advantage of the service.
- Most importantly, be on the lookout—whether your information has been breached or not—for any suspicious or strange online activity, and take appropriate action if something isn’t right.