Back in 2013, news of a data breach affecting a major retailer took consumers by surprise. Industry watchers, law enforcement, even legal teams had a vested interest in what went wrong, how the victims would recover, and how to prevent it in the future. Not long after, more retailers were hit, leading many experts to wonder if there was a connection.
Also during this time, federal government agencies were being hacked. Both the Office of Personnel Management (OPM) and the IRS—to name only two agencies—were breached, with the OPM actually being breached twice. Millions of Americans had their Social Security numbers and other identifying information stolen, and the number of fraudulent tax returns and identity theft reports has gone up.
For all the headlines that crop up when any major organization or corporation is hacked, the sad truth is that there are hundreds upon hundreds of data breaches each year. In fact, since the Identity Theft Resource Center first started keeping tabs on the numbers of data breaches in 2005, the number has grown almost every single year.
However, with the constant news of data breaches, are consumers losing sight of the threat? Are we becoming complacent, and seeing data breaches as just another 21st century fact of life? Hopefully not. In fact, it is important to know how a data breach occurs and what information is compromised in order to understand how you might be impacted.
Data breaches can be broken into two categories, accidental and intentional. An accidental breach is just what it sounds like: someone inadvertently made sensitive information available to unauthorized people. It could be something like the recent Hellgate High School breach in which a school administrator attached the wrong document to an email and sent more than 1,000 current and former students’ records to dozens of people. An accidental breach could also be something like a security flaw in a website that accidentally invites anyone in to take a peek at all of the employees’ or customers’ records. In either case, no harm was intended, but security was violated.
An intentional breach, though, happens when someone actively goes after information. Again, this can manifest in different ways. A high-tech cybercrime ring can hack into a network and steal thousands or even millions of sensitive records, typically with the goal of selling those complete identities on the dark web. A low-tech version might be an employee accessing sensitive information at work, copying it all down or downloading it, then using it or selling it to criminals.
In any data breach, regardless of how it came about or what the intended purpose was, the victims will receive a notification letter as required by law. The letter itself is critical since it will tell you exactly what information was compromised, what steps you should take to move forward, and what reparations the company may be offering to help safeguard you as much as possible. The letter also serves as a measure of proof that your identity has been compromised, in case you are affected by this crime further down the road. It’s important that victims of a data breach take it very seriously, follow those steps outlined in their notification letters, and then save the letter with other important papers.
Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.