Understanding the Roadmap of Data Breach to Identity Theft and Ways to Fight it Out
Most of us are walking a tightrope when it comes to protecting ourselves from the hackers, thereby often living on the edge and thinking it will never happen to us. This September, the world witnessed the raw power of hacking through millions of people which infers data theft is something that could happen to anyone.
It has been a month of disturbing hacking reveals and fears around the world. In America, it was Equifax and SEC, and then announcements of election hacking from Kenya and the EU, arming itself against a similar possibility.
SEC is a top stock market regulator in the US, and hackers used the stolen data to make money on the stock exchange. Equifax is one of the three American companies that collect credit information and create credit reports for customers. The 143 million Americans who lost their personal information to hackers over a year are now concerned that their social security and driver’s license numbers have fallen into the wrong hands. There are also over 200,000 people who have had their credit card numbers stolen.
Also, in Kenya, presidential voting results were nullified due to election hacking concerns. The EU is forming an agency to battle election hacking to avoid what happened to the French and US elections. However, these politically motivated hackings are different from the theft of personal or business information, which may eventually lead to data theft. Once personal identification documents and other identifiers are stolen, they are out there. You cannot change your driver’s license number. Furthermore, freezing your compromised credit report is only a temporary measure, and that also prevents you from applying for new loans.
Crimes related to identity theft are indeed a real threat. In Britain, identity fraud accounts for over half the country’s scams. In 2014, millions of email addresses and passwords were stolen in Germany and used to send spam messages. There are often worse crimes carried out by miscreants, who appropriate personal IDs of some kind. Often, it’s hard to spot/realize that an identity has been stolen until the victim faces the consequences of the identity fraud. Businesses have a responsibility to protect customer information from hackers more than ever. Small companies that are looking for ways to protect the client’s data, which they have in their custody, must understand how data theft can often turn to identity theft and discover the means to circumvent it.
What is Identity Theft
Identity theft is when malicious criminals steal personal information or documents to carry out nefarious activities like financial fraud, or worse, criminal activities in the name of someone else. Financial fraud could be in the form of tax quibble for instance, or credit card fraud, bank fraud, mail fraud, and other kinds of scams. The worst-case scenario is when a stolen identity is used to carry out activities like illegal immigration, terrorism, and other crimes like drug trafficking and money laundering.
Not all data breaches turn into identity theft. However, after any data breach, the need of a company going into identity theft protection mode is essential. It is useful to identify the scenarios in which a data breach can occur and expose you or your customers to the possibility of identity theft.
What Counts as a Data Breach
There can be many instances in which a data breach occurs. Your systems being hacked by cyber criminals through the use of malicious software or malware is only one of them. A hacker breaking into your business network and stealing customer information from the POS is another. Your employee sending an email may accidentally attach a document that contains personal data. Staff in healthcare may have sent private customer data, using unencrypted email. Your web hosting software may have a problem, leading to the exposure of your financial details online.
As you can notice, not all of these data breaches are caused by hackers. Human error and system issues also support the cause. Such data may not be used for identity theft, but data exposed to malware or hackers are often vulnerable.
How Do Hackers Use Stolen Data
Typically, the type of data stolen will determine where it ends up. A name, birth date, address, social security number or national insurance number or any other kind of personal identification number that identifies a person is likely to be sold on the underground market. Such information can be used to carry out identity theft, apply for loans in the individual’s or business’ name, file fraudulent tax returns, etc. Thieves can use stolen financial data in the same way.
One of the biggest victims of identity theft is probably the healthcare industry. If you’re running a health-related business, you need to be extra careful in protecting the medical records of your patients since medical information seems to be worth a lot more on the black market than stolen credit card numbers. Thieves use the information to blackmail patients and create false identities to make fraudulent insurance claims. They can also use these records to buy prescription medication which can be a problem, especially when used for abuse in drug-related scenarios. Recently, 53 athletes in Britain had their medical records stolen from the World Anti-Doping Agency. The difference between the problem of medical record theft and credit card number theft is that you cannot cancel your medical records as you do with the credit card.
Stolen online credential like usernames and passwords can also be used to cause phishing attacks or spam attacks. If it is an insurance company or an online pharmaceutical store that is affected, the thieves could use customer credentials to purchase medicine, make fraudulent insurance claims, or even conduct extortion. When hackers break into poorly-protected POS systems and steal payment card information, they usually do so for making fraudulent online purchases.
Even education information, like school transcripts, college records, and enrollment data can be used to blackmail or extort money and steal identities.
Small Business Identity Theft
It is not only the customer data that is at risk of identity theft. Small businesses may also have their identities stolen, especially in countries like the US, where over 99 percent of employers are classified as small businesses. Such businesses have less stringent regulation, but they have telephone bills, water bills, electricity bills, Internet, and loans, just like any individual. Stealing personal data from these businesses for identity theft is almost like stealing from an individual.
Hackers can take EIN, which is the Employer Identification Number, the equivalent of the social security number or health insurance number for an individual. Fraudsters, who want to apply for loans, carry out insurance frauds and other crimes in the name of the business. The relevant information can easily be accessed on the business’ website. As a small business, take extra steps to ensure that your business identification number and other personal data are safe from outsiders.
Measures for Mitigating Identity Theft
There are ways to protect against identity theft before it happens. All devices in your business must have stronger security measures and anti-theft protection. Make your employees aware that they should be wary of suspicious emails and messages, especially those coming from an unfamiliar source. It also helps to limit the personal information exposed on the internet.
When a data breach has already occurred, and you think there is a possibility of identity theft, follow these steps:
- Determine what was stolen. Change email addresses, cancel credit cards, and other payment cards. Alternatively, inform your customers about the breach and tell them what measures to adopt for immediate safety. Dates of birth cannot be exploited quickly unless combined with other information. Most sensitive is information like social security or insurance numbers, online passwords, bank account numbers, and payment card codes. If the social security number is stolen, it must be reported to the relevant authorities. Under no circumstance wait for months like Equifax did before disclosing a breach. Bubble will only inflate before it bursts, putting yourself and your customers at an even greater risk
- Change all passwords. Set up two-factor authentication (2FA). Use apps like Google Authenticator app for 2FA, rather than message methods, as they are a security hazard. Recently, a large number of high-profile hacks proved even this method as being prone to hacks, thus Google is looking to bring hardware key based security features, following in the footsteps of YubiKey. Use a password manager if you cannot manage your new passwords by yourself.
- Contact banks and other financial institutions to inform them about the stolen card numbers.
- Contact credit reporting bureaus and ask them to place a fraud alert (unless the credit agency is hacked itself – Equifax).
It is also advisable to sign up for credit or identity monitoring services.
No one is entirely immune to data breaches or identity thefts in the digital age. However, there are preventive and mitigating measures that you can adopt for peace of mind. With the ever-changing technologies and advancements, cyber-criminals are more active than ever before, but with vigilance and awareness, it is possible to thwart them.