Recently we have seen an increase in cyber-attacks, both locally and globally. People are becoming more aware of the impact of data breaches. Yes, we all feel at risk, and with several companies breached being close to home, I have been asked many times what to do if you suspect your data was breached during one of the recent significant data breaches.
This article will attempt to give a few practical steps to manage risk when it comes to data breaches. In 2017 we saw the Master deeds breach – one of the most significant breaches which affected many South Africans. The Master deeds breach contained 27GB file called "masterdeeds.sql" which was a MySQL database backup file. This file included, among other information, 2.2 million email addresses of South African citizens.
Most recently, City of Johannesburg disclosed that they suffered a catastrophic ransomware attack which was far-reaching. According to the press statement issued by the City, the ransom notes read: "We also compromised all passwords and sensitive data such as finance and personal population information".
According to the Identity Theft Resource Center, three data breaches happen every day, and over 4 million records have been lost in breaches globally in 2019. One of the critical issues is that we entrust our data to organisations, and this leaves us at risk if they do not take adequate security measures to ensure our data is protected. The question many people ask in the wake of such breaches is: what do I do now?
The first action is to determine, with near certainty, if you have been affected by the breach in question. Some websites are helpful in this regard, and I always advise clients to check the site haveibeenpwned. This site is an excellent resource for most of the significant and/or international breaches. However, in most cases, you will know by simple means of deductive reasoning. If you had a reason for doing business with the City of Johannesburg, for example, you may reasonably assume that your data has been affected. If it is possible to determine what data was affected, it is a good idea to try to determine what information the hackers have access to. However, this is not always plausible, and most organisations do not fully disclose the extent of the data breach.
The next step in mitigating your risk is to reset passwords to all affected accounts and possible linked accounts. I always advise that financial service accounts and passwords to be reset. The reason for this step is that it renders the stolen data to a certain degree useless. Ensure that passwords are set with reasonable complexity and remember that lengthy passwords trumps complexity; thus, passphrases have become a security favourite. In most breaches, email addresses are leaked so I will not be responsible if I do not reiterate the importance of caution when it comes to emails you receive. Our emails and email archives are a treasure trove of personal information, thus we should always apply caution when we receive suspicious or unsolicited emails.
Finally, it is advised that you inform your bank or financial service provider that your data was breached. I also recommend clients to check their banking statements regularly to ensure that no suspicious transactions are made. If you suspect that your credit card information was violated during the data breach, it is sensible to cancel the card and request a reissue to ensure data like CVV numbers are rendered useless.
Lastly, on the front of financial matters, it is imperative that you monitor your credit record. The reason for this is that stolen identities are used to get access to credit and loans. If you watch your credit record, this will enable you to become aware if the stolen personal data is monetised.
In summary, when you find out that you may be affected by a data breach, it's a good start to try to determine if you are affected; however, this is not always possible. Immediately take action on changing affected passwords and finally, inform your bank and keep your finger on your credit record.