In today’s bulletin, Charlie discusses data loss and gives an insight into how hackers may use our personal data.

I have been delivering training for two days this week, teaching my BCT Certificate in Cyber Incident Management course. As part of the training, we were discussing data breaches and the loss of our personal data. One of the students said that they weren’t too bothered if their personal data was lost, as it has happened lots of times through various cyber attacks. I was rather of the same opinion in that as long as you are vigilant, don’t use the same password for every platform and service you use, and you have two-factor authentication on all the platforms that matter, you just have to accept this as a fact of life.

I came across a video from the Information Commissioner’s Office which talks about the impact lost data has on people’s lives and the importance of not leaking it. I thought it was a good video to share with the readers of the bulletin and a good reminder of the importance of protecting data, through either preventing it being lost to a cyber attack, or inadvertently sending out personal information.

The video highlights the impact the loss of personal information can have on an individual. I also think we should be aware of how, once personal information is lost, it can be used.

These are a number of ways how your data is possibly used:

• Identity Theft – Criminals use stolen personal information to impersonate victims, open accounts, take out loans, or claim benefits. Once this has been done, trying to prove that it wasn’t you can be difficult. If staff personal data is stolen, this can often include documents to prove your identity and right to work in the UK, such as passports, which the hackers have got hold of and can be used to prove identity during fraud.
• Account Takeover or Financial Fraud – Attackers use stolen logins to break into email, banking, or corporate accounts. Most of what we do is protected by 2FA, but criminals have means to intercept this, so it is not always foolproof.
• Selling Data – When attackers don’t use data themselves, they sell it on criminal marketplaces. Identity packs, card details, and corporate logins are traded to fuel other scams.
• Extortion & Blackmail – Stolen data is used to pressure victims by threatening to leak sensitive files or personal information, which can include threatening to leak personal data, or claiming to have intimate photos and demanding money to keep them private.
• Social Engineering – Data from breaches helps attackers craft convincing phishing and impersonation attempts. Knowing real details makes it easier to bypass weak verification steps or convince people that they are being contacted by a trusted source.
• Synthetic Identity Fraud – Criminals combine real identifiers with fake details to create new identities. These build credit over time before being used for large-scale fraud.

What the video shows is quite emotive and is a good reminder of the importance of keeping data secure, and perhaps I should worry more about the loss of my data!