Nearly half of people whose data was stolen by hackers ‘experienced fraud’

Nearly half of people whose data has been stolen by hackers go on to be victims of fraud, research from Which? suggests.

Its survey of more than 1,300 members found around a quarter (23%) said they had their data compromised following a breach involving a company or organisation.

Some 46% of people whose data was stolen by hackers then went on to experience fraud.

The consumer group wants to see tough penalties enforced for firms that fail to prevent data breaches.

When data breaches happen, criminals may then go on to buy stolen information such as passwords or credit card and bank details, as well as using other personal details to pose more convincingly as victims’ banks and other trusted organisations, perhaps through a cold call or email.

Which? has heard from people who said their mental health has been affected. It said victims have also struggled to get any form of redress from the companies that failed to protect their personal data.

As part of its investigation, Which? also asked its members to submit their email addresses to haveibeenpwned.com, a website that tells people if their email address has been involved in a data breach.

Which? had 515 members take part, submitting a total of 610 email addresses. It was revealed that around 79% of addresses had been involved in at least one breach. Of those, the average number of breaches per email address was 3.7. One address had been involved in 19 breaches.

The consumer group said that currently victims have limited options to seek redress when data breaches occur. Although consumers have a right to claim compensation if they have suffered damage as a result of an organisation breaking data protection law, doing so is not always easy, it said.

Jenny Ross, Which? money editor, said: “Whether we’re shopping online, booking a holiday or signing up to a new mobile phone contract, we have to trust the companies we deal with to protect our details – and if things go wrong we need to know that businesses are held to account.”

Here are some consumer tips from Which? for protecting data:

Passwords

Always set strong passwords. Further help with this is available at computing.which.co.uk/hc/en-gb/articles/360000818025-How-to-create-secure-passwords.

There are also many services available which will alert you if your passwords have been compromised. And where possible, turn on two-factor or multi-factor authentication.

Credit cards

Do not save your credit card details if you are not going to use the service regularly.

Although it may be inconvenient to resubmit them, it is better than having your financial information unnecessarily stored in a database that could be compromised.

Guest checkouts

Just checkout as a guest if you are not going to use the service that often. Only create an account if you really need to.