How safe is your data? Could a criminal have your details?

Identity theft and data breaches
Identity theft and data breaches

Recently CEX, the used game and electronics company, confirmed it has been the victim of a data breach. Hackers got onto its computer systems and accessed consumer data including first names, surnames, addresses, email addresses and phone numbers.

Even more worryingly, it admitted that "in a small number of instances", customers lost encrypted data from expired credit or debit cards. CEX stressed that it did not have any current card data stored for customers' accounts. However, it is a useful reminder of how vulnerable our details can be, and the steps we need to take to protect ourselves from theft, fraud, and identity theft.

See also: Why you shouldn't use public wi-fi for online banking

See also: Ransomware attacks on the rise: could you be a victim?

It's just one of a long line of customer data breaches. In 2017 there have been data breaches from the likes of Debenhams (26,000 Debenhams Flowers' customers), Wonga (250,000 customer records including bank account details, sort codes, addresses, email addresses and more), Three (data of 200,000 customers), and Abta (43,000 people who had complained about travel agents).

Ilia Kolochenko, CEO of web security company, says: "These days, data breaches have become a sad daily routine. They will likely continue their skyrocketing growth, bringing more and more financial and reputational damage both to the victims and breached companies. The core problem is the continuing ramifications of each breach – attackers may use compromised credentials, or other sensitive data, in password reuse and social engineering attacks years after the original breach. And the more breaches that occur, the more successful further attacks become as cyber criminals accumulate a huge amount of data about us."

Protect yourself

The best way to protect yourself is to use strong and unique passwords for each website you log into. It can be difficult to keep track of passwords, so many people use the same ones multiple times. However, if you do this, all the criminals need is to access it once - on the least secure website - and they have access to everything from your email to your bank account.

Kolochenko says it's also sensible to provide as little sensitive, or confidential, information about yourself as reasonable in all your online accounts. That way, if someone does get into your account, there's a limit to how much information they can find out about you.

After a breach

If you have been the victim of a data breach, there are five key steps.

1. Find out exactly what information has been stolen. If it's limited to your name and address, it's annoying, but it's no more than used to be printed in the phone book. However, there are other details that may not seem terribly dangerous, but can be a real pain, These include your date of birth (because it's often used to verify your identity) and email address (which could mean you get far more spam). In the worst cases your credit or debit card details will be leaked, your bank account details, National Insurance number, passwords, or the security code from the back of your credit card. If a combination of these things are stolen, it will leave you wide open to identity theft.

2. However, valuable the data that has been stolen, you'll need to change your password - and anywhere else you used the same password. This is a good time to come up with unique passwords for all these accounts.

3. It's also worth changing your security questions and answers, because otherwise the hackers may simply be able to answer the questions and change your password again.

4. If your financial data has been stolen, contact the financial institutions involved. You may need to get a new card, you may need to change your account, and you may also have an alert placed on your account - to show the account is at risk of fraud and alert the bank to keep alert to the potential risks.

5. Finally, contact the credit reference agencies and ask for a fraud alert to be put on your account. This will alert them to the risk that someone will try to steal your identity, or set up accounts or loans in your name.