What Are the Consequences of Having Your Personal Information Breached?
Before we get down to the nitty-gritty, we should probably clear up some confusion around the term 'data breach'. The Cambridge Analytica scandal broke news last month, and numerous journalists were quick to classify it as a data breach. There are better descriptions of what happened.
What isn't a data breach?
A third-party personality quiz app named "thisisyourdigitallife" was at the bottom of what has come to be referred to as "Facebookgate". A person would take the quiz, and the app would gather information on them and their friends from their Facebook profile. The data would then be relayed to Cambridge Analytica which would later use it for various purposes. This is not a data breach, but a breach of Facebook's terms of service. It could also be classified as "data misuse".
What is a data breach?
In a classic data breach, a service provider is hosting your information (e.g., username, password, email address, name, etc.) because you've signed up with them. Hackers break into the service provider's system and steal your data. Then, they use it for their own nefarious purposes, expose it for the world to see, or sell it on the underground markets.
Few data breaches manage to attract the attention of the media. Fewer still cause an outrage similar to the aforementioned Facebook/Cambridge Analytica mess. Nevertheless, data breaches happen every day, and the reason for this is simple.
Nowadays, it's easy to create a website and start offering services through it. Many people know how to do it, but few know how to do it securely. As a result, the cybercriminals have field days slurping the users' data.
What is the likelihood of having your personal information breached?
It's pretty high. Obviously, the more websites you sign up for, the greater the chance of becoming a victim. Some users tend to register for every website they visit (not a good idea), and sometimes, it's impossible to take advantage of a website without registration.
Generally speaking, it's wise to be careful with the services you use, and it's also a good idea to check your accounts every now and then and delete the ones you no longer need. That being said, every modern person needs to have an Internet presence. Unfortunately, even the big and supposedly trusted Internet giants (the ones that have billions of users like Yahoo!) can fall victims to hackers, so it's fair to say that you can never be 100% safe.
What could happen if your data gets compromised?
The gravity of the situation depends on the nature of the stolen data, but you can safely say that whatever the type of leaked information, the incident should not be underestimated. Many people think that the data they've handed out when registering for a certain type of websites, for example, online forums, is relatively harmless, and there is a grain of truth in this. Things could quickly turn sour, however, if you've used the same password for a hacked forum and for your social media profiles. That's why people shouldn't reuse passwords.
Users also tend to underestimate the importance of their email accounts. In doing so, they forget that their email address is often used when resetting the passwords for most of their other accounts. In other words, the weak password that protects your Gmail account could lead to the compromise of your Facebook profile.
A compromise of a social media account represents a serious invasion of privacy. In some cases, however, the damages of a data breach could be financial as well. If an e-commerce website that has your credit card suffers a cyberattack, for example, your card could fall into the wrong hands, and if you don't act quickly enough to cancel it, you could find yourself paying for someone else's shopping spree.
In some cases, like the data breach Equifax suffered in 2017, the incident could even lead to identity theft. We're talking about extremely sensitive data (social security numbers, for example) getting exposed. With this type of incidents, actions need to be taken immediately, but fortunately, breaches like this aren't too common, and they do receive a lot of attention. Usually, there's plenty of information available on what you need to do after you find out that your information has been leaked.
The upshot is, falling victim to a data breach is a scary experience. Even more so because since the websites you sign up for are responsible for handling your data, there's not much you can do to minimize the risk apart from being careful with what sort of information they're trusted with. What you can do, however, is make sure that if you do fall victim to a data breach, the damage is contained.