Have you ever seriously considered the negative impacts of a data breach? Are you aware of the digital safety risks that lurk around the corners of the internet? And, did you know that cyberattacks may produce life-long consequences?

Nowadays, applications and websites have become so common that we consider them an integral part of our daily lives. And, because we have normalized it, individuals blindly share their private information with little thought given to the implications of doing so. 

We rarely ever stop to consider what happens to our personal data once we share it with large technology corporations. And that’s because we live with the illusion that our valuable or sensitive private information is safe. That cyber attacks cannot possibly reach us.

However, some serious privacy violations have occurred in the past several months. And they have exposed the severe effects of sharing personal information without proper caution to safety and privacy. 

Despite data breaches occurring on a daily basis, they aren’t discussed as often as they should be. Individuals who have not experienced such incidents may assume that they are immune to them. But anyone can fall victim at any time, and the consequences of a data breach can be irreversibly harmful.

In this article, ESelfKey aims to provide an in-depth analysis of data breaches, recent events, and the potential aftermath for individuals whose personal information is compromised. 

It is highly important to spread awareness about the possible consequences of data breaches. To attempt to prevent them from happening at all. With ESelfKey’s decentralized solutions, a safer digital future may await us.

Let us elaborate on these crucial aspects in the paragraphs below.

Highlights

• Defining data breaches: Meaning and Overview
• Factors contributing to data breaches: Why, Who, and for What?
• Caught Off Guard: When and Where Data Breaches Strike
• Victims of data breaches: Are you safe?
• Conclusions

Defining data breaches: Meaning and Overview

A brief, but fundamental introduction

Data breaches are serious security violations where confidential, protected or sensitive data is accessed, stolen or used by an unauthorized person or organization. These devastating incidents are also known as data spills, data leaks, or information disclosures, and they can occur in a variety of ways.

These digital attacks are typically well organized and initiated by malicious players, including organized crime, political activists, and national governments. However, even individuals who accidentally gain unauthorized access to systems with poor security configurations can cause data breaches.

The information that hackers may disclose can range from matters that may compromise national security to information that government officials want to keep hidden. When a person who has access to such information deliberately exposes it, for political reasons, it is usually referred to as a "leak".

The negative effects of a cyber attack: What happens after?

Data breaches can have far-reaching consequences, impacting a variety of information types including, but not limited to:

• financial data, such as credit card information and bank details.
• personally identifiable information (PII), such as full name, full address, IDs, birth certificate information, etc.
• personal health information (PHI), such as full name, home address, or dates related to the health or identity of individuals.
• trade secrets, and intellectual property. 
• sensitive or valuable information, like photos or videos.

Unstructured data, such as files, documents, and private information, can also become exposed and vulnerable if proper security measures are not in place to protect them.

These cyberattacks aren’t limited to organizations or powerful institutions, though. Anyone could be a victim. And, worst of all, the compromise or theft of the information listed above can lead to anything from:

• financial losses
• identity theft
• reputational damage
• legal repercussions

It's important for individuals and organizations to take steps to protect their sensitive information and implement strong security measures to prevent data breaches. 

ESelfKey understands the devastating consequences of data breaches and emphasizes the significance of implementing preventive measures. Responding promptly and adequately in case of such incidents is also highly important. 

Recent Data Breaches: The beginning of 2023

The frequency of data breaches has increased in recent years. Alarmingly, the past several months have seen a handful of significant incidents. 

• One such example is TikTok’s illegal processing of data belonging to 1.4 million children under 13, who were using its platform without parental consent. This breach highlights the importance of proper data management practices, particularly when dealing with children's information.
• Another example is the cyberattack on Yum! Brands, where attackers stole personal information belonging to some individuals, including names, driver's license numbers, and other ID card numbers. This kind of data is particularly sensitive and can be used to commit identity theft, among other crimes.
• Finally, the hacking of The Kodi Foundation resulted in the exposure of personal information and private conversations of over 400,000 users. Such incidents can have long-term consequences for the affected individuals, including reputational damage and financial losses. These breaches emphasize the need for better cybersecurity measures and data protection practices across industries.

Factors contributing to data breaches: Why, Who, and for What?

Cyberattacks have become a prevalent threat to our digital lives, and they occur on both personal and larger scales. While most people may assume that only organizations with weak security measures are at risk, individuals are also susceptible to data breaches. 

In fact, personal cyberattacks often happen due to a lack of caution when it comes to protecting oneself online.

Why do data breaches occur?

One of the most common ways individuals make themselves vulnerable to cyberattacks is by using weak or predictable passwords. This makes it easy for hackers to access their accounts and steal sensitive information. Additionally, using the same password on multiple accounts makes it even easier for hackers to gain access to a person's entire online presence.

Lack of proper security measures is another way individuals put themselves at risk. Failing to have anti-malware protection on their devices can allow malware to infiltrate and infect their system. Similarly, exposing personal information publicly online, such as on social media, can provide hackers with the necessary information to carry out attacks.

Clicking on or accessing suspicious links is another way individuals can become victims of cyberattacks. It is worth mentioning that bad players often use phishing emails to trick people into giving up sensitive information. These emails can appear legitimate, so it's important to be cautious and verify the source before clicking on any links or providing personal information.

Who is responsible for data breaches?

Anyone could carry out a cyberattack, if they have the necessary tools, and if that is their intention.

Data breaches are a serious concern for individuals, organizations, and governments alike. These breaches are often the result of bad players with malicious intent. Perpetrators can range from organized crime groups seeking financial gain to political activists looking to disrupt or expose sensitive information. 

In some instances, national governments have conducted data breaches for espionage or other motives. Regardless of the motive, it's important for individuals and organizations to take steps to protect themselves from potential breaches and to respond quickly and effectively if one occurs.

What are the intentions of those who initiate cyberattacks?

Malicious individuals typically have two main intentions: financial gain or causing damage to institutions for various reasons. 

In pursuit of these goals, they may carry out data breaches that can have serious consequences for their victims. These attacks can result in the exposure of personal information and sensitive data, which can lead to identity theft, financial fraud, and other types of harm. 

Sometimes, larger feuds between hackers and their targets can result in victims becoming collateral damage and suffering the consequences of attacks that were not specifically directed at them.

Caught Off Guard: When and Where Data Breaches Strike

Data breaches can happen every second and anywhere, from major technology companies to large financial institutions, and even in our own homes. 

Public places such as cafes or airports, which offer public Wi-Fi, can also provide opportunities for hackers to access personal data.

Recently, incidents involving Yum!Brands and TikTok have highlighted the vulnerability of powerful institutions to cyber attacks. However, individuals are also at risk in their personal lives. 

At any given moment, scam messages spread by viruses or hackers can target friends and family members. Weak personal security measures, such as predictable passwords and email addresses, can leave individuals vulnerable to attacks. As a result, the malware can spread to the victim’s circle of friends, family, or acquaintances via personal messages or emails.

One common method used by attackers is phishing emails. They appear to be legitimate messages from a trusted source but actually contain malicious links or attachments. Clicking on these links can result in the installation of malware on a device, allowing attackers to gain access to sensitive information. 

Victims of data breaches: Are you safe?

Who do bad players target?

The victims of data breaches can be anyone whose personal data was involved, regardless of age, gender, occupation, or level of power. 

This includes children, women, men, students, teachers, and employees who trust their employers with their personal information. It also includes clients, customers, and patients who share their data with businesses and healthcare providers. 

It's important to recognize that anyone who uses the internet is at risk of being affected by a data breach, regardless of how small or popular they are. Constantly searching for vulnerabilities and ways to exploit them, bad actors can breach even the most seemingly secure systems.

That's why it's essential to take the right security measures, such as using strong passwords, regularly updating software, and being cautious when sharing personal information online. By being proactive about data security, individuals and organizations can help protect themselves and minimize the potential impact of a breach.

How can Data Breaches affect you? 

Individuals can be affected by data breaches in two different ways:

1. At a large scale, when a centralized system is hacked, which can affect millions of people. 
2. On a personal level, when an individual's personal online accounts are hacked. In this case, the breach may only affect one person, but it can still have severe consequences, such as financial loss or identity theft. 

In both cases, it's crucial to take steps to protect yourself and your personal information. ESelfKey advises using strong passwords, enabling two-factor authentication, and regularly monitoring your financial accounts for suspicious activity.

Large Scale: Attacking Businesses

Large-scale data breaches can have far-reaching consequences that extend beyond the immediate victims. 

While companies, institutions, and organizations are often the primary targets of such attacks, individuals can also suffer the consequences on a personal level. Even if the attack was not personally directed at them, they could still become collateral damage if the company they have trusted their PII with falls victim to a data breach. 

The consequences of this kind of data breach can be severe and long-lasting, for instance:

• Companies can face financial losses, damage to their reputation, and even legal action.
• Institutions may lose the trust of their stakeholders and customers, leading to a decline in business. 
• Organizations may find it difficult to attract and retain talent if they cannot demonstrate that they take data security seriously.

Furthermore, large-scale data breaches can lead to a loss of trust in the digital economy. If people cannot trust that their personal information is secure, they may be less likely to use online services and conduct transactions digitally. This could lead to a decline in e-commerce and other digital industries, negatively impacting the overall economy.

All in all, the consequences of large-scale data breaches are not limited to the immediate victims. Companies, institutions, organizations, and individuals can all suffer the effects of these attacks.

Below, we will examine some of these negative impacts more thoroughly.

Temporary Shut Down

Data breaches can have a significant impact on companies, not only in terms of the immediate costs but also in terms of long-term consequences. When a company experiences a data breach, it may be forced to halt its activity temporarily, which can result in millions of dollars in damages.

According to industry surveys, Gartner concludes that the cost of operational downtime can be around $5,600 per minute, which translates to $300,000 per hour. This can add up quickly, especially if the breach is not resolved promptly. 

In addition to the financial costs, a data breach can also damage a company's reputation and erode the trust of its customers, leading to long-term consequences.

For example, Expeditors International is still dealing with the aftermath of a data breach that occurred in February 2022, which forced it to halt its activity temporarily. The company is likely to experience long-term consequences as a result, including a potential loss of business and damage to its reputation. 

It is therefore crucial for companies to take proactive steps to prevent data breaches from occurring and to have a solid plan in place for responding to them if they do occur.

Financial Loss

Financial losses can arise from two main sources following a cyberattack: 

• Ransomware
• Legal actions

Ransomware attacks can result in significant financial losses for organizations, as hackers can demand large sums of money in exchange for unlocking access to their encrypted data. 

The growth of ransomware attacks is a cause for concern, with experts predicting that the total cost of ransomware damages worldwide could reach $265 billion by 2031.

Legal actions can also result in substantial financial losses for organizations. The Equifax data breach in 2017 affected over 145 million people worldwide and has already cost the company more than $700 million in compensation to affected US customers. The breach also affected an estimated 15 million customers in the UK, who have launched their own separate legal action in the high court seeking £100 million in compensation. 

Legal actions can be costly and time-consuming, and the reputational damage caused by a data breach can have long-term consequences for an organization's financial performance.

Reputational Damage

Reputational damage is a major concern for companies that experience large-scale data breaches. Such damage can lead to revenue loss and have long-term impacts on the company. 

When a company's reputation is tarnished due to a history of data breaches, people are less likely to trust the company with their payment information, and they may choose to take their business elsewhere. 

This loss of trust can be difficult to overcome. Therefore, companies must take steps to protect themselves and their customers from data breaches. Additionally, they must try to maintain their reputation and ensure their long-term success.

Loss of Private Data

Sensitive data and intellectual property are two key areas that hackers target in a cyber attack. 

Sensitive data can include, but are not limited to:

• Personal information belonging to customers, patients, and employees.
• Private company emails that contain personal health history, home addresses, and payment information. 

When this type of data is breached, it can lead to significant financial losses and reputational damage for the company.

Intellectual property is another target of hackers, particularly designs, strategies, and blueprints. When intellectual property is stolen, the competition can take advantage of the leaked information. And this, in turn, may cause long-term damage to the company's competitive advantage.

Businesses within the manufacturing and construction industries are particularly vulnerable to these types of cyber threats. Therefore, many small businesses believe that they are unlikely to be targeted by hackers, but this is not the case. 

In fact, 60% of all hacks target small businesses because they are often easier to attack. It is therefore crucial for businesses of all sizes to take proactive measures to protect their sensitive data and intellectual property from cyber threats.

Personal Level: Targeting the Individual

Data breaches at a personal level often occur due to a lack of caution when operating in the digital world and inadequate security measures. 

People may accidentally share sensitive information, such as their social security number or credit card details, on unsecured websites. Alternatively, they could fall victim to phishing scams that trick them into revealing their login credentials. 

Additionally, using weak passwords and not updating software and operating systems can leave personal devices vulnerable to hacking. 

SelfKey’s decentralized solutions are centered around the individual’s privacy and security, with a strong emphasis on individuality. It is highly important for individuals to be vigilant when using digital platforms and take appropriate security measures to protect their personal data from cyber threats. 

Identify Theft

Identity theft is a serious crime that can have devastating consequences for its victims. 

When criminals gain access to a victim's personally identifiable information (PII), such as their full name, Social Security number, and birthday, they can wreak havoc on their financial and personal lives. 

Victims can have their bank accounts emptied, credit histories ruined, and valuable possessions taken away. In some cases, victims have even been wrongly arrested for crimes they did not commit. This is because the criminal may use the victim's identity to commit cybercrimes or other illegal activities, leaving the victim facing legal action and potentially a criminal record.

Notable examples of identity theft

1. The case of Nicole McCabe, an Australian woman suspected of murder after her passport was compromised and her identity stolen. 
2. Several victims of identity theft had to struggle with proving they were not responsible for the withdrawal of large amounts of cash from banks, or illegally attempting to obtain loans worth thousands. 
3. The terrifying story of Andorrie Sachs, whose medical identity was stolen by a pregnant woman who gave birth in Sachs' name and left the baby at the hospital, resulting in a $10,000 hospital bill. 

Local authorities mistakenly reported Sachs as an unfit mother and threatened to take her children away. This could also have lifelong implications for Sachs as the perpetrator had a different blood type, and uncorrected medical records could result in Sachs' death if she ever needed a blood transfusion. A healthcare provider could even prohibit Sachs from reviewing her own medical records as they might not be in her name.

This is one of the many reasons why ESelfKey strongly encourages individuals to take proactive steps to protect their personal information, such as:

• Using strong passwords.
• Regularly checking their credit report.
• Being cautious when sharing personal information online. 

By being vigilant and taking appropriate security measures, individuals can reduce their risk of falling victim to identity theft and the devastating consequences that can follow.

Personal Health Information

The theft of personal health information (PHI) is highly valuable on the Dark Web, as it can be worth more than 200 times stolen credit card information. 

This type of identity theft can have serious consequences, including, but not limited to:

• Obtaining illegal medical treatments or prescription drugs.
• Altering the victim’s medical history.
• Using up the victim’s medical benefits. 

Hackers can also sell stolen PHI to other criminals, who can use it for a range of illegal activities. 

Given these horrifying facts, ESelfKey strongly advises individuals to take steps to protect their medical identity, such as:

• Regularly checking medical records for errors.
• Checking for signs of fraudulent activity.
• Ensuring that their healthcare providers have proper security measures in place to protect their PHI.

Financial loss

Once malicious individuals obtain your PII, they could potentially use it to damage your credit score and commit financial fraud. 

A lowered credit score can make it challenging for the victim to:

• Obtain a personal loan.
• Secure a mortgage.
• Even impact job prospects. 

Additionally, individuals who commit identity fraud can open new bank accounts in your name, drain your existing accounts, and commit check fraud. They can also apply for credit using your information, and engage in a variety of other banking scams. All things considered, it’s important to be vigilant in safeguarding your PII. The long-term financial consequences of a data breach can be severe.

Impersonation on Social Media

Cybercriminals can use your digital identity to carry out various malicious activities that can cause significant harm. Here are only a few terrifying examples:

• They can use your digital identity to phish for credentials from your friends and family, leading to further attacks. 
• They can ruin your reputation by posting obscene or profane content online, damaging your personal and professional relationships. 
• They may look for sensitive photos and videos in your account and use them to extort you, leading to emotional distress and financial loss. 

As horrifying as this may sound, there are ways to prevent this kind of disaster from causing irreparable damage to your digital identity. For instance, ESelfKey’s AI-Powered Proof of Individuality methods may be the key to protect individuals against identity theft.

Emotional and Mental impact

A personal data breach can lead to significant mental and emotional distress. The harm caused can take a long time to recover from, depending on the extent of the damage done by the hacker. 

Along with reputational damage, victims may also have to spend a considerable amount of time and money to mitigate the fallout. And, the steps towards recovering from such a cyberattack could be draining in themselves. 

Victims may have to spend endless hours or days:

• Contacting their bank, lenders, and creditors.
• Securing all their online accounts.
• Replacing stolen identification documents.
• Canceling and replacing bank accounts and credit cards.
• Dealing with criminal charges made in their name. 

Victims will also need to remove malware and viruses from their devices, while constantly proving their identity and showing that it was stolen. A process which can be emotionally, mentally, and physically exhausting in itself. 

Worst of all, if affected individuals fail to repair compromised information or remove malware from their devices, they will risk falling victim to the same attacks over and over again.

The long-lasting consequences of a data breach can be devastating, particularly if your PII or PHI end up on the Dark Web. The information could be in circulation there indefinitely, making you vulnerable to further harm.

SelfKey’s visions for a safer digital future

Recent events have demonstrated the devastating impact that data breaches can have on individuals and organizations. That's why ESelfKey is emphasizing the importance of security when it comes to online interactions and digital identities. 

By developing decentralized solutions with Self Sovereign Identity in mind, ESelfKey is using the potential of modern technology in its aim to counteract these breaches. AI-powered proof of individuality is one solution that may fight against maliciously used AI, to prevent identity theft. 

It's important to raise awareness about data breaches and their potential consequences. To teach individuals and organizations about how to prevent them or how to respond in case one occurs. 

Conclusions

In this modern, digital world, we have normalized sharing our personal data online. However, this does not mean that our personal information is necessarily safe. 

In fact, data breaches are becoming more and more common, and the consequences can be severe and irreversible. That's why it's crucial for individuals and organizations to take caution when sharing and storing their personal data.

ESelfKey is focused on developing solutions which may prevent data breaches and enable individuals to operate safely in the digital world. At the heart of their approach is a commitment to the idea that privacy is a basic human right that should not be traded for convenience. 

By prioritizing privacy and security in their technology solutions, ESelfKey is aiming to help empower individuals to take control of their digital identities and protect their personal information.

Stay up to date with ESelfKey on Discord, Telegram, and Subscribe to the official ESelfKey Newsletter to receive new information!

Note:

We believe the information is correct as of the date stated, but we cannot guarantee its accuracy or completeness. We reserve the right not to update or modify it in the future. Please verify all information independently.

This communication is for informational purposes only. It is not legal or investment advice or service. We do not intend to offer, solicit, or recommend investment advisory services or buy, sell, or hold digital assets. We do not solicit or offer to buy or sell any financial instrument. 

This document may contain statements regarding future events based on current expectations. However, some risks and uncertainties could cause results to differ. The views expressed here were based on the information that may change if new information becomes available.

However, COVID-19 has brought about changes in unexpected areas of our lives, in particular surrounding our data security. Cybercrime has been noticeably increasing, and there are concerns that ransomware attacks could disrupt both government and healthcare organizations. Here’s everything you need to know, including how to stay safe.

The current state of data security

The past year was not great for your data security. There were innumerable data breaches and billions of records were exposed. What has been notable is that there has been an increase in government agencies and healthcare companies becoming victims of data breaches. To give you some perspective, the following government or healthcare organizations were hacked in the last twelve months: the United Nations, the US Defence Information Systems Agency, LabCorp, LifeLabs, Bulgaria’s National Revenue Agency, Los Angeles County Dept. of Health Services, Maryland Dept. of Labor, and many, many more. 

Why exactly has there been an increase in targeting these types of organizations? There are a couple of reasons. The first is that, unfortunately, government agencies are generally not the most technologically advanced when it comes to cybersecurity and this makes them a prime target for data breaches. Old computer systems and out of date security measures allow hackers easy access. Obviously, this is not the case with every government system, but the majority do not have state-of-the-art security protocols in place to prevent breaches. 

Secondly, the data that healthcare and government organizations hold is incredibly valuable. In particular, there has been a rise in medical identity theft over the past few years, which makes medical records very appealing to hackers. Additionally, if a criminal has your social security number, they can steal your tax refund. Even if they don’t use the information themselves, hackers can sell your data to other criminals who can then steal your identity or use it to extort funds from you.

Thirdly, most major countries have their own government-backed hacking groups that they use to target rival countries. Naturally, confidential information and disrupting services like healthcare hurt the most, which makes them prime targets. While individuals are rarely the targets of these types of hacks (unless you’re a high ranking official), they can certainly have a major impact on your life.

What the past couple of years have shown us is that your data is not safe in the hands of organizations. Unfortunately, when it comes to government and healthcare related services, you don’t have much of a choice when it comes to handing over your personal information. However, it has been a wake up call for many organizations, especially with laws like the GDPR and California Consumer Privacy Act that make a lack of security and a lack of response punishable by law. 

The threats COVID-19 poses

During any tragic event, there are always people trying to capitalize off of it, and the Coronavirus is no exception. Cybercrime around the global pandemic has increased over the past few weeks, and in particular, phishing scams have used the virus as a theme. 

What makes phishing scams work (some of the time) is that they create a sense of fear, urgency, or curiousity; feelings that are already elevated right now due to COVID-19. These are extremely powerful emotions that can cause you to make decisions you normally wouldn’t. If you receive an email that looks like it is from your government regarding the Coronavirus, your natural inclination is to do what the email says. Hackers are counting on you not taking a closer look, which is what makes phishing scams so effective. Using real human emotions to prey on innocent victims is called social engineering and can be incredibly powerful in the right (or wrong) hands. 

In January and February 2020, Japan was hit by a massive phishing scam. An email appearing to be from a Japanese disability welfare service provider was sent out with an attachment supposed to contain important information about the Coronavirus. When the document was opened, malware was downloaded onto the victim’s computer. And this is only the beginning, there are certainly going to be more phishing scams in the future.

There has also been an uptick in website domains related to COVID-19, and the majority of these websites are 50% more likely to be malicious than other domains registered since January. All sorts of suspicious websites are claiming to sell testing kits, vaccines, and protective gear when in reality they are just capitalizing on fear.

Ransomware may be imminent

If you’re unfamiliar with ransomware, it’s a pretty basic idea. Hackers gain control of a computer or other device and hold it for a ransom. If the victim fails to pay within a given time frame, then the victim loses access forever. Since ransomware is a criminal activity, sometimes paying the ransom doesn’t restore access at all.

It’s a pretty effective technique because it preys on your fear of losing all of your files, photos, messages, etc., that are stored on your devices. When you apply this to a medical or government setting, ransomware could have devastating consequences, especially during a global pandemic. Criminals are viewing this time as an opportunity rather than a crisis.

A recent report by RiskIQ proposes that criminals are going to leverage the Coronavirus pandemic to launch ransomware attacks, particularly on healthcare organizations. Why? Because healthcare organizations are going to be more likely to pay and willing to pay more to have data released, especially when lives may be at risk. The effects could be devastating, especially if hackers target COVID-19 response and relief efforts.

There is a very real fear in the cybersecurity community that ransomware is imminent, and that the effects it will have in the fight against COVID-19 could be devastating. In fact, ransomware attacks could lead to the spread of the virus if governments and health services are delayed in finding and relaying important information to the general population. So far, there is no evidence that hospitals and government agencies are being specifically targeted, but if the trend of increasing ransomware attacks continue, things could get ugly.

How to stay safe

While there’s not a lot you can do to prevent a ransomware attack against a healthcare or government organization, there are some steps you can take to protect yourself against hackers. Here’s what we recommend:

• Be suspicious - If you receive any email that claims to have important information, check to see who the sender is and what their email address is. Hackers will imitate actual organizations very closely, but something will be off. Don’t download any attachments without making sure it’s from a safe, legitimate source.
• Be cautious of tempting offers- There is so much misinformation circulating right now regarding the Coronavirus. If something sounds too good to be true, especially regarding a cure or vaccine, it definitely is. Only follow the advice of your government and legitimate sources like the World Health Organization.
• Install an anti-virus or security suite and keep it up-to-date - In case you don’t spot malware, it’s important that your computer does. Most email software is pretty good at catching phishing scams, but you may want something heftier just in case. Most importantly, make sure that your software is regularly updated as updates can include important security patches. To make things even simpler, turn on auto updates so you don’t even have to think about it. 
• Enable two-factor authentication - This is one of the easiest ways to see if someone is trying to gain access to your accounts and stop them in their tracks. While not all websites and apps offer two-factor authentication, most of the major ones do. It might feel like a hassle at the beginning but it does a great job of protecting your data.

These small steps could protect your data from being compromised. Given the uptick in ransomware attacks, hopefully government and healthcare organizations will update their security systems too. This is a trying time, in more ways than one.

Conclusion - Data security during the COVID-19 outbreak

The future feels very uncertain right now, in more ways than one. The effect that the Coronavirus is having on data security may seem like an unexpected one, but it is also incredibly important. Suspicious criminal activity is on the rise, and the elevated emotions surrounding COVID-19 could make them far more effective than normal. If ransomware is used on hospitals and government services, the effects could be truly devastating.

This is a difficult time for most of the population, however, for criminals it’s a time that could be very profitable. Crime never stops, even during a global pandemic. In meantime, we should remain hopeful that this chaotic time will soon be over, and that healthcare and government organizations are paying attention to the habits of cybercriminals.

The data collected in data breaches can be incredibly valuable to hackers. They can sell it to other hackers, use it to drain your bank accounts, or impersonate you. In this article, we outline the best ways to protect your data so that when a data breach does happen, your data is not exposed.

1. Separate your emails

Your email address is one of the most common pieces of information that can be exposed in a data breach. It might not seem like much, but hackers can discover a large amount of information about you from just this one piece of information. Additionally, your email may be easy to find already through social media accounts.

As a result, you should create a separate email for important accounts and another for less essential ones. For example, you can use one email address for all of your entertainment accounts (such as Netflix, Spotify, Youtube, Steam, social media, online games, etc.) and another for more important accounts (such as banking, taxes, finances, etc.). By keeping this information separate, you reduce the chances of valuable information falling into the wrong hands.

2. Use a password manager

Most people have a very bad habit of using the same password for multiple websites and apps. This means that if hackers get access to one password, they can usually access multiple accounts. In order to prevent this, experts say that you should have a unique password for each website and app that you use. Additionally, your password should not be a word in the dictionary, and should contain symbols, numbers, and uppercase and lowercase letters.

While it may seem overwhelming to keep track of unique, individual passwords for each account, password managers solve this problem. A password manager stores all of your passwords in one place. Some password managers can even generate completely random passwords for you (usually a long, random, case-sensitive string of numbers and letters). In some cases, the password manager may have a browser extension which automatically enters your password for you. In others, you have to open the app or website each time to copy and paste your password.

While password managers are a target for hackers because they contain a lot of sensitive information, they are better than any current alternative. If someone manages to hack into a password manager’s server, the data they can access is generally useless. The data will not make any sense unless the malicious actors also have the master password, and obtaining a master password is even more difficult.

When looking for a password manager, something to keep in mind is that a good password manager should not allow master password recovery. If a hacker can get a hold of your master password, it puts all of your online personal data at risk.

3. Enable two-factor authentication

You might employ this already, but two-factor authentication (2FA) puts another wall between your personal information and hackers. In essence, 2FA requires you to provide two different authentication factors when logging into an account. Typically, one of these factors is your password and the other is a notification on your smartphone or email.

While not all online accounts offer 2FA, you should enable it wherever you can, in particular for accounts that may contain more personal information. Your social media accounts, email, online banking, and online marketplaces (such as Amazon) should all have 2FA enabled if possible.

4. Use platforms with strong security

It’s vital that the platforms you use have a good system in place to protect your data in the event of a breach. Some companies are extremely committed to security, while others aren’t fussed. One good way to get an idea of how good a platform’s security protocol is is to check if they’ve ever experienced a data breach, and what their response was (take a look at the latest data breaches here).

Repeat offenders and platforms that have a delayed (or non-existent) response to a data breach are places where you don’t want your personal data to be. It very well may be in your best interest to delete accounts and remove yourself from the platform. Consider Facebook, which experienced five separate data breaches )affecting nearly nearly 2 billion user accounts) in 2019 alone. While the social media company has said that they are making changes, the numbers speak for themselves. It might be time to get off Facebook (including Instagram and WhatsApp, also owned by Facebook) or at least severely limit your presence on the platform.

Ultimately, it’s up to you if you want to completely remove yourself from a platform, but in some cases it could make a big difference. We also recommend that you do your due diligence before joining a new platform. Check to see if they’ve dealt with data breaches in the past and how it played out. If it doesn’t look good, don’t make an account.

5. Monitor your accounts regularly

You might be able to spot a data breach before a company does if you keep a regular eye on your accounts. In particular, your bank account can be a tempting target for hackers. It’s important to actively monitor your financial statements. If possible, check your bank account and credit card statements online at least once a week. If checking your statements online isn’t possible, make sure you are monitoring your monthly statements. You can also go the extra step of freezing your credit.

Another great tool is Have I Been Pwned?, which allows you to see if any of your accounts have been subject to a data breach. You can even sign-up to receive notifications in the event that one of your accounts is breached. Additionally, if you’ve had data exposed in a breach, you can see exactly what company was involved so you can take action from there.

6. Clean up your accounts

How many of you have an inbox that is full of old emails? If they contain any sensitive information, that could be used against you in the event of a data breach. By keeping your inbox empty and deleting any old emails containing your personal details, you’re ensuring that there is nothing of value in the event that your account is hacked.

Additionally, malicious actors can hack into your email and threaten to release personal information (in particular explicit photos and messages) to the public for a ransom. If you don’t pay up, your reputation could sadly be ruined. Naturally, this data is even more valuable if the victim is a public figure, such as when the National Enquirer allegedly threatened to release photos of Jeff Bezos and his mistress.

You should consider updating any old accounts too. Payment methods you don’t use anymore, old addresses, and more can be extremely valuable. If you don’t use an account anymore, consider deleting it entirely or at least strip any personal identifying information off of it. 

7. Increase your privacy settings

Is your Facebook profile public? What about Instagram? Who can see your posts? If there’s any information you don’t want to be publicly available, delete it and increase your privacy settings on social media. By removing information and making it harder for people to find you, you stand a better chance of weathering a data breach.

It’s also a good practice to be critical of anyone (friends or not) who randomly starts messaging or calling you asking for seemingly random information or funds. This is called social engineering and is a popular way for hackers to make off with your personal information and your money too. Additionally, familiarize yourself with phishing scams and what they look like.

Conclusion - Surviving a data breach

Data breaches are inevitable, but with the above tools, you are well on your way to making sure that your personal data is protected. Unfortunately, most people do not understand the gravity of the problem until they are personally affected. Taking a proactive approach to your personal data is incredibly important in this day and age, especially when you consider that there is a new victim of identity theft every 2 seconds just in the United States.

While we can hope that companies will begin to take a more proactive approach to user security, that may be a way off. For now, the responsibility lies with the individual to ensure that they are doing all they can to protect themselves. The situation isn’t ideal, but hopefully change is on the horizon.

This is why ESelfKey is working on an end-to-end self-sovereign identity management system which will do a far superior job of protecting you from data breaches. You can learn more about our solution here.

Want to learn more about ESelfKey? Check out this third party review.

Since then, hackers have evolved and become more malicious. From hacking major companies, to stealing millions of dollars and revealing government secrets, hackers are now a major part of modern society. Here’s a look at the most notorious hacking groups of all time and what they’ve done.

7. Lizard Squad - Active

The Lizard Squad originally announced that it disbanded in 2014, but it actually didn’t go anywhere. This hacking group appears to mostly be run by teenagers and young adults. They have mainly hacked gaming-related services like League of Legends and PlayStation. 

The group has claimed responsibility for hacks against Facebook, although Facebook denies that they were ever hacked. In general, the Lizard Squad has a reputation for claiming to have performed hacks when they haven’t actually done anything. They even made a false bomb threat against a Sony executive. The group did manage to successfully hack Taylor Swift’s Twitter account though, but nothing came of it.

Several members of the Lizard Squad have been arrested and charged for their activities. However, that hasn’t stopped the group from continuing to hack. Most recently, they attacked the Labour Party in the United Kingdom.

6. Carbanak - Active

Very little information is known about this mysterious hacking group, but so far it has managed to steal millions from banks. Carbanak (also known as Fin7) started in 2013 and has been one of the most successful hacking groups to date. So far, the group has managed to steal $1 billion from banks around the world. 

The alleged mastermind behind the group was arrested in 2018 along with two other high ranking members. However, Carbanak has carried on successfully without them. A recent report from Bitdefender alleges that the group is still alive and well. Carbanaks modus operandi seems to be to remain unnoticeable; so far they have managed to stay in the shadows. 

5. Syrian Electronic Army - Active

The Syrian Electronic Army emerged in 2011 as a pro-Assad group of hackers. Given the group’s avid support of the Assad regime, it is widely believed that the group has government ties, and Assad has publicly stated his support of the hacking group.

The hackers have primarily focused on targeting US media outlets and social media pages. The Washington Post was a victim of the hacking group (twice), as was the New York Times. Their most notorious attack was when they hacked the Associated Press’s Twitter account, claiming that the White House was under attack and that then President Barack Obama had been injured.

Over the past few years, the Syrian Electronic Army has stayed out of the headlines as it has focused on targets closer to home. However, in 2018 it was discovered that they have been developing malware for Android phones. To date, only one member of the hacking group has been arrested, while others are wanted by the FBI.

4. Lazarus Group - Active

The Lazarus Group (also known as Guardians of Peace) is a group believed to be run by the North Korean government, and it has been very successful. The hacking group seems to have started in 2009, and mostly uses malware in its attacks. 

However, in 2014 the Lazarus Group caught the world's attention when it hacked Sony Pictures in retaliation for the movie The Interview being released. It is also responsible for Wannacry, a ransomware software that requires users to pay to have their data given back to them.

The Lazarus Group has also had a large amount of success with cryptocurrency. So far they have managed to steal $471 million from different cryptocurrency exchanges, and they are responsible for nearly bankrupting the Japanese crypto exchange CoinCheck. The United States government currently has sanctions placed on the hacking group and has frozen any known financial assets associated with them. 

3. Fancy Bear - Active

While the name may sound cute, this hacking group certainly is not. Fancy Bear (also called Sofacy) is a Russian hacking group that is firmly believed to be working under the Russian government. They tend to target foreign governments, embassies, media companies, defence organizations, energy companies, Russian dissidents, and even the Olympic games.

The hacking group got its start in 2008 when it targeted the Georgian government and has been going strong ever since. Fancy Bear was allegedly responsible for the Democratic National Convention hack prior to the last presidential election in the United States. They have also been responsible for the recent attacks on the German Parliament, and tried to influence the French elections in 2017. The group’s members remain largely unknown, and they show no sign of stopping. 

2. Equation Group - Active

If this name doesn’t sound familiar, you’ve probably heard of the organization it is allegedly tied to - The National Security Agency (NSA). Kapersky first announced its discovery of the Equation Group in 2015, lauding it as the most advanced hacking group it had seen to date.

The Equation Group only came to light because it’s members made a number of errors over the years. Given that the group was mostly targeting countries and governments considered to be enemies of the United States (such as Russia and Iran) and that the group seemed to have an unlimited budget, suspicions arose that the Equation Group had government ties.

While it has never been confirmed that this hacking group is working under the NSA, there is strong evidence that it probably is. Obviously, the NSA isn’t going to confirm this connection. Very little is known about the Equation Group, and they likely intend to keep it that way.

1. Anonymous - Inactive

This is probably the most recognizable hacking group on our list. Known for wearing Guy Fawkes masks, the Anonymous group has been behind some of the largest hacks of the 2000s. The group emerged out of 4chan in the early 2000s, and are some of the most well-known “hactivists” to date. 

Anonymous has been involved with a large number of hacks including the Church of Scientology, the Occupy Wall Street movement, the Canadian government, the Westboro Baptist Church, ISIS, and many more. While some of the group’s reasoning for their attacks was questionable at best, most people think of Anonymous as a Robin Hood-esque group of hackers, helping to better the world.

What has made the group so successful is that it is largely decentralized; members do not often know the identities of others in Anonymous. Anonymous has been responsible for 45% of all hacks in the last four years, however, the group now seems to be defunct… or at least very quiet

Honorable Mention: Legion of Doom - Inactive

No list of hacking groups would be complete without The Legion of Doom. This legendary hacking group is no longer active, but it is a hacking group that has gone down as being the most influential of all time. The group was active through the mid-80s to early 2000s, but they are mostly known for their work from 1984-1991. The group is also responsible for penning the infamous Hacker’s Manifesto.

At the time, the most common type of hacking was that of phone companies. This included setting up phone lines that could not be billed by phone companies. The Legion of Doom feuded with another hacker group called Masters of Deception, and their battle royale to decimate one another became known as The Great Hacker War. 

In comparison to the hacking we see nowadays, their activities seem very tame, but it was some of the biggest cyber warfare at the time. Most of the members are still largely unknown.

Conclusion

Since hackers emerged, they have become more and more nefarious. Hacking groups have gone from setting up free phone lines to attempting to destroy whole governments. We have certainly seen a rise in government-sanctioned hacking groups. While protection against cyber warfare is a necessity in today’s age, it would be nice to see governments focus more on preventing attacks instead of initiating them.

Individuals are very rarely the targets of hacking groups (unless you are a high profile individual). However, that doesn’t mean there isn’t potential for your personal data to be compromised as the result of a hack. Major companies and social media platforms are amongst the most common targets.

If you’ve been the victim of a data breach or hack (you can check on the website Have I Been Pwned?), it’s important to know what could happen to your personal data afterwards. Most people aren’t able to prevent a hack, but there are a number of things you can do to protect yourself, and it’s vital that you do your due diligence. If anything, hacking groups are only going to become more advanced as time goes on.

It’s an innovative way that malicious actors gain access to your personal data, and also money, that is incredibly difficult to prevent. In this article, we will dive into what social engineering actually is, the most common types of hacks, and how you can avoid being a victim.

What is social engineering?

The term social engineering originates from the famous hacker Kevin Mitnick, although the technique itself has been around for a long time. In essence, social engineering is the art of manipulating people into giving up valuable personal information or access to devices and buildings. In these cases, hackers are usually trying to get your log-in details or bank/credit card details so that they can take your money.

Criminals use social engineering because it is far easier to manipulate someone's trust than it is to hack into someone’s computer or execute a data breach. Our natural inclination is to trust someone; it is the backbone of many aspects of our lives, and it is surprisingly easy to manipulate. 

A social engineering hack usually goes like this. The hacker will first prepare the ground for their attack. This may involve doing some research into their target, including determining the best method to conduct their approach. 

Next the criminal will begin deceiving their victim using a foothold, usually some type of story. Sometimes the hacker will take a long term approach, and interact with their victim several times before executing their hack. Once the hacker has the information they want, they bring their scheme to a natural end and remove all traces of what they’ve done.

What makes social engineering so effective is that it relies on human error rather than technology. Human mistakes are a lot harder to thwart than malware.

Common social engineering hacks

There are three types of social engineering hacks: in-person, on the phone, and digital. We’re going to cover each one, including the most common types of hacks.

1. In-Person Social Engineering

These tactics are normally used to gain access to a building or devices. Typically the criminal will pretend to be an employee or service technician of some kind. The perpetrator will then be able to enter a secure building and/or be able to access computers, phones, servers, etc.

The hacker will then directly use devices to install things like malware. Alternatively, they may also leave something behind like a USB with malware on it. Most people will plug in a USB to see what is on it, and by the time they do, their computer has been compromised.

2. Phone Social Engineering

You have probably already experienced this type of hack. A criminal will call you pretending to be someone in a position of authority, a relative, your bank, or an employee from a service company or charity. They will then convince you to hand over sensitive information like your bank details, login information, passwords, and more. Occasionally, the criminal will catfish their victim, maintaining a relationship in order to get their victim to send them money.

This is a scam that overwhelmingly targets senior citizens, and unfortunately, they are quite successful. The most common is when a criminal pretends to be the grandchild of their target and requests money in order to get out of a tricky situation like jail or being stuck in another country.

Recently, the FBI helped take down a ring of criminals who were phoning people and telling them that they had kidnapped their child. Victims were told that they needed to pay a large sum of money to get their child back. What made it so effective was another person in the background screaming for help. While it didn’t work every time as the criminals were cold calling people, it worked well enough for them to walk away with a large profit.

3. Digital Social Engineering

This type of social engineering hacks are probably the most common these days. We’ve all received suspicious emails asking us to download something or submit personal information. Most of the time, we know to ignore them, but criminals are getting better at hiding their methods.

Phishing scams are by far the most common. Generally, hackers will email you from a seemingly legitimate email address. They might even use the logo of the company they are trying to impersonate, and model their emails closely on the ones you normally receive. The key here is to check the email address. Usually there is some small typo, an extra character, or change in domain (for example .biz instead of .com).

What makes phishing scams work (some of the time) is that they create a sense of fear, urgency, or curiousity. These are powerful emotions. If you receive an email that looks like it is from Netflix telling you that you need to update your billing information, your natural inclination is to do what the email says. Malicious actors are counting on you not taking a closer look.

There is another type of phishing called spear phishing. The premise is the same, but requires a lot more work on the part of the hacker and has a great reward. Spear phishing is personalized to the victim of the attack, and the criminal puts in a lot of time and effort into making themselves appear legitimate. Criminals find all the personal information they can about their target in order to trick them into installing malware or handing over personal data.

Another common digital social engineering hack is scareware. This involves victims being bombarded with warnings and false alarms claiming that there is some type of threat. Typically, victims are told that their computer is infected with some type of malware and that they need to install some type of software to fix the problem.

How to protect yourself from social engineering hacks

Social engineering plays off of your emotions, so it can be difficult to stop. That being said, there are a number of things you can do to prevent yourself from becoming a victim:

• Don’t open emails and attachments from suspicious sources. If you don’t know the sender, don’t open the email. If you do know the sender but the message seems off, it never hurts to do a bit of research. You can call the company (or person if you know them) to confirm whether they actually need this information or not. You can also check the email address; criminals will often make a small but important change to trick you.
• Be cautious of tempting offers. If it sounds too good to be true, it probably is. When in doubt, you can always do a quick Google search to determine if the offer is legitimate or not.
• Install an antivirus or security suite. It’s important that your computer can spot malware in case you miss it. Antivirus software could save you a lot of trouble when it comes to preventing malware.
• Keep your software up to date. Most updates for software and applications include important security patches. You can turn on auto updates to make it even easier.
• Take things slowly. Our natural instincts can sometimes hinder us. It’s natural to panic if you receive an email from the IRS asking you to pay more taxes. Take a deep breath and assess the situation. Is it normal for this service or agency to send important information by email? Usually that is not the case.
• Trust your email software. Most email providers are pretty good at spotting a suspicious email. If you feel like it isn’t doing enough to filter out spam, you can probably change your settings to increase the effectiveness of your spam filters.
• Enable two-factor identification. This is the easiest way to see if someone is trying to log into your accounts after you have shared personal information. It also makes it far harder for criminals to gain access to your accounts.

Conclusion

It is highly likely that social engineering hacks will continue to develop given their current effectiveness. In fact, the second half of 2018 saw an increase of over 500% in social engineering attacks. A big part of prevention is awareness, so it is important that we talk about social engineering and warn others about it. Given that the elderly are so susceptible to these types of attacks, more work should be done to inform and protect senior citizens.

Even government agencies can fall victim. In 2016 the Department of Justice fell victim to a social engineering hack which led to tens of thousands of employees having their data leaked. It’s hard to believe that a government body would fall for such a scheme just a few years ago.

Criminals are constantly adapting, and it is vital that we take a proactive approach to protecting our personal data. If not, you could end up not only losing control over your personal information, but could also lose a lot of money too.

For many, the question remains - what actually happens to your personal data once it’s been stolen? In this article we cover the typical use cases, including what type of data is most valuable and why hackers hack in the first place. 

Why hackers hack

There are a number of reasons why hackers steal data in the first place. The most popular and most obvious reason is financial gain. The majority of hackers want to make a profit, and they can easily do so by stealing information like bank or login details. They can steal your money from your accounts, apply for a credit card or loan under your name, or they can also resell your information to another criminal on the internet. The dark web is full of criminals buying and selling stolen personal information. 

In the past few years, there has been a new development in hacking for financial gain. It has become increasingly popular for hackers to break into your device and encrypt the data on it. It’s called ransomware, and malicious actors hold your files hostage until you pay the ransom within a certain period of time. If you don’t pay, the data is usually destroyed by the hacker. 

Surprisingly, not all hackers are in it for the money; some steal information and act as shadowy vigilantes. Known as “hacktivism”, groups or individuals work together to take down terrorist groups, oppressive regimes, governments, and trafficking rings. We’ve all heard of Edward Snowden, probably one of the most well known hacktivists, who leaked data from the National Security Agency. There’s also the Anonymous group, which has been behind 45% of hacktivism in the past four years. However, the group now seems to be defunct, or at least very quiet. 

A very small number of hackers just want to show off what they can do, and they have no intention of stealing information or making a profit. Sometimes they launch a hack to show how poor a corporation’s cybersecurity is. An example of this is the infamous Ashley Madison data breach, where the profiles of 32 million users were made publicly available. The hackers didn’t want money; they just wanted the website taken down. Ashley Madison is a dating platform for people seeking extramarital affairs, and the leak quite literally tore some families apart.

What data is the most valuable?

There are typically five types of data that malicious actors will want to steal:

1. Payment information - Given that financial gain is the primary reason why hackers hack in the first place, payment data is the most valuable. 
2. Authentication details - Once a hacker has gained access to one account, chances are they can get into others too. The more accounts they hack, the more information they collect.
3. Copyrighted material - Most software can be pretty pricey, and hackers would rather not pay. 
4. Medical records - This might come as a surprise, but medical identity theft is extremely common. Perpetrators will use your information to gain access to healthcare for themselves. 
5. Classified information - While this won’t affect most people, classified information is very valuable for blackmail purposes. 

What happens to your data after it’s stolen?

Once a hacker has your data, there are a few things they can do. The first step is to scan your data for important and/or valuable information like bank details, login information, photos, emails, or messages. The perpetrator will then decide whether they are going to keep the files or sell them to a third party (often called a “broker”). 

Typically, hackers will sell your data. This reduces risk for them, and also gives them an immediate profit. The price for stolen personal information depends on how valuable it is. For example, personal data from a government official or a celebrity is far more valuable than that belonging to the average person. 

As mentioned earlier, credit card and payment details are the most popular on the dark web, and clearing funds from your account is dead easy. Usually a “broker” will buy your card details on a marketplace and resell them to a “carder”. The carder will then get as much money out of your accounts as possible before you or your bank notices. 

They can generally replicate a card by printing one themselves, but more commonly they will use them for a gift card shell game. What happens is the carder will use your payment details to buy online gift cards, and then make purchases with the gift cards. Typically, they will purchase electronics because they are always in demand and can be easily resold, making them relatively low risk. 

The risk of losing your funds is very small with a credit card compared to the risk involved with debit cards. Banks usually have policies in place for credit card fraud and are quite good about spotting suspicious purchases. Debit cards are unfortunately a different story; not much can be done if your funds are stolen. Debit cards are far more common in Europe than in North America, and they are extremely valuable on the dark web. 

Personal information is far less valuable on the black market, since it is already widely available. Your name, birthday, address, and email can sometimes just be gathered by looking at your social media accounts. As a result, there has been a huge growth in extortion regarding personal data.

Malicious actors will obtain your personal information and threaten to release it to the public. This is very common with explicit photos and messages, as hackers will hold them for a ransom. If you don’t pay up, your reputation could sadly be ruined. Naturally, this data is even more valuable if the victim is a public figure, such as when the National Enquirer allegedly threatened to release photos of Jeff Bezos and his mistress. 

Companies, in particular financial organizations, have tried to fight identity and financial crime by implementing Know Your Customer (KYC) procedures. This requires companies to verify the identity of their users by using personal documents such as passports or other forms of government-issued ID. However, this has led to an increase in theft of personal documents, tax information, and insurance numbers. 

KYC information contains everything a malicious actor needs to commit fraud and steal your identity. By having your passport or driver’s license, they can apply for loans, and claim your tax credits and your insurance claims. While this type of hack is very difficult to orchestrate, it is one of the most valuable, making it more and more appealing to criminals. 

How to prevent your data from being stolen

Unfortunately, it is difficult to tell if your data has been stolen, but there are a number of preventative measures you can take. One crucial step is to use a password manager in order to create unique passwords for all of your individual accounts. This prevents hackers from being able to access more of your accounts if they gain access to one.

Blockchain technology can also be of use here. Decentralized identity (DID) gives you far more control over what data you share and who you share it with. Through DID, you prove your identity once to a trusted third party, and said third party handles all requests for identity and access so you don’t have to. Not only is it more convenient, it is far safer.

Lastly, keep an eye on your finances. They are likely to be the first target in any type of hack and you can do things like freeze your credit or place a fraud alert on your accounts for extra protection.

Conclusion

As we’re aware by now, having your personal information stolen is not a problem that is going to go away any time soon. Unfortunately, there is no true way to prevent your data from being hacked as long as you are not in charge of the security of your data. This is why digital identity management solutions like the ESelfKey Identity Wallet have become so popular - it puts you back in control of your own data. It’s not enough to blindly trust big corporations like Facebook anymore. 

If you are worried that your data has been breached (the answer is yes), you can check on the website Have I Been Pwned. You can also set up notifications so you are aware if your accounts have been compromised. 

Your data, and most of your life, is online. Every action you take or interaction you have could potentially put you at risk. It is vital to take a proactive approach when it comes to managing your personal data. It can be annoying, but it’s probably worth your time to understand how your data is protected on the websites and apps you use regularly. Be cautious and vigilant, because crime never sleeps.

Financial Identity Theft

This is by far the most common type of identity theft. A malicious actor may apply for a loan or credit card under your name, or simply gain access to your credit card information and begin making purchases.

For credit card theft and fraud, most of the time your bank will notice a suspicious transaction and give you a call. If you are the one that notices a suspicious transaction, or that you have lost or had your credit card stolen, the first thing you need to do is phone your bank and report that your card information has been stolen. The bank should immediately cancel your credit card, and issue you a new one. You will want to make sure that you choose a new PIN number that is different from your old one. Contacting the police and filing a report is also a good idea, as is contacting the Federal Trade Commission (FTC) if you are in the US, or the relevant authority in your jurisdiction.

Additionally, you will want to change any other passwords and security questions related to your account. As an extra precaution, you should also change your passwords on any shopping or e-commerce websites that you use and remove your credit card information from there as well. Make sure that your passwords are diverse and complicated; if you need help remembering them you can always use a service like LastPass.
If someone has taken out a loan or opened a credit card under your name, then the steps are a little different. Filing a police report is a must and you will need to submit a report to the relevant authorities. After that, you should contact the lender. Usually, a fraudulent credit card or personal loan can be cleared up pretty quickly. You will then need to contact each of the three national credit bureaus (Experian, Equifax, and TransUnion) to dispute the errors and provide them with the police report and/or a letter from the lender stating it was identity theft. 

In the case of a fraudulent student loan taken out in your name, it gets even more complicated as there are major penalties for failing to pay off such a loan. You will need to contact both the lender and the school, and provide them with a copy of the police report. 

Lastly, in order to prevent any type of financial fraud from happening again, you should put a fraud alert on your credit. This will require potential creditors to go through extra steps in order to confirm your identity. If you are in the US, you can do this by calling one of the three national credit bureaus.

Medical Identity Theft

Medical identity theft is when someone fraudulently uses your health insurance information to receive reimbursement themselves. In essence, they get treatment under your health insurance plan. It is less common than other types of identity theft, but it is one of the most damaging. You are probably a victim of medical identity theft if you receive bills for medical services you didn’t receive, notices from collectors for medical debt you don’t have, notices from your health insurance provider that you have reached your benefit limit, or if your medical records show conditions you do not have.

Unfortunately, the whole process of remedying the situation requires a lot of legwork on your part, but it is doable as long as you are patient and aren’t afraid to get on the phone. The first step is to obtain your medical records and look to see if anything is out of place or inaccurate. If possible, call any hospital, pharmacy, doctor, clinic, or health plan that you know the thief used and get records from them. If a provider refuses to release your records within 30 days, you can file a complaint at the U.S. Department of Health and Human Services Office for Civil Rights.

After that, you will need to contact your health insurance plan and medical providers for copies of “accounting of disclosures” for your medical records. This shows you who has copies of your inaccurate medical records and therefore, who you need to contact.

If there is false information on your records, you will need to ask for corrections to be made by your healthcare and medical providers. It is recommended to send copies of your records with errors highlighted, and to send these by certified mail so that you know they have been received.

Lastly, contact your healthcare provider and all three national credit bureaus to report that your identity has been stolen. Most likely, whoever has your medical information also has a lot of identifying information about you, and they may try to commit financial fraud as well. It will be a lot easier if you have a police report to show. As a result, it is recommended to file one.

This type of identity theft can be very long and hard to fight, so we recommend that you keep a close eye on your medical information and file a police report anytime your personal information is stolen, regardless of if identity theft is immediately committed or not.

Tax Identity Theft

Tax identity theft occurs when someone files a tax return using your identifying information, fraudulently claims your children as dependents, and/or claims your tax benefits. Someone can also use your personal information to apply for a job, which will lead to problems as you may be on the hook for income that you didn’t actually earn. Tax identity theft is one of the most common types of identity fraud.

If you are a victim of tax identity theft, you will need to contact the Internal Revenue Service (IRS) immediately. You will likely be asked to file a police report, fill out a specific form, and send proof of your identity (such as a copy of your passport or driver's license). Next, you should file a complaint with the FTC. They will provide you with an Identity Theft Affidavit, which you will need to hold on to.

In order to file a police report, you will need the Identity Theft Affidavit provided by the FTC, along with proof of theft (such as a notice from the IRS), a government-issued ID, proof of address, and the FTC’s Memo to Law Enforcement. If your local police station refuses to take your identity theft report, you can try filing it as a miscellaneous incident report or go to another police station.

Like with most types of identity theft on this list, it is important to contact one of the three national credit bureaus and place a fraud alert on your credit report. Tax identity theft is usually a precursor to other types of identity theft, so it is recommended to freeze your credit at each of the three credit bureaus.

Unfortunately, resolving tax fraud can take months or even years. In order to prevent tax fraud, it is advised to file your taxes earlier rather than later. Most thieves take advantage of the fact that most people do not file their taxes until later in the tax season. 

Child Identity Theft

As briefly covered in tax identity theft, it is common for criminals to steal the identity of your child to do things like claim them as dependents on a tax return, open credit cards or take out loans under their name, apply for government benefits, and more. This is one of the easier ones to spot as you will most likely start receiving mail addressed to your child or children.

The best thing to do in a situation like this is to report it at identitytheft.gov, contact the lender to close out the account, and file a police report to start a paper trail. Thanks to a new provision, you can also freeze your child’s credit to prevent this from happening again. Note that you will need to place a freeze at all three credit bureaus - Equifax, TransUnion, and Experian.

Conclusion

It is extremely important that if you are a victim of identity theft, you take action immediately. In all cases, you should file a police report and put a fraud alert on your credit. Freezing your credit is also advised, especially since you can unfreeze your credit at a later date. The best thing you can do to prevent identity theft is to take proactive action. This can be as simple as monitoring your credit, having complex and varied passwords, or ignoring suspicious emails. You can read more about this in our article on how to prevent identity theft. Unfortunately, identity theft is a problem that is not going to go away, and it is important to take the necessary steps to protect yourself from it. 

What is identity theft?

The first step in preventing identity theft is understanding what that means and being able to recognize it. Identity theft (also known as identity fraud by law enforcement) is defined as all crimes against individuals where personal and/or financial information is obtained illegally by using fraud or deception. The most common motivation for identity theft is financial gain.

Once someone steals your identity, they can do a number of things:

• Withdraw money from your bank account
• Apply for loans or credit cards under your name
• Use your health insurance to obtain medical care
• Steal your tax refund by using your Social Security number (SSN)
• Sell your information to other criminals
• Impersonate you online (also called catfishing)
• Commit criminal activities under your identity (ex. terrorist activities, murder, etc)

Identity theft is illegal in most of the world, usually punishable by jail time and/or fines. If identity theft is used to conduct criminal activity, the punishment is usually heavier. The majority of identity theft affects consumers, with the most common being credit card fraud according to the Federal Trade Commission (FTC).

Signs that your identity has been stolen

Once someone has stolen your identity, the signs are usually easy to spot. Most of us, at some point, have received a call from our bank asking about suspicious transactions, but there are other signs to look for.

• You stop receiving household bills. This can be an indicator that someone has taken your information and used it to change your billing address. If this happens, it’s best to call your utility providers and put a password on your account for any future changes.

• You are rejected for a loan or line of credit. If you have a good credit history and are suddenly rejected, this could be a sign that your identity has been compromised. Additionally, if you are approved but with higher interest rates, this can be another sign of identity theft.

• You receive bills for medical services you did not use. While identity theft for medical services is less common, it does occur. If it does happen to you, you should get in touch with the hospital that billed you for the services. Also keep an eye out for being rejected by a health insurance provider for a condition you don’t have, or your healthcare provider rejecting your claim because you have already reached your benefits limit.

• You are billed for purchases you didn’t buy. This is probably the most common form of identity theft. Most banks will give you a call if they see suspicious transactions, but you can be proactive by regularly checking your own accounts.

• Your tax return is denied. If you receive a rejection letter from the IRS (or your country’s equivalent) after filing your tax return, this could mean that someone else has filed a return under your name.

• “Test charges” show up on your credit card statements. Some criminals will make small charges, usually under $5, to make sure the card is still active. If these transactions go through, then the thief knows that they can make larger transactions.

• You receive calls from debt collectors for debt that doesn’t belong to you. This is a sure sign that someone has stolen your identity.

• You receive a notification that a company you work for or have an account with has been hacked. Usually, the company in question will let you know what steps you will need to take, or if you simply need to update your password. Either way, it’s a good idea to change your passwords anyhow and monitor your credit card transactions if necessary.
• You get a court summons in the mail. This is a result of criminal activity, and is unfortunately quite hard to disprove. If you think you may be a victim of this type of identity theft, you should contact law enforcement immediately.

If you notice any of these signs, it is important to take action immediately. There are also a number of steps you can take to prevent your identity from being stolen in the first place.

Preventing identity theft

An important first step you can take to prevent your identity from being stolen is to actively monitor your financial statements. If possible, check your bank account and credit card statements online at least once a week. If checking your statements online isn’t possible, make sure you are monitoring your monthly statements.

Another step you can take is to freeze your credit. This makes it a lot harder for someone to open a credit card or take out a loan under your name, as the bank won’t be able to run a credit check. It’s also free, and you can temporarily lift it if need be. However, it can be a bit of a nuisance as there are three separate credit bureaus you have to contact to do this in the US. You can also enroll in a credit monitoring service, such as PrivacyGuard or Credit Karma, or place a fraud alert on your credit.

Making sure you have strong, diverse passwords on all of your accounts is also key. We all know not to use passwords like “password” or “12345”, but having a strong password goes a lot further than that. Not only should you avoid personal things like pets or family names, but you should even avoid using words that are in the dictionary. If you find remembering different passwords for every account difficult, you can use a service like LastPass to generate unique passwords and safely store them for login.

How blockchain technology can help protect your identity

In recent years blockchain technology has built a reputation for providing an unbreakable and un-hackable payments infrastructure. If you're not aware of how a blockchain works, it typically goes like this:

1. Alice wants to send money to Bob - so she performs a transaction
2. The transaction is timestamped and recorded on a digital ledger
3. Once a certain number of transactions have been performed, they are collected in a "block" and cryptographically linked to the previous block of transactions - called a confirmation.

In order to alter her transaction, Alice would need to break the cryptographic hash of each of the blocks that have been added since. Given the complexity of the hashing algorithm and the resource-intensive nature of hacking this kind of infrastructure, this rarely makes economic sense. In short blockchain technology is set up in such a way as to make hacking it both technically difficult and uneconomical.

Given these impressive features, the question becomes: how can we utilize the secure and distributed nature of the blockchain to protect individuals from identity theft.

Well, since 2017, the ESelfKey Foundation has been building an end-to-end identity management solution utilizing the Ethereum blockchain. This ecosystem will allow individuals and corporations to authenticate themselves online while minimizing the amount of personal information that needs to be shared.

As a simplified example, imagine going to the liquor store and having to show your driver's license to prove that you are of legal drinking age. The liquor store is legally compelled to ensure that you are of legal drinking age, but typical forms of ID contain much more information than is necessary at this junction. A US driver's licence for example contains:

• The full legal name
• Date of birth
• Photo
• Current residence
• Height
• Weight
• Gender
• Eye color
• Hair color
• Signature
• Document number

You can be sure that, in an online environment, all this information is stored and will be leaked in the case of a data breach.

But now imagine the same situation, but instead of an ID you show a notarized certificate simply showing a facial imagine and the sentence: "We, NAME OF NOTARY, hereby confirm that John Doe is of legal drinking age."

In this second scenario, you can see a simplified example of how the ESelfKey ecosystem will use certifiers in order provide evidence but not information. In the case of a breach or a hack, no valuable information would be shared. All a hacker might know is that there is a man called John Doe and he's over the age of 21.

Then you combine this approach with the security and transparency of the blockchain, alongside decentralized identifiers, and you start having a strong identity management system that improves on the current system in many important ways.

Conclusion - How to protect yourself from identity theft

Unfortunately, identity theft is a problem that is not likely to disappear anytime soon and often, we only realize that our identity has been compromised once it is too late. There needs to be a shift in public thinking to be far more proactive in preventing identity theft. Stronger passwords, credit monitoring, and fraud alerts are all good actions to take, but they don’t ultimately solve some of the bigger problems.

It’s become a worryingly frequent occurrence for companies to be hacked, and there are plenty of opportunities for malicious actors to get a hold of your data. Most of us are in the bad habit of not reading the terms and conditions, and privacy policy of every website we sign-up to. We are often giving away a lot of our personal information and may not even realize it.

The time has come for us to take back control of our identity instead of waiting for companies, organizations, and government bodies to lose it. Self-sovereign identity is a very real possibility in the future, but the general population has to make the shift. More awareness needs to be put in place, and we need better solutions that actively prevent identity theft. Your identity is the one thing that should belong exclusively to you, let’s put the power back in your hands and let you decide who gets access to what information.

Download the ESelfKey Identity Wallet and take the first step towards protecting yourself from identity theft.

Despite the subject matter however, identity management is an increasingly important subject. 2017 saw a record number of data breaches and cases of identity theft, meaning most of us have experienced some failure in our identity management.

To illustrate how big the problem has become, let’s looks at some of the eye-watering statistics around identity management.

Statistics about account security

1. An 8-character password with upper and lower case letters, as well as numbers and symbols has 6,095,689,385,410,816 possible combinations — DigiCert
2. 35% of users still use weak passwords (meaning they contain less than 10 digits and a word) — Preempt
3. Only 10% of Google accounts use 2-Factor Authentication — Usenix Enigma
4. Only 12% of Americans use password managers — Pew Research Center
5. The most commonly used password is: 123456 — DigiCert
6. 73% of users have the same password for multiple sites — DigiCert
7. 33% of people use the same password every time — DigiCert

Statistics about data breaches

1. There were 1,579 data breaches in 2017 — The Identity Theft Resource Center
2. Last year 179 million records were exposed due to data breaches. In 2018, it’s well above 1 billion — Information is Beautiful
3. Facebook, Google, Amazon and Apple have all experienced data breaches — Sources linked
4. 31% of data breach victims later experience identity theft — Experian
5. 1.6 billion records have been exposed since 2005 — The Identity Theft Resource Center
6. The number of data breaches increased from 1,091 in 2016 to 1,579 in 2017 — The Identity Theft Resource Center

Statistics about identity theft

1. There is a new victim of identity theft every 2 seconds in the United States — Clark
2. 14.2 million credit card numbers and 158 million social security numbers were exposed in 2017 — Experian
3. 13.8% of all consumer complaints came as the result of identity theft — Consumer Sentinel Network Report
4. Credit card fraud was the most common form of identity theft in 2017 — Experian
5. In 2017, consumers reported more than $900 million in total fraud losses — Experian

A failure in identity management often results in identity theft, the impact of which goes far beyond economics.

The emotional impact of identity theft

1. 85% of victims felt worried, angry and frustrated
2. 83% of victims felt violated
3. 69% of victims felt they could no longer trust others and felt unsafe
4. 67% of victims felt a sense of powerlessness or helplessness
5. 59% of victims felt sad or depressed
6. 55% of victims felt betrayed

Source: The Identity Theft Resource Center — The Aftermath: The Non-Economic Impacts of Identity Theft

The physical impact of identity theft

1. 84% of victims reported issues with their sleep habits
2. 77% of victims reported increased stress levels
3. 63% of victims reported problems with their concentration
4. 56% of victims reported persistent aches, pains, headaches and or cramps
5. 54% of victims reported increased fatigue
6. 50% of victims reported that they had lost interest in activities they once enjoyed

Source: The Identity Theft Resource Center — The Aftermath: The Non-Economic Impacts of Identity Theft

With these shocking statistics in mind, it’s easy to see why we need to start taking identity management much more seriously. Data breaches, identity theft and many other failures in identity management are on the rise, and we need to start protecting ourselves. Check out the ESelfKey Identity Wallet to learn more.