The problem of data breaches, or data leaks, is now affecting hundreds of millions of internet users. Reports of new breaches of personal data are a frequent occurrence, with private login passwords and customer information being accidentally exposed or deliberately stolen from company systems and appearing in vast files on online hacker forums. Although it is practically impossible to eliminate all risk, there are steps you can take to protect yourself and your business.
Types of data breaches and their consequences
Data breaches take on various forms and can have numerous consequences. In the instance of a ransomware attack, in which a malicious actor uses malware to access data stored by a company, the attacker has a number of options available to them. They may opt to steal and encrypt the data, and extort the company for payment in exchange for the decryption tools required to recover it. Alternatively, given the increased corporate use of secure back-ups, cyber attackers often threaten to expose data in public forums, shaming the company should they refuse to pay the ransom. In other breaches, personal data accidentally left unguarded by companies is posted online by internet researchers, often to motivate companies to tighten their data protection practices. And even tech giants can be vulnerable – in April 2021, phone numbers and other information from 553 million Facebook users was leaked on a hacker forum, after it had initially been exposed two years earlier.
But it’s not just consequences from the hackers themselves that companies may face in the wake of an attack – they may also be subject to reputational damage from the resulting publicity, and even lawsuits. In August 2021, T-Mobile was hit with a massive breach, exposing the personal information of at least 40 million users, potentially including full names, birth dates, social security numbers, and driving licence records. Armed with such information, criminals can potentially commit numerous crimes related to identify fraud, such as opening bank accounts or taking out loans in the targets’ names. T-Mobile is consequently facing two major class action lawsuits, accusing it of violating the California Consumer Privacy Act.
Stolen data is not limited to login and password details: any information that an organisation stores about their customers is vulnerable. Much of this data is uploaded to RaidForums, an easily-accessible website on the surface web where users trade and sell data breaches, along with numerous ‘pastebin’ archive sites. In summer 2021, Volkswagen disclosed a data breach affecting 3.3 million current and potential customers, including driving licence numbers. In March 2021, the Clop ransomware hacker group stole data from several American universities and subsequently leaked students’ passports and federal tax documents. In April 2021, New York property management company Douglas Elliman suffered a breach potentially exposing the financial documents of thousands of customers. And most recently, in August 2021, a hospital in the United States was attacked by criminal group Vice Society. When it refused to pay the ransom, private health information was exposed, seemingly including patient medical photographs.
Protecting yourself from data breaches
The risks of data breaches are of particular concern for high-profile businesspeople, public figures, and industry leaders. There are serious privacy risks, with the possibility of reputational damage should information about wealth, property, health or lifestyle become public knowledge. Many of these data points also play an important role in digital security. Such information can be used in financial crime, and in phishing and social engineering attacks. Great harm could be caused to a CEO’s business if criminals gain access to their social media accounts, let alone their online banking or financial records. Similarly, if you manage or work for a company that stores private data, pay attention to your systems’ protections. Your data could be at risk, if it is not already exposed to those who know how to find it.
At Digitalis, we have been able to identify personal contact information for our clients, and using simple online services, we have detected that this information appears in numerous data breaches. Accessing this data has its complexities, but criminals know exactly where to find it and how to utilise it, so it’s important to take steps to reduce the risks. Digitalis offers services to identify the information that is publicly available in open sources, and our reports outline practical recommendations on how to manage your online privacy.
Limiting the information that companies hold on you, before it is exposed, is a practical step you can take to minimise risk. Many services enable you to request the removal of your private data from their systems, and they can also be approached through legal avenues if necessary. Regularly changing passwords is also recommended, to prevent easy access to your online accounts through breached data. It is best to use a unique password per service. Consider using a password manager to create and manage longer, unique passwords, and turn on two-factor authentication. You may even wish to use a unique email address per service.
However, cybersecurity experts agree that it is virtually impossible to fully eliminate the risk of data breaches. This issue now affects everyone online. It is probable that your own email address and passwords appear in a data breach, and the working from home phenomenon is only exacerbating the risks. Many employees are working from their home networks, mixing professional and personal internet activity, and unwittingly exposing employer networks to malware. Be careful what data you provide to any company or institution, and stay aware of the information that is available to hostile actors in hard-to-access corners of the internet.
Please contact Digitalis if you are concerned about any of the issues raised in this article.
Privacy Policy.
Revoke consent.
© Digitalis Media Ltd. Privacy Policy.
Digitalis
We firmly believe that the internet should be available and accessible to anyone, and are committed to providing a website that is accessible to the widest possible audience, regardless of circumstance and ability.
To fulfill this, we aim to adhere as strictly as possible to the World Wide Web Consortium’s (W3C) Web Content Accessibility Guidelines 2.1 (WCAG 2.1) at the AA level. These guidelines explain how to make web content accessible to people with a wide array of disabilities. Complying with those guidelines helps us ensure that the website is accessible to all people: blind people, people with motor impairments, visual impairment, cognitive disabilities, and more.
This website utilizes various technologies that are meant to make it as accessible as possible at all times. We utilize an accessibility interface that allows persons with specific disabilities to adjust the website’s UI (user interface) and design it to their personal needs.
Additionally, the website utilizes an AI-based application that runs in the background and optimizes its accessibility level constantly. This application remediates the website’s HTML, adapts Its functionality and behavior for screen-readers used by the blind users, and for keyboard functions used by individuals with motor impairments.
If you’ve found a malfunction or have ideas for improvement, we’ll be happy to hear from you. You can reach out to the website’s operators by using the following email webrequests@digitalis.com
Our website implements the ARIA attributes (Accessible Rich Internet Applications) technique, alongside various different behavioral changes, to ensure blind users visiting with screen-readers are able to read, comprehend, and enjoy the website’s functions. As soon as a user with a screen-reader enters your site, they immediately receive a prompt to enter the Screen-Reader Profile so they can browse and operate your site effectively. Here’s how our website covers some of the most important screen-reader requirements, alongside console screenshots of code examples:
Screen-reader optimization: we run a background process that learns the website’s components from top to bottom, to ensure ongoing compliance even when updating the website. In this process, we provide screen-readers with meaningful data using the ARIA set of attributes. For example, we provide accurate form labels; descriptions for actionable icons (social media icons, search icons, cart icons, etc.); validation guidance for form inputs; element roles such as buttons, menus, modal dialogues (popups), and others. Additionally, the background process scans all of the website’s images and provides an accurate and meaningful image-object-recognition-based description as an ALT (alternate text) tag for images that are not described. It will also extract texts that are embedded within the image, using an OCR (optical character recognition) technology. To turn on screen-reader adjustments at any time, users need only to press the Alt+1 keyboard combination. Screen-reader users also get automatic announcements to turn the Screen-reader mode on as soon as they enter the website.
These adjustments are compatible with all popular screen readers, including JAWS and NVDA.
Keyboard navigation optimization: The background process also adjusts the website’s HTML, and adds various behaviors using JavaScript code to make the website operable by the keyboard. This includes the ability to navigate the website using the Tab and Shift+Tab keys, operate dropdowns with the arrow keys, close them with Esc, trigger buttons and links using the Enter key, navigate between radio and checkbox elements using the arrow keys, and fill them in with the Spacebar or Enter key.Additionally, keyboard users will find quick-navigation and content-skip menus, available at any time by clicking Alt+1, or as the first elements of the site while navigating with the keyboard. The background process also handles triggered popups by moving the keyboard focus towards them as soon as they appear, and not allow the focus drift outside of it.
Users can also use shortcuts such as “M” (menus), “H” (headings), “F” (forms), “B” (buttons), and “G” (graphics) to jump to specific elements.
We aim to support the widest array of browsers and assistive technologies as possible, so our users can choose the best fitting tools for them, with as few limitations as possible. Therefore, we have worked very hard to be able to support all major systems that comprise over 95% of the user market share including Google Chrome, Mozilla Firefox, Apple Safari, Opera and Microsoft Edge, JAWS and NVDA (screen readers), both for Windows and for MAC users.
Despite our very best efforts to allow anybody to adjust the website to their needs, there may still be pages or sections that are not fully accessible, are in the process of becoming accessible, or are lacking an adequate technological solution to make them accessible. Still, we are continually improving our accessibility, adding, updating and improving its options and features, and developing and adopting new technologies. All this is meant to reach the optimal level of accessibility, following technological advancements. For any assistance, please reach out to webrequests@digitalis.com