A quick overview of what the term Data Breach actually means.Basically data breach or data leak as some call it happens when protected/sensitive data is leaked due to human errors or by a black hat hacker who takes advantage of the vulnerable and unprotected data from the computer/server of a company or organization or even a user.The data can be of any type ranging from the personal information of it’s users to credit card and banking details!
You can’t always count on your cyber security systems to prevent such a breach from happening because even the most secure systems contain vulnerabilities.The hackers don’t really need a huge hole to pass through and compromise a system even a small bug/glitch can be used to their advantage.It’s just a matter of “when” and “if” since the target’s of the hackers are never specific it can be a small organization or even a multi-national company and large co-operations.And this is a topic we will be looking into in the coming future.
Since you have an idea of what data breach is let’s take a look at the major data breaches from this year-
Oneplus-In the beginning of the year Oneplus,famous smartphone maker faced a breach and confirmed that up to 40k customers’ payment card details had been compromised due malicious code in its payment page.
UIDAI Aadhaar-Aadhaar details of 64k students have been put up on the website, under the ‘Know your college’ section.Yeah,hackers can’t be blamed everytime human errors can cause it too.
British Airways breach-During this breach personal and financial information of more than 380,000 customers who bought tickets between 21 aug — 5 sept was compromised.
T-mobile-The breach compromise the personal details of nearly 3% of its user which makes up nearly 2.3 million people.
Dixons Carphone-In July 2018, the electronics retailer confirmed that 105,000 customers’ payment card details had been compromised and it also faced a major breach in the previous year which compromise the data of nearly 10 million user.
Sungy Mobile Limited (GOMO)-Every android user must have come across their apps at least once which has a prefix “GO” in the beginning of their apps and has nearly 2 billion downloads.And the company “accidently” leaked more than 50 million consumers’ information due to a mis-configured backup, a lot of those 50 million consumers were children and if their parents know about it is still a question.
Huazhu Hotels Group-this is the largest data breach that happened in the month on august and largest in the country in 5 years,which had compromised the data of whooping 130 million customers which was sold in the black market for 8 bitcoin initially and lowered to 1 bitcoin later.
So it all sounds scary right when your personal data is in the hands of a hacker?So what can you so in a situation like this?Apparently there is not a lot you can do about your info but you can deny access.Here are some tips from our side to follow if you face a data breach-
If you are an individual-
- 1.First things first,breath easy and follow the simple steps instead of hitting the panic button on your brain and work it out the right way.
- 2.Be updated about the latest security news to know about the latest breaches.
- 3.In case of a beach analyze the breach and see what all info has been compromise and clarify if the bad guys can use your sensitive data.
- 4.Change that old password which isn’t really your “personal” password anymore.
- 5.Enable two factor authentication add an extra layer to your account’s security which will ask you to enter a pin which you receive as OTP SMS or email even if you enter the right password.
- 6.Use password managers to store your passwords and keep a lengthy complicated one since the manager will take care of it and you don’t have to type the password each time.
- 7.Create a dedicated recovery email address which we suggest you shouldn’t use for anything else.
- 8.Contact your Credit card provider and discuss with them what to do with the situation.
- 9.Change your credit card pins and other passwords in a certain interval.
- 10.Use burner debit cards that are connected to your actual bank account, but aren’t your actual debit cards.
If you are an organization-
- 1.Large scale breaches suck,and here’s what you can do if your company or organization suffered from it.
- 2.Access the situation and check what really happened and how it affected your organization and see what had caused it.
- 3.Check which data and what type of data was affected(personal info/sensitive data).
- 4.And access the consequences you will have to go through depending on the information that was compromised.
- 5.Report the staffs about it and check if it happened due to a human error and in case of human error train the employees to improve security in the future.
- 6.If the personal info of users/customers was breached alert them about it even though it will have a negative impact,if would be worse if you didn’t alert them.
- 7.Last but not least you will have to report ICO(https://ico.org.uk/) about the breach with name of your DPO (data protection officer).
- 8.And one extra and kind ridiculous tip,go through the black market stores through which black hats prominently sell these info.
As of now these are the best tips our team can provide you if you face a data breach of any kind.And yeah like i said not just large organizations are affected by data breaches even small companies to single users can be affected by it so it is advised to keep your cyber security up to date and do some pen-testing to make sure hackers can’t just come in and go as they please.
That’s all for now folks we’ll be discussing more about cyber security and how to stay updated in some time ahead.
Originally written for RedTeam Hacker Academy
