What can YOU do to minimize further damage when hackers use that “old” personal data to hurt you and your contacts?

In just the past week, the personal data of millions of Facebook users were leaked, and 30,000 job seekers in Singapore suffered a similar fate.

Many of the breaches were a result of third-party vendors’ cybersecurity lapses, but even the sophisticated networks of mega corporations are not immune to data leaks.

So while the authorities go about investigating the incidents, what can the people whose personal data (“outdated personally-identifiable data” or otherwise) do waiting for justice to be served to the organizations taken to task for the breach?

The onus is on You

Despite the typical reassurances by the organizations that the data would likely not end up being used for cyberattacks against the victims, the prudent approach would be to assume that cybercriminals can and will use the stolen data in one way or another.

Just by stringing together bits and pieces of certain data about you, cybercriminals can build a profile of your online persona and leverage that to find further factoids of you and your contacts. You can run, but you cannot hide from these masters of illegal surveillance!

Knowing that the responsibility for staying safe and vigilant lies with YOU, how can you mitigate that loss of data that is now floating around on the Dark Web permanently? One expert, Yeo Siang Tiong, General Manager (South-east Asia), Kaspersky, has offered the following tips and insights to bear in mind constantly:

  • The basics: Apart from changing all your passwords (make sure they are unique and complex strings) and installing an effective antivirus solution, knowing how to respond if your identity is stolen will help you prevent cybercriminals from exploiting your data further. There are web services that help you check the web for instances of where your leaked data has ended up.  
  • Follow-up vigilance: As soon as you discover unauthorized access into your accounts, or observe any suspicious activity related to any account, get in touch with your service provider to update them immediately so that you will not be held liable for anything that happens.  In this instance where old personal data has resurfaced online, one can hedge against the long-term consequences of identity theft by monitoring your financial activity, as this remains a perennial area of interest of many cybercriminals.
  • Demand answers and actions: From a business standpoint, organizations are expected to practise solid corporate communication in choosing the right spokespeople, informing you of your victim status in a prompt and truthful manner to regain your goodwill and trust. If you are not being accorded the transparency and legal rights you expect, approach the investigating authorities for guidance.
  • Harden your cybersecurity mindset: The re-emergence of users’ personal data that was previously leaked highlights how the impact of a data breach transcends the limits of time, and imparts upon us the valuable lesson that what is lost will be lost forever. With access to phone numbers, user IDs, full names and even email addresses, cybercriminals will have a fertile ground from which they can launch multiple cyberattacks in the form of phishing scams, social engineering attacks as well as break into an organization’s IT systems to deploy ransomware. Therefore, follow the guidelines and tips here, spread the word to everyone you know, and subscribe to useful cybersecurity newsletters and bulletins online.

The editors of CybersecAsia would like to remind readers that taking responsibility for your own cyber safety is not a one-off exercise. We hope you can continue to take an interest in cybersecurity news and trends, and then use that knowledge to help others stay safe as well.

As the buzz phrase going around now states: “We are not safe until everyone is safe!”