Data breach - Frequently Asked Questions
What is a data breach?
-
A data breach is what happens when personal, confidential or sensitive data is accessed without authorization. A data breach normally occurs when cyber criminals find a website security vulnerability, but it can also happen when personal data is leaked accidentally. Data breaches can be very damaging and expensive for both businesses and consumers, and take considerable time and money to repair. According to the Ponemon Institute, the average cost of a data breach in the US in 2023 was $9.48M. Take action to keep your money safe.
Why do cyber criminals steal data?
-
Cyber criminals profit by selling stolen personal data, typically in a place on the internet called “the dark web.” Stolen emails, usernames, and passwords can be used to access other online accounts, which helps cyber criminals steal identities, a crucial step in committing fraud or theft. When a cyber criminal steals your identity, they can open credit cards in your name, commit insurance fraud, or launder money, all at your expense.
Do I need to be worried if my data was compromised in a data breach?
-
The short answer is: it depends. Money’s data breach tool uses Have I Been Pwned’s database to tell you whether your data was compromised in a data breach, but it can sometimes take years for stolen personal data to surface for sale on the dark web. The best and simplest thing to do when your data is breached is to change your password on the breached account and any other accounts that use the same password. That way, if your data does surface for sale on the dark web, your old password is useless.
What should I do if I find out my data was compromised in a data breach?
-
The simplest way to take action when you find out your data was compromised in a data breach is to change the password on your breached account and any other accounts that use the same password. Cyber criminals rely on people reusing their passwords across multiple online accounts. Since the average American internet user has 150 online accounts, it’s extremely difficult to keep track of 150 strong, unique passwords in a safe place.
How can I prevent my data from being compromised in a data breach?
-
Generally, not much. Data breaches happen when cyber criminals attack businesses, not individuals. So even if you keep your personal computer safe with anti-virus software, you can’t personally prevent a breach from happening on a website you use. You can take simple steps to protect yourself like avoiding creating online accounts on untrustworthy websites.
How does Money know my data was compromised in a data breach?
-
Money gets data breach information from Have I Been Pwned, a website that consolidates publicly available data breach information so that internet users can easily search to see whether their email was compromised in publicly available data breaches. If you don’t want your email address to show up in Have I Been Pwned’s database, you can opt-out on their site.
How comprehensive is Money’s data breach database?
-
The first thing to remember is that the average data breach takes 280 days to identify and contain, so some data breaches may be missing in our results because they simply haven’t been discovered yet. Other data breaches, some of which you may have heard about in media reports, might not show up in our database because our data source, Have I Been Pwned, hasn’t been granted access to the details of the breach. If a company notifies you of a data breach and you do not see it in your data breach results on Money, you should follow instructions from the company to protect your account immediately - it’s possible this breach data hasn’t made its way into our database yet.