Another week goes by and the latest list of companies experiencing personal data breaches keeps getting bigger. Not only has streaming platform Twitch confirmed that its top streamer’s earnings have been accessed and shared online, but Google’s AI firm Deepmind is also facing legal action on behalf of more than a million people whose confidential medical records were obtained by Google.
For everyday technology users who are constantly being asked to share personal data online these headlines are, of course, troubling. Companies need to ensure that their users trust their platform security enough to feel comfortable inputting their personal data to their online portal – believing that the company will do everything in their power to safeguard this precious information. Without measures being put in place to ensure this, companies risk losing valuable customers.
It is therefore helpful for consumers to know which companies have experienced personal data breaches in the past, what information was taken, and what safeguards were put in place to prevent similar occurrences in the future. This allows citizens to make informed choices about which providers and companies they should use and trust in the future.
The role of GDPR in data breach notifications
If you live in a country that is part of the EU, your personal data will be protected by the General Data Protection Regulation (GDPR). Article 29 of this legislation requires any company operating in the EU to report when customer’s data is accidentally or unlawfully lost, altered, disclosed, transmitted, stored, or processed. If this occurs, the customers, suppliers, and subscribers who have had their personal data leaked must be informed. This can be done in a variety of ways including email, text message, and even advertising depending on how serious the breach is.
Below is an example from the EasyJet data breach in May 2020.
If you receive communication from a company that your data has been breached, you will also be notified what data could have been taken. It is worth confirming the breach is real with an internet search so you know what steps to take next. Should this stolen data include your financial information, it is best to ask your bank for a new credit card.
Other websites that can check if your data has been breached
There are also websites available that can help you find out if your data has been breached previously. This is useful for those people who live outside the EU as companies are not obligated to notify these people if their data is stolen.
The website ‘Have I Been Pwned’, for instance, is a free, reliable, resource that allows users to type in their phone number or email address to assess if they have been put at risk due to a data breach. It lists exactly what data was stolen in each breach and also gives users the option of setting up a password manager to generate strong, unique passwords for each website they visit – thus reducing the chances that one data leak compromises a multitude of their accounts. If you sign up for email alerts from the website, you will also immediately be notified should your email address or phone number be found in a new breach.
In a similar manner, the site DeHashed also checks for compromised data. However, it goes one step further than Have I Been Pwned by allowing users to search for more information that might have been stolen. This includes usernames, IP addresses, your name, address, and more. Nonetheless, the tool isn’t entirely free, censoring some results unless you purchase a subscription to the site. You also need to create an account to use the search tool, which is not the case with Have I Been Pwnd.
To prevent hackers and other malicious actors being able to use the data exposed in a leak the best thing to do is to enable two-factor authentication on your accounts. This will immediately notify you if someone is trying to access one of your platforms and ensure that any attempt to do so is as difficult as possible for the hackers (that is unless you use the same password for everything!).
Have you been the victim of a data leak you didn’t know about till now? Let us know in the comments section. And, if you have any questions or other technology queries, please tweet us at @techtroublesho1.