What do data breaches mean for customers?

IN: Help centre

It seems like every few months we hear about data breaches in the news.

From TalkTalk to Target, Three Mobile to Tesco Bank, Sports Direct to Sony, the companies that have suffered security woes are often well known. But knowing what a data breach means for their customers can be trickier. So at Aldermore, we thought it was time we discussed it.

What does a "data breach" actually mean?

A data breach happens when a hacker exploits a vulnerability in the security systems of a business, and uses it to steal information. In other words, they find the weak chink in the armour, and force their way through it in order to get hold of customer details. Often, they then sell these details to the highest bidder online.

What sort of data gets stolen?

Typically, it's the details that can be used for identity theft or financial fraud. Things like names, addresses, phone numbers, dates of birth, email addresses, bank details, and credit card numbers.

When American retail giant Target was attacked in January 2014, the information stolen included over 40 million names, PIN numbers, bank details, and of course credit and debit card numbers. These details were then sold in bulk online, for more criminals to exploit.

I'm a customer of a business that has had a data breach - now what?

It's best not to wait around for the business to confirm who exactly has been affected. Often they don't know, as cybercriminals don't always leave traces. That said, you should receive a notification that you *may* have been affected as soon as the organisation realises they've been targeted. Then there are a few things you need to do:

1. Change all of your passwords immediately

Obviously you need to change the password for the account that may have been breached. However, if any of your other online accounts have the same or similar passwords, these need to be changed too. And don't just add an extra number onto the end - your new passwords need to be completely different to the one that may have been stolen. Just in case.

2. Notify your bank

Verify your account details (to make sure they haven't surreptitiously been changed) and ask for a new PIN code if necessary.

3. Keep a close eye on your bank statements

Some victims of fraud have their accounts drained overnight. But over the years, cybercriminals have become cleverer, stealing as little as £1 a month from thousands of people at a time, and making a huge profit under the radar. If there are any transactions you don't recognise on your statement, notify your bank - no matter how small they are.

4. Be wary of any incoming emails from the breached organisation

Once a breach has been announced, all sorts of cybercriminals will come out of the woodwork to try to take advantage. So if you receive an email purporting to be from the company in question, asking you to click on a link and confirm your details, don't. It may be a phishing scam. Your best bet is to contact the company directly and find out your next steps.

In conclusion, it's clear that data breaches mean a whole lot of hassle for customers like you. But it doesn't have to mean losing your hard-earned money. If you take the steps we've suggested as soon as possible, you could protect your identity and finances from internet criminals.