Data breaches: Everything you need to know

Data breaches: Everything you need to know

Protect yourself against account impersonation and data breaches by knowing everything there is to know about these violations.

With cyber-criminals and fraudsters becoming increasingly more cunning and familiar with sophisticated techniques, it’s no surprise that cyber-attacks and data breaches are on the rise locally and internationally, usually with devastating effects on the targeted businesses, governments and individuals. We read more and more about data breaches in the news, but unfortunately, they don’t stay headlines for very long and if they do, they often die down without real clarity or restitution of the breached consumers.

The massive data breach experienced by credit bureau Experian last year saw the personal data of 24 million South Africans and over 700 000 businesses being breached and leaked on to several public websites. At the end of 2020, Absa Bank advised that an employee has unlawfully made selected customer data available to a small number of external parties, while in February 2021, telecommunications company Rain suffered a security breach when unauthorised access was gained to its invoice storage system. All of these attacks are a clear indication that there is a silent war raging on.

The Mimecast State of Email Security 2020 report further confirmed this, with 53% of South African organisations reporting increased phishing attacks and 46% increased incidences of impersonation fraud compared to 2019.

With conviction rates for identity theft remaining dismally low, prevention really is the best option.

What are data breaches and account impersonations, and what are their dangers?

A data breach is when sensitive, protected or confidential information becomes exposed to an unauthorised person or people, which is then viewed and/or shared without permission.

An account impersonation/ID fraud is when an attacker steals your identity in an attempt to obtain sensitive information – such as login credentials, financial data etc – which can then be used to their benefit (they can apply for credit, open accounts, make purchases against your name etc).

Typically, they are conducted through email using social engineering to gain the trust of a targeted person (malware – software designed with the intention to cause damage to a server, client, PC or computer network – is not usually used). In 2020, the SAFPS (the Southern African Fraud Prevention Services) reported that account impersonations increased by 337%.

The resultant spending sprees and acquiring of personal information leaves you, their victim, with bad credit records as well as a huge battle on your hands to clear your name.

However, it is important to note that even non-sensitive data being leaked can be just as dangerous in that it’s an “in” and can possibly help create an opportunity for criminals to fish for more information. No breach of any kind should be taken lightly as they can directly or indirectly lead to damage being done in various forms.

Why should you as a South African care?

The short answer: because these kinds of criminals do not discriminate. The cutting reality is that everyone is vulnerable and at risk of a breach or impersonation, and they usually occur as a result of weaknesses in either technology or user behaviour. Your data could easily be compromised and made available to criminals, leading to several negative impacts on you or your organisation. It is a very real and growing threat, one from which South Africans are certainly not exempt. Even if you are not digitally active, your information can still be beneficial to criminals.

How can you protect yourself?

Should you suspect that your identity has been compromised, you can apply immediately for a free Protective Registration listing with the SAFPS – you can do so easily and in less than five minutes using a Smartphone. This service alerts SAFPS members (which includes banks and credit providers) that your identity has been compromised and that additional care needs to be taken to confirm that they are transacting with the legitimate identity holder. Consumers wanting to apply for a Protective Registration can contact SAFPS at protection@safps.org.za

Secure Citizen is a secure world-class, Identity Management solution that enables consumers and businesses to protect and verify their identity when applying for credit, loans or services. Designed to counter identity theft, it uses the unique attributes of a consumer’s biometrics to verify that a corporate is dealing with the correct consumer at all times, whether for applications or transactions. It also means consumers don’t have to prove their innocence when contacted by a credit rating agency or debt collector in connection with a debt they know nothing about. This is how Secure Citizen combats impersonations and relies on data points for verification in an era where there is an increased number of compromises.

What are the main takeaways about data breaches and account impersonations?

  • No person, business or organisation is immune from a data breach or account impersonation – anyone can fall victim.
  • Don’t assume data is harmless – in the wrong hands, it can be used with debilitating financial effects on the victim.
  • Businesses should conduct on-going and meaningful awareness training for employees and consumers to ensure they are better able to identify and avoid risky online behaviour.
  • A small vulnerability can cause a massive data breach. Arm yourself with knowledge and be vigilant with your online interactions at all times.

Threats to our private data, sensitive and non, are very real, so it’s important we take the necessary steps to help protect our personal information so that it doesn’t fall into the wrong hands.