So what is a data breach?

Written by Dessi on May 19, 2020

Online financial data breach

A data breach is when cybercriminals are able to gain access to the personal information a company holds about you through finding a weakness in the company’s systems. This could be anything from an email address and your name, to your passwords, date of birth, credit card numbers and even more. These breaches can be from your social media, your last vacation, or how you’re logging into work or school these days.

Once your data has been hacked, you’re left vulnerable to cybercriminals selling your personal information for identity theft and financial fraud, such as gaining access to your bank accounts or applying for credit in your name. The quicker you can act, the less risk you take on; has a network of partnerships that are able to find your stolen data on average 9 months before it is available on public resources.

A quick check using will tell you the number of identified accounts you already have that have been breached. You should then change your passwords on any site that was compromised and any other places you used the same passwords, and monitor your accounts - watch out for any activity that you didn’t do. Also, be wary of any unsolicited emails or phone calls asking for personal information. To be proactive, always use computer generated passwords and clean up old accounts that you no longer use. Always use different passwords for sites, criminals will often try multiple variants of a password such as adding capital letters and numbers.

So what are the actual details of a data hack and how does it make you vulnerable? Here are the steps of a breach and what exactly happens with your data:

How do these criminals get my data?

Criminals could get your personal information through a company that holds it, or through hacking your device directly. A cyber attack or data breach occurs when criminals are able to access a system or network either through security weaknesses where they can bypass authentication or are able to trick an employee into providing his or her access credentials.

On an individual level, spyware and phishing attacks are targeted towards people downloading and responding to threats on their personal computers. Spyware can be downloaded via attachments or plugins and then monitors your computer tracking what data is entered or capturing screenshots or keystrokes.

What do they do with the data about me?

The hackers are trying to build out datasets that contain complete information about someone that can be used against them, usually in financial crimes such as accessing bank accounts, applying for loans or filing medical insurance charges. As you are involved in more data breaches, your vulnerability goes up and it is common for cybercriminals to combine data from different sources and sell it together on the DarkWeb, in something called a ‘Combolist’.

Many companies will also claim that their data is encrypted and therefore you are safe even if the data is breached. This rarely is sufficient protection because often common encryption methods are used and therefore can be easily decrypted to reveal passwords and other highly sensitive data.

Wait, what’s the Dark Web?

The Dark Web is a collection of websites that aren’t indexed by traditional search engines, meaning you can’t use Google or other search engines to access them, that can only be accessed via specific browsers. Web page requests are accessed via VPNs and routed through a series of proxy servers globally; which anonymizes the user and his or her activity. While not all activity on the Dark Web is malicious, anonymity allows criminals to buy and sell anything from illegal drugs and services, to your personal information from data breaches.

How does this affect me?

Once your data has been sold, the buyers will attempt to hack into either the original accounts or other common accounts looking to access your financial information or steal your identity for other purposes. Once in your accounts, they can make bank transactions, apply for loans, and many other activities to their benefit.

These are the most common stolen personal identifiable information:

  • Member name
  • Date of birth
  • Social Security number
  • Passwords
  • Email address
  • Mailing and/or physical address
  • Telephone number
  • Banking account number
  • Clinical information
  • Claims information
  • All of this sounds scary, but consider using a security monitoring service, like, that has access to data breaches beyond what is available publicly and can let you know what specific emails and passwords have been breached and are already available for purchase. also continually monitors breaches and will notify you when your personal information has been compromised and what actions you should take to ensure you are protected.