Data Theft: What Is It? How Can I Protect Myself?
Data theft has become an epidemic, impacting not only multinational corporations but also everyday people. In the digital domain, cybercriminals exploit technical ignorance, naivety, and human emotions to full effect, with damages forecast to amount to trillions of dollars - per year - by 2025. Below, we'll let you know what dangers are lurking and how you can effectively and proactively defend against data theft.
What Is Data Theft?
Data theft is the illegal acquisition of personal, secret, or sensitive data, whether from companies, organizations, or individuals. Over the past few decades, cybercriminals have grown progressively more sophisticated, daring, and cunning. The methods listed below are some of those that most commonly come to use:
Corporate/organizational data leaks
Data leaks refer to the undesired publicization of highly sensitive data from companies or organizations. This sort of theft can occur digitally or via physical media, such as USB sticks, and often includes customer or user information that is sold by (disgruntled) employees.
With phishing, cybercriminals impersonate bank employees, officers of the court, or support staffers, contacting unsuspecting victims via email, websites, or text message. Once they've gained their marks' trust, they either demand that payments be made to specific bank accounts, personal details, such as passwords and PINs, be provided, or ask for them to be input on spoofed or fake websites that look like the real deal. If you get 'caught' by a phisher, the end result can be an empty bank account or unwanted malware on your PC or laptop.
One of the most nefarious threats lurking online is keylogging, which records every keystroke a victim makes. In this way, passwords, login credentials, or even corporate secrets can become readily known.
Malware is an umbrella term for malicious software that intentionally damages the computers it infects. It can turn up nearly anywhere, and there is no silver bullet to preventing it from finding its way onto your system. Viruses, Adware, spyware, and Trojans are just some of the subtypes of malware that can wreak significant damage amongst their victims.
What Are the Consequences of Data Theft?
Data theft can take a number of different forms, and as such, the consequences vary. Sometimes victims remain completely oblivious to the fact that they've been targeted, while on other occasions, the consequences are drastic and unmistakable.
Identity theft occurs when someone impersonates someone else, using that co-opted "identity" to engage in criminal activity, such as infiltrating a social media account. There are a number of different types of identity theft:
- Cybercriminals use fake profiles to spread lies and misinformation in their victims' names. Those they are impersonating will have to contend with damage to their reputation as well as legal and financial ramifications.
- When criminals gain access to an account and assume their victim's identity, they can also misuse their personal data, to open new accounts on online shopping platforms and place huge orders. With banking information, they can apply for new credit cards, take out loans, or sign up for services, financially ruining their victims.
- Another repercussion of identity theft that shouldn't be underestimated is that of spam emails. Whenever an email account is hacked, criminals can send messages in the name of their victims. Alternatively, you might receive emails that look like spam, but are actually genuine and relate to fines or punishment for non-compliance that have arisen owing to the identity thieves' activities.
Doxing (sometimes also written as Doxxing) has been around since the 1980s and started out as a relatively harmless form of virtually pranking someone. Today, it has lost most of its innocence, with modern-day doxers collecting publicly available information and releasing it with the goal of harming its targets. Whether intimidating, intended to blackmail, or simply making them appear stupid, doxing is anything but fun. Data theft becomes even more dangerous when doxers are able to hack their victims' accounts.
When it comes to making a fast buck, extortion is one of the oldest tricks in the book. However, in the digital domain, the process has become both more sophisticated and random thanks to ransomware. This type of malware encrypts individual files or even entire systems, demanding a pay-off for the decryption code. Such fraud causes billions of dollars in damages every year.
If a message like this appears on your PC or laptop, you've been infected with ransomware.
How Can I Find Out if My Data Has Been Stolen?
Data theft isn't always easily recognizable, and even when it is, you might not have noticed the warning signs. For example, since spam emails are, by and large, ignored, genuine warnings or notices from legal or debt-collecting firms that might be legitimate are written-off. As such, we recommend taking any of the below warning signs seriously:
- Pay attention to any failed login attempts for your email accounts, social media profiles, or elsewhere.
- Don't ignore warning emails sent by any service providers you have accounts with, such as eBay, PayPal, or Amazon. At the same time, be sure that these are authentic emails and not phishing attempts.
- If your computer or laptop starts behaving oddly after installing a new piece of software or visiting a strange website, scan it immediately using anti-virus and anti-malware software.
- In the event that your password suddenly stops working, it may have been cracked and changed without your knowledge.
- Regularly check your activity log. Should any unfamiliar or unrecognizable transactions appear, this can be a clear sign that the integrity of your account has been compromised.
- If invoices, bills, fines, or letters from debt collectors start clogging up your mailbox, chances are that your identity has been stolen. Someone is likely using your data to order goods and then have them delivered to a different address.
Services like Have I Been Pwned? make it easy to to find out if your email address has been part of any leaks.
One way to stay on top of your digital security is by checking whether your email address has been compromised in any data leaks. To check, you can use several different free services:
- On Have I Been Pwned?, you can check whether your email address or telephone number has been released in any data leaks. The provider also offers a very long list of Internet sites where hackers and miscreants upload illegally acquired login credentials.
- Pwned Passwords serves as a useful supplement to Have I Been Pwned?, allowing anyone to ascertain whether their passwords have been compromised in any data leaks. These passwords are included in so-called dictionaries that come to use during brute force attacks.
- Firefox Monitor uses data from Have I Been Pwned?, but with a neat twist. After registering via email, you'll receive regular updates whenever your data pops up across the web.
- The Identity Leak Checker assesses whether, based on your email address, any of your personal data, such as your birthday, telephone number, or physical address, have been released.
- After inputting your email address, F‑Secure ID PROTECTION lets you know whether your data has been stolen, sending an email with all of its findings. You can also register with F-Secure to test all of the service's features for free for five days.
How Can I Protect Against Data Theft?
Usually, victims don't realize that their data has been stolen for months or longer. For that reason, we recommend taking a more proactive stance when it comes to your digital security. The measures below will help reduce the likelihood of waking up to a nasty digital surprise one day:
Strengthen your passwords
The stronger the password, the more protection it provides. Avoid combinations like 123456 or hello123, which are two of the most popular passwords worldwide. Instead, we advise using a combination of upper and lowercase letters, special characters, and numbers, with a length of at least 8 characters. It's also recommended to create a unique password for each account you have. The good news is that you don't have to remember all of these veritably uncrackable passwords yourselves, so long as you're willing to put some faith in password managers. We've comprehensively evaluated several of the leading solutions so you don't have to.
Install an anti-virus program
Every computer should have some form of anti-virus software installed as should tablets, smartphones, and plenty of other end devices. Anti-virus software protects against a wide range of malware that has the potential to seriously damage any system it's installed on. We assessed the best anti-virus solutions on the market, and you can check out our findings in our comprehensive evaluation.
Be careful with emails
Take care when opening emails, even from people you know, such as acquaintances, friends, or family members. Unfortunately, you can never be 100% certain that someone hasn't had their email account taken over by a cybercriminal, who is presently using it to send spam. Similarly, never click on links in emails that seem dubious, as these can contain malware. By no means should you open or download attachments from emails without verifying their content with the sender, ideally by another channel.
Use public WiFi with caution
Everyone loves public, free WiFi, and it's appearing more and more, whether at cafés, train or bus stations, or airports. All the same, once you connect to such a network, your device becomes visible to cybercriminals and can be easily hacked. One of the best ways to protect against this is by using a VPN tunnel, which encrypts your data traffic, making your device invisible to would-be attackers. We took a look at the best VPN solutions out there, evaluating them for you.
Update your operating system
Whenever an update is available for your operating system, particularly a security one, we recommend downloading and installing it. The same is true for all programs or apps you have installed but in particular your anti-virus or malware protection suites. Keeping software up to date closes gaps or exploits that might become known.
Cautiously browse the Internet
Even the best tools, services, and features only offer a baseline of protection. The most important steps any Internet user can take are to exercise caution, a healthy amount of skepticism, and common sense. Trust no one who appears to be after sensitive or personal data, and never provide too much information over social media platforms like Facebook or Instagram.
What Should I Do if I’ve Been the Victim of Data Theft?
There's no such thing as 100% protection against data theft. Even if you follow all of our advice, there's still a chance that a digital fraudster can illicitly acquire access to your data. Your first reaction will likely be a knee-jerk one, either anger, fear, or panic. This is understandable, but at the same time, can paralyze your response. For that reason, take a deep breath and relax, since you'll have a lot to do and likely, very little time to do it. Below, we'll let you know what your next steps should be after finding out that you've been a victim of data theft:
Change your passwords and email addresses
Should your email account have been hacked, a new password won't be enough. For their opening move, smart hackers will likely change your password, preventing you from regaining access, at least in the short term. The safest thing to do in this scenario is to create a new email address. After that, log in to your most important accounts (online banking, online shopping, social media, etc.) and change the linked email address and password.
File a criminal report
Just because data theft occurs online doesn't make it any less of a crime than if it took place in a bank or corporate headquarters. With that in mind, make your next stop the nearest police station and file a criminal report. Some online services require a scan of this report to lock your account. In this way, you'll also be able to protect against most damages, such as bills or invoices, that a hacker's activities can result in.
Inform your friends and family
Get in touch with your family, friends, and acquaintances and tell them that you've been the victim of data theft. If your email account has been hacked, make sure that anyone on your address list knows that they should delete any emails they might receive from that address.
Inform your creditors and bank
It's a good idea to get in touch with your credit card provider and bank to let them know that someone has stolen your personal data. These will then have a record should loans or charges begin to appear in your name, for example, under a new account or on a new card. Both can also lock your accounts or suspend any new activity of them. In addition, we recommend paying close attention to your credit score and any changes, getting in touch with your credit reporting agency as soon as possible.
Consult specialists and/or a lawyer
Lawyers are paid to represent and protect their clients, and that goes for digital damages as well as physical ones. As an alternative, you can reach out to data theft specialists who will be able to provide you with an immediate plan of action.
Dispute any and all charges you have not personally made. The criminal report you filed earlier will play an important role here since it will show that you didn't have control over your account when the charges were made.
Anyone can fall victim to data theft, even those who don't use the Internet. Cybercriminals have grown more aggressive and creative in targeting their prey, and as such, there's no 100% fool-proof solution to ward them off. With that said, there is quite a bit that the average person can do to reduce the likelihood of being targeted. Should you have already become a victim, reacting quickly is the best course of action to reduce any potential fallout.
On EXPERTE.com you'll find plenty of reviews for programs that can help you to more securely use the Internet, such as VPNs, password managers, and anti-virus software. All the same, software and tools are just half of the equation: The best defense against data theft is a healthy dose of common sense. In that spirit, refrain from opening suspicious emails or links to websites, and by all means, don't use easy passwords or re-use the same password for each account you have.
What should I do if I've been the victim of data theft?
This depends on what sort of activity is occurring. If your bank account is being emptied, get in touch with your bank and request that they lock your account. Should your email have been compromised, create a new account and link all of your digital services to it. If you don't know what to do, get in touch with the police and file a criminal report. After that, we recommend seeking the services of a professional, such as a lawyer specializing in cyber crime.
How can I check whether my data has been stolen?
Remain as vigilant as possible and pay attention to any suspicious activity, such as unusual withdrawals or bills for goods or services that you never purchased or ordered. You can also make use of free tools like Have I Been Pwned? to check whether your email address or other personal data has been compromised in a leak.
How can I prevent data theft?
There are a number of measures you can take to better protect yourself. One of the easiest is to use strong passwords and a password manager. Anti-virus software and VPNs can also go far in helping to minimize exposure and limiting digital damage. The most important thing is to not open suspicious emails, click on hyperlinks within them, or visit dubious websites.
What is identity theft?
Identity theft is when personal data is misused by a third party for criminal purposes. Most of the time, this is outright fraud, with the thief seeking to enrich themselves as quickly as possible. In other cases, the miscreant may harbor a vendetta against their target and desire to personally harm their reputation or standing.
How is data theft criminally prosecuted in the US?
The Computer Fraud and Abuse Act (CFAA), enacted by the US Congress in 1986, has been amended to cover most forms of digital fraud and identity theft discussed in this article. As an example, a first conviction for "Accessing a Computer and Obtaining Information" (18 U.S.C. § 1030 (a)(2)) carries a prison sentence of 1-5 years, while a second conviction is expanded to 10 years. Similarly, both "Accessing a Computer to Defraud & Obtain Value" (18 U.S.C. § 1030 (a)(4)) and "Extortion Involving Computers" (18 U.S.C. § 1030 (a)(7)) carry prison sentences of 5 and 10 years for their first and second convictions, respectively.