November 22, 2018

Focusing on the Real Victims of Breaches: The Users

HSBC Bank’s latest data breach impacted roughly one percent of its U.S. accounts. While the number of affected individuals is minor in comparison to the recent Facebook and Google+ security breaches, nevertheless, it should be noted that media coverage focused primarily on what the company knew and didn’t know; what it did and didn’t do. While these questions are interesting and deserve concern, they belie a more important issue.

The users are the real victims of breaches

What is going to happen to the individuals whose private and personal information is currently in the hands of cyber criminals?

The breach exposed attributes such as full name, address, birthday, account number, balance, and transaction history, among others. A single breach can result in residual damage that follows individuals for years.

Victims could potentially be left open to synthetic identity theft fraud. This is a type of fraud in which a criminal combines real (usually stolen) and fake information to create a new identity, which is used to create new identities, open fraudulent accounts, and make fraudulent purchases. Such identity fraud can seriously harm your finances, personal credit, and even your reputation.

HSBC immediately added layers of security to digital and mobile bank account access, as well as strengthened log-on and authentication processes. Additionally, HSBC notified at-risk customers and offered them one year of credit monitoring and identity theft protection service. Ideally, services should include, in addition to credit monitoring, real-time alerts, reimbursement and insurance, and dark web

Consumers need to be more vigilant in protecting themselves.

While much of the onus is on companies like HSBC, Facebook, and Google to provide proper protections, at the end of the day every individual needs to take their cyber identity into their own hands. Crucial steps for protecting your identity include:

  • paying attention to the alerts you receive
  • researching and signing up for identity protection services
  • changing passwords often, not just when breached companies tell you to
  • using a unique, complex password for every single platform

Top takeaways for companies: Companies need to do more to protect their users from breaches. Customers are entrusting their information to such companies, and they need to ensure users that their trust is well placed. Furthermore, companies should formulate plans on how to act in the event that a breach does occur, including providing adequate identity protection services to those at-risk after the breach.

Top takeaways for individuals: Even in cases where your identity is not entirely compromised, breaches threaten to provide cyber criminals with the information they need to commit synthetic identity fraud. While companies need to do more to combat this, at the end of the day no one will care about your personal identity more than you. Take steps toward protecting your identity to confine and mitigate any damage that could occur to you from a breach.