Data Breaches: In the Numbers

Data breaches are becoming more and more common. It seems almost weekly that emails are sent out about corporate data breaches asking users to reset passwords. These breaches are scary and can result in personal information from social insurance numbers to banking login info to health data being stolen and sold to the highest bidder. At Contego, security is our number one priority. So, we’ve put together a list of actions we recommend when you or your organization is the victim of a data breach. Additionally, we go over some recommendations to mitigate the likelihood that such an event ever happens.

Most consumers have been victims of a data breach; 50%+ of social media users have had their accounts compromised.
Most consumers ignore data breaches and don’t take necessary action to limit the fallouts.
Most consumers fail to follow secure password guidelines and use common words, birthdays, names, etc.

Even worse, many victims of data breaches take no post-breach action to limit identity or credit fraud.

1 out of every 6 people take no action after a data breach. This leaves their data completely available to be taken.
Fewer than 50% of people changed passwords on compromised accounts. Only 22% changed passwords on all accounts that were involved in the breach.
A miniscule 3% put a credit freeze on an account after learning of a data breach.

When it comes to passwords, users are doing little to ensure they are safe.

Only 1 in 6 claim to use unique passwords for all their accounts. The remaining 5 out of 6 use similar or identical passwords for all accounts.
8% of people claim they closely monitor passwords and make adjustments when a breach or fraud issue comes up.
50% of people state they protect their social insurance number (SSN) above all else. However, SSNs are some of the least valuable pieces of identity. $2 USD for SSNs vs. $80 USD for Gmail credentials, for example.

So, what can you and your organization do to limit data breaches, recover information fast, and limit the fallout from these events? Based on our experience, the first and most important thing you or your organization can do is choose passwords that are unique and impossible to guess. A recent CTV article provided insights on the most common passwords in Canada. If you or anyone you know uses these or passwords like these, it’s time to change. We recommend choosing unique alphanumeric passwords that are a random order of numbers, letters, and symbols.

When faced with a data breach, what should you do? The following is a good checklist to go through when this happens.

To limit the likelihood that this happens, use unique & complex passwords for all your accounts. For example: xxHg78!beJJ#
Change your password as soon as you suspect or receive confirmation of a data breach.
50% of people state they protect their social insurance number (SSN) above all else. However, SSNs are some of the least valuable pieces of identity. $2 USD for SSNs vs. $80 USD for Gmail credentials, for example.