News

A data breach occurs when information held by an organisation is stolen or accessed without authorisation.

Cyber criminals can then use this information when creating phishing messages (such as emails and texts) so that they appear legitimate. These message are designed to make it sound like you are being individually targeted, when in reality the criminals are sending out millions of these scam messages.

They may even send messages pretending to be from an organisation that has suffered a recent data breach. Even if your details are not stolen in a data breach, the criminals will exploit high profile breaches (whilst they are still fresh in people’s minds) to try and trick people into clicking on scam messages.

Be aware of scam call, texts, or emails that may try to trick you into revealing sensitive or personal details such as your banking details or passwords or request access to your computer.

Actions to take following a data breach

If you’re a customer of an organisation that has suffered a data breach you should take the following actions.

  • Find out if you’ve been affected by contacting the organisation using their official website or social media channels. Don’t use the links or contact details in any messages you have been sent.
  • Be alert to suspicious messages which may be sent some time after the breach is made public. Remember, your bank (or any other official organisation) will never ask you to supply personal information. Our blog ‘Phishing Explained’ includes top tips for spotting tell-tale signs of a phishing attack.
  •  Change your password. If you receive a suspicious message that includes a password you’ve used in the past you should change it as soon as you can. If any of your other accounts use the same password, you should change them as well.
  • Check your online accounts to confirm there has been no unauthorised activity.
  • To check if your details have appeared in any other public data breaches, there are a number of online tools that you can use, such as https://haveibeenpwned.com. Similar services are often included in antivirus or password manager tools that you may already be using.

You should refer to the NCSC’s guidance on data breaches if you have any concerns.

Related content

Cyber Security Advice for Students

Technology will play a key role in your learning, from taking notes, doing research, writing essays, attending classes or just communicating with classmates or teachers. Here are some helpful tips to keep you secure online.

Take Five to Stop Fraud – The Art of Saying No

We are proud to be supporting the Take Five to Stop Fraud campaign this Take Five Week. Criminals are experts at impersonating people, organisations and the police so it can be difficult to spot scam texts, emails and phone calls. […]

Developing An Incident Response Plan

Developing an incident response plan is a critical step towards preparing a robust and effective incident management and technical response capability. Good incident management will help reduce the financial and operational impact on your business.

Back to top of the page