A data breach occurs when information held by an organisation is stolen or accessed without authorisation.

Cyber criminals can then use this information when creating phishing messages (such as emails and texts) so that they appear legitimate. These message are designed to make it sound like you are being individually targeted, when in reality the criminals are sending out millions of these scam messages.

They may even send messages pretending to be from an organisation that has suffered a recent data breach. Even if your details are not stolen in a data breach, the criminals will exploit high profile breaches (whilst they are still fresh in people’s minds) to try and trick people into clicking on scam messages.

Be aware of scam call, texts, or emails that may try to trick you into revealing sensitive or personal details such as your banking details or passwords or request access to your computer.

Actions to take following a data breach

If you’re a customer of an organisation that has suffered a data breach you should take the following actions.

  • Find out if you’ve been affected by contacting the organisation using their official website or social media channels. Don’t use the links or contact details in any messages you have been sent.
  • Be alert to suspicious messages which may be sent some time after the breach is made public. Remember, your bank (or any other official organisation) will never ask you to supply personal information. Our blog ‘Phishing Explained’ includes top tips for spotting tell-tale signs of a phishing attack.
  •  Change your password. If you receive a suspicious message that includes a password you’ve used in the past you should change it as soon as you can. If any of your other accounts use the same password, you should change them as well.
  • Check your online accounts to confirm there has been no unauthorised activity.
  • To check if your details have appeared in any other public data breaches, there are a number of online tools that you can use, such as Similar services are often included in antivirus or password manager tools that you may already be using.

You should refer to the NCSC’s guidance on data breaches if you have any concerns.

Related content

Cyber Security Explainer Videos

CyberScotland Partner Scottish Business Resilience Centre have released a selection of cyber security awareness videos. These short videos offer up simple and easily digestible information on some of the most common terms and issues arising in the cyber world. SBRC’s […]

Cyber Security Advice for Students

Technology will play a key role in your learning, from taking notes, doing research, writing essays, attending classes or just communicating with classmates or teachers. Here are some helpful tips to keep you secure online.

Charity Fraud Awareness Week 18th – 22nd October

Charity Fraud Awareness Week (18 – 22 October 2021) is an award-winning campaign run by a partnership of charities, regulators, law enforcers, representative and umbrella bodies, and other not-for-profit stakeholders from across the world.

Scottish #ScamWatch Week 2021

#ScamWatch Week 2021 – 30th August – 5th September With information being more readily available online, and methods of contact being more accessible, scammers are in a better position than ever to engage with us. The more vulnerable members of […]

Back to top of the page