What to do if you’re involved in a data breach

Tuesday 17 January 2023

In the modern world of cyber security, data breaches are a constant feature. New occurrences of breach incidents appear almost every day. If you use a company outside of work that has experienced a data breach, follow the guidance below to safeguard your personal data.

What is a data breach?

To explain, a data breach occurs when personally identifiable information gets into the wrong hands. This could be caused by accidents like uploading the wrong file to a website or leaving your laptop unlocked, or because of a cyber attack. The hacker or group responsible will expose any confidential, sensitive, or protected information. They may do this publicly or to unauthorised persons over the dark web for financial gain. This data can range from email addresses and phone numbers to more sensitive information like banking details.

LastPass: a recent example

A very recent example of a data breach occurrence involved LastPass, a popular password management tool. Unauthorised threat actors breached their cloud-based storage environment. They gained access to customer data which was soon after confirmed as a data breach.

If you are someone who uses LastPass or who has in the past, you may have received an email from the organisation. This contained information on the breach and guidance going forward.

One important aspect of the breach is that although hackers exposed the data, LastPass had already encrypted it. This means only those that knew the individual users’ master password could gain access. The master password protects their LastPass account along with all other passwords stored. If the master password set on these accounts follows password best practice guidance, then hackers are much less likely to guess it.

This is a good lesson for the importance of creating complex passwords and why it’s essential for keeping your data safe.

It’s useful to note that these are external data breaches to the University. When cyber attacks occur, we try our best to notify any users that may have registered with the company using their University account. This allows affected staff members take action where necessary.

What you can do to protect yourself

Although you can’t prevent companies you use from falling victim to a cyber attack, there are some best practices you can follow. This will ensure that if your email address is ever involved in one, you are best equipped to deal with it.

1. Subscribe your email addresses to HaveIBeenPwned. This will alert you if it identifies your account in any past or newly discovered breaches.
2. Follow the steps on our password web page. Create a password that is strong and secure.
3. Enable multi-factor authentication on as many of your accounts as possible. This means that even if a company exposes your password in a breach, your account remains protected by a second method of authentication.
4. Don’t reuse your passwords. If you find yourself tempted to do so, remember the associated risks involved.
5. Password managers are a helpful tool for assisting with password storage. They also relieve the burden of having to remember all your passwords. IT Services don’t recommend one specifically, but there are many out there to choose from.

As cyber attacks become more sophisticated, be mindful that any organisation may be susceptible to a data breach.