How Do Data Breaches Happen?

Many organizations may ask you to provide your personal data to do business and receive services. Whether dealing with a medical provider, making an online purchase, or opening a new credit card, they will ask you to provide critical data, such as your banking information and Social Security number.

When you provide this information, you assume the company complies with all data privacy requirements under the law. You do not expect your information to fall into the wrong hands.

You often hear about large-scale data breaches well before you get a notice from the company. In fact, by the time you even get a notification, much of the damage might have already occurred.

You may deserve financial compensation if the company compromised your personal data. Immediately contact a data breach attorney to learn more about your rights. Finkelstein & Partners, LLP, a team of seasoned personal injury lawyers in New York, brings extensive expertise in handling data breach cases can hold the company that exposed your data responsible for any harm you suffered.

Many Hackers Will Try to Steal Your Data

How Do Data Breaches Happen

Unfortunately, our technological world creates a dangerous combination that can put you at risk. More and more companies have your sensitive personal data stored online or on internal networks, and more and more malicious parties are trying to access your data for wrongful reasons.

Cybercrime has increased, and many individuals or organized groups are seeking protected consumer data. Some hackers may disrupt operations purely for the sake of causing problems. Other criminal organizations and state-sponsored actors may steal information for profit by selling your information to other parties on the dark web.

You may be shocked at how little someone will get for selling your personal information. For example, hackers might sell your account logins for as little as $50. This low-cost sale can lead to much greater losses for you and other consumers.

Login information that hackers might sell includes things such as:

  • Credit card PINs
  • Bank account passwords
  • Facebook logins
  • Email IDs and passwords
  • PayPal account passwords

A hacker can get hundreds of dollars for selling your data to those who may exploit it, but imagine if hundreds of thousands of people are the victims of hacking and stolen information.

Hackers may now look at tens of millions of dollars of profit for executing one sophisticated operation. All it takes is finding one vulnerability, and hackers now may be getting a huge payday. At the same time, they know that the organization they penetrated may also be desperate and scrambling.

In practically every case, it is all about the money for cybercriminals. One study showed that 86 percent of cyberattacks are motivated by money, and more than half of cyberattacks involve criminal organizations with a wide array of resources.

Cybercriminals Make a Lot of Money and Are Difficult to Catch

The existence of less traceable sources of funds, such as Bitcoin, has made it even easier for hackers to cash in when they are successful. Transferring money through Bitcoin or other forms of cryptocurrency is quicker and less detectable than other currencies.

The rise of cryptocurrency has coincided with a significant increase in hacking. In fact, cybercriminals have even hacked into Bitcoin wallets and stolen funds.

Most malignant parties are in it for the money, and many hackers are hard to catch because they are sophisticated and go to great lengths to cover their tracks. One study showed that only 5 percent of cybercriminals are ever apprehended for their crimes, making hacking a lucrative enterprise with little actual risk.

Even if you never learn who stole your information, you can still take legal action to seek relief. The law holds the companies that expose consumer data liable for any resulting harm, so you can take action against the corporation that failed to protect your data.

Companies Store Your Data on Vulnerable Systems

Generally, data breaches occur when hackers find a way to penetrate and access a system that stores large amounts of personal data.

Companies with your data have to store it someplace, so they might try to keep it on an internal system and take as many steps as necessary to keep it as secure as possible. Companies might employ entire cybersecurity teams and consultants to enhance the effectiveness of their methods.

Unfortunately, they can only do so much to stay ahead of the curve when teams of hackers are constantly testing and trying to access systems. They are always trying to find security vulnerabilities in a system.

Different Types of Cyberattacks

There are several types of cyberattacks that criminals can perpetrate, including:

  • Malware is when a criminal installs harmful software on a computer to steal personal information.
  • Ransomware takes an entire system down and makes it impossible for the victim to use it unless they pay a ransom to the criminal.
  • Credential stuffing is when cybercriminals use account logins and passwords that may have been compromised and are available on other sites.
  • DNS tunneling is when the attacker overcomes the system and its protection to connect their computer to the system.
  • Cross-site scripting occurs when a cybercriminal sends incorrect code to an improperly set-up application and uses the code to harm the application or the user. Another similar form of cyberattack comes from an SQL injection when the attacker sends harmful database code.
  • A Trojan horse is when the hacker sends malicious software that looks like an attachment. Once someone opens the attachment, the hackers may access a system.
  • Zero-day exploit is when an attacker exploits a previously unknown flaw, and the victim cannot anticipate or prepare for the attack.

Cybercriminals continuously hone their tactics, and companies always play defense and respond to situations after they occur.

Malware and Phishing Are the Most Common Attacks

Malware is responsible for most types of cyberattacks where hackers steal data. The criminals must find their best point of entry to a system and exploit the vulnerability to the fullest extent possible.

One of the most common ways cybercriminals penetrate systems is through phishing attacks, where they take advantage of people deceived by an innocent-sounding email to gain entry.

For example, they might send emails to many people working at a specific company, hoping that one will make a mistake and open it or reply, or they may request the recipient to open the link. Then, the attackers are keystroke logging, so they can steal a password or whatever it takes to access the system.

In recent years, Target was involved in one of the more notorious data breaches, where hackers entered the company’s systems and stole large amounts of consumers’ sensitive information. Target used a third-party contractor that remotely accessed its system for billing purposes, and an employee from the contractor fell victim to a phishing scam designed to steal the employee’s credentials.

The successful phishing attack gave the cybercriminal unfettered access to Target’s system for three days before Target detected the attack. The hackers exploited Target’s preexisting vulnerabilities. The breach affected as many as 110 million customers, with the hackers stealing their credit card and banking information.

Such situations often lead to large-scale class action lawsuits, and your attorney can explore whether you should join a class action case.

Data Breaches Often Occur Due to Human Error

All companies rely on human gatekeepers to safeguard their systems. People must exercise sound judgment and a healthy degree of suspicion when they receive communications.

Companies need to train their people to be aware of how cybercriminals operate because all it takes is one simple error to cause a significant data breach. One person’s mistake can end up exposing millions of people’s information.

Then, companies may not be nearly as set up as they think to provide security and protect information, and Experian is the poster child for massive data breaches.  The credit reporting bureau has vast amounts of sensitive personal information stored on its system. Even after a major failure resulted in the exposure of the data of 147 million people, the company still needs to crack down and strengthen its security.

The Anatomy of a Recent Data Breach Involving Experian

For example, another significant breach of consumer information involved Experian, and the problem lasted for seven weeks. Consumers have to answer questions about their financial history before they can access the system. Cyberattackers got around these precautions by manipulating the address displayed in the browser URL bar at a specific point in Experian’s identity verification process. This vulnerability persisted for almost two months and hacker forums even discussed it online.

Small Businesses Are Especially Vulnerable

Companies spend roughly 10 percent of their IT budgets on cybersecurity each year, and the total global cybersecurity spending has now topped $200 billion. Yet, even low-budget hackers with some guile and resources can navigate system controls.

While cybercriminals have targeted large companies like Experian, they also prey on small businesses because they know they do not have as many resources to spend on cybersecurity.

Cybercrime has an enormous impact on small businesses, and you are the one who ends up paying the price. A small business should only come into possession of your sensitive information if they have the skill and resources to protect it.

Not having enough resources is not a valid excuse for failing to protect your data, and federal laws do not exclude businesses from the obligation to prevent data breaches based on their size.

You Can Get Compensation for a Data Breach

It does not matter how sophisticated cybercriminals are, nor is it important what type of edge they may have. When a company has your personal data, they have a legal obligation to protect it.

If someone breached your data, you may seek financial compensation for:

  • The actual financial losses that you suffered from the loss of your personal information (such as stolen money from your account or charges that the hackers ran up in your name)
  • Emotional distress from knowing that the cyberattack compromised sensitive personal information
  • The time that you have spent dealing with your compromised personal information
  • Any losses that you suffered because of a damaged credit rating caused by stolen information
  • The cost of credit monitoring services to check for any unauthorized open accounts in your name or anything new on your credit report

Several federal and state laws may form the basis for a data breach lawsuit. When you hire a data breach lawyer, they will determine the most effective way to file a lawsuit and how to maximize your compensation. They may advise you to file an individual lawsuit or become part of a class action, depending on the facts of your case. Then, they may negotiate a settlement on your behalf that fairly compensates you because someone else did not protect your data.

You do not have to bear the impact of a data breach without doing anything about it. Not only are you dealing with the time-consuming details, but you may also live in perennial fear that further harm may come to you. A business’s carelessness has become your problem, but you have legal rights and remedies under the law.

Data Breach Lawyers Work on a Contingency Basis

Hiring a data breach lawyer does not cost you anything out of your pocket because your attorney works on a contingency basis. They will not ask you to pay them upfront, nor will they send you bills while your case is pending. You only pay your attorney from the proceeds of your lawsuit if you win your case – meaning that you have received an award from the jury or a settlement from the defendant. Meanwhile, your attorney will represent you at every step of the legal process.

Schedule A Free Consultation