Look after your family's dataIt’s Family Safety Week and we’re taking a look at how valuable your family’s data is and how you should take steps to protect it. Firstly so that it doesn’t fall into the hands of scammers who would use it against you, and secondly so that you can use your personal data to your advantage to get value from it and create better outcomes for yourself.
Wed 29 Mar 2023
6 min read
You may have heard a lot of people and organisations talking about data over the past several years. Data, data, data, we hear it all the time. Too much data, too little data, personal data, company data, stolen data. But how valuable is your and your family’s data? How much is it worth and what would someone pay to get hold of it? And if it has value, how can you make the most of your personal data? After all, your data belongs to you.
Your data has value and so it’s right that you should have control of it, know who has access to it and how they will use it. Unfortunately, for most people, their data has been shared widely and often ends up in the databases of companies they have never even heard of.
Data breaches are happening all too often and regularly show up in the news pages. The breaches are often instigated by hackers who find ways to break into company databases and access various levels of personal data. If they get hold of enough of it, it becomes valuable and they sell it on the dark web to other criminals including scammers who will use it to carry out scams. The scammers will try to trick you into parting with money, or go fishing for more of your personal data that will enable them to access bank accounts, your social media profiles and email systems.
How valuable is your family’s data to hackers?
If data didn’t have a high value, hackers wouldn’t bother to steal it.
There are several angles to the world of the hacker. Firstly, some hackers target businesses. Sometimes they hack data lists and use them to sell on to data brokers. But, if the data they’re capturing includes bank details, health records or other more personal information, then the value of this data goes up dramatically.
Other hackers steal data to use for ransom and blackmail purposes.
Hackers may also be directly selling information or using bank details to access individual or company accounts. Sometimes they build profiles for individual family members by combining various data sources. For example, just a credit card number on its own is worth a relatively small amount to the hacker. But if they can associate that with other information they can find, such as a name and address scraped from social media profiles or other sources, suddenly the value shoots up.
If they are able to obtain the card’s owner’s address and email, then its value on the dark web could become around £20 or £25. That has a similar market value to a driver’s licence. So, one debit card, two credit cards and a driver’s licence, plus your email and physical address commands a price of around £100.
Protect the family
It’s not just adult data that the criminals are interested in. What value is there in children’s data, you may ask. More than you might think as it turns out. Stolen children's data gets used in scams and frauds involving tax fraud, in the form of falsified tax returns that involve claiming for child tax credit in the child’s name.
Worse still, children’s data can be used in sophisticated cases of identity fraud, sometimes known as ‘synthetic identity fraud’. Sounds like something from Blade Runner doesn’t it?
This kind of fraud is different from identity theft that you may have heard of. In this kind of fraud, the criminal creates a new ‘synthetic’ identity rather than stealing an existing one. The process begins with someone stealing real data associated with a child that isn't actively being used. For example, young people get issued with a National Insurance number quite young. The fraudsters take that information, along with, for example, other social security references, and then set about creating identities by adding fake addresses. It may surprise you to discover that they are playing a long game that can take years to pay off. They slowly build a credit rating for these new identities, interacting with banks, often using burner phones. Eventually the fraudsters rack up substantial debts, take out loans in the names of the synthetic identity and of course disappear without a trace.
Bought and sold out
Some stolen identities are bought and sold on the dark web and then used by sophisticated criminal gangs to create new identities that are sold at a profit. Many of the personal data sources advertised on the dark web are real, by which we mean that they were stolen from a genuine citizen and illegally sold to a new identity seeker. A full package can be found on the dark web, all stolen from unsuspecting victims. The credentials can include credit card details, email logins, bank accounts, passports, PayPal accounts, and driving licences. It can cost as little as £1200 to acquire a complete identity on the dark web.
For anyone who has experienced identity theft, the devastating emotional cost is all too real. The victim will often see their bank accounts get emptied, their credit rating destroyed, and their lives become ruined. It can lead to deep depression and even suicide. There are insurance plans which offer protection against the threat of identity theft to help you get back on your feet.
Legal data broking
There are legal ways of trading data and the chances are your and your family’s data is washing around the databases of data brokers. Data brokers collect consumer data, such as preferences, lifestyle, stage of life and various other attributes, and sell it to other companies, usually for marketing purposes. They are making millions from trading your data. Organisations like Facebook and Google gather great swathes of data about you every single day. They sell that to advertisers who then target you.
But, how do they access your personal data? Thousands of brands sell information from store loyalty cards to data brokers, meaning that if you’ve ever signed up for a loyalty or store credit card, there’s a good chance the data you provided was sold to a broker.
Be careful out there
Imagine you’ve found an amazing sounding family holiday. You don't recognise the website, but it’s such a great price, and there are reviews right there on the site, so it sounds too good to miss. So you enter all your family names, credit card details or your bank information, your full names and address, passport and health details. But then imagine that at the other end of that website, a scammer sitting there gathering all that information on your whole family. Suddenly there is a great deal at risk.
Always make sure you know exactly who you’re dealing with. Check that websites are genuine by navigating directly to them, not following a link you found on, for example, social media. And remember, if it seems too good to be true, it probably is.
Staying safe online
Your personal data and that of your family is a valuable product. You need to look after it carefully, because If it falls into the wrong hands, it can have serious consequences, including financial loss, emotional distress and loss of privacy.
Most data that ends up in the hands of hackers and scammers is lost in large scale data breaches. Most of these breaches are a result of a business process that has gone wrong or not been managed properly. Sometimes it’s just human error. But there are several, simple steps that you can also take to protect yourself and your family online:
- Watch out for phishing attacks that try to grab your login or bank details
- Choose strong, unique passwords for each online account and consider use of a password manager app to help you
- Use two-factor authentication whenever possible
- Don’t use unsecured Wi-Fi networks unless you have strong VPN software protection
- Use data breach notification services to learn if your details have been stolen in a known data breach
The best way to avoid having your data stolen in a data breach is to make sure it’s not stored amongst any data that gets stolen. You can get your data deleted from any company that no longer needs it by using our Rightly Protect service. It’s quick, simple and free and will tell you just who has your data and give you the chance to instruct them to completely erase it if that’s what you want to do.
Wed 12 Oct 2022
4 min read
Should a company data breach bother you?
October is Cyber Security Month. Just last month one of the biggest and most serious data breaches that has ever occurred, happened to Australia’s second largest telecom business. The breach has compromised almost half of the whole of the country’s population, leaving them exposed to serious risk of being scammed and the appalling prospect of identity theft. Could this happen in the UK? Have you ever switched provider? What happened to your data when you did?
Wed 31 Aug 2022
7 min read
Leaving a digital trail
Not all browsers are created equal when it comes to security of your personal data. Some of the most popular browsers in the world are being exposed for collecting and selling user data or lacking adequate security measures.