Skip to main content

Scariest Security Threats Headed Your Way: Special Report

Data breaches: Your personal information exposed

In "Game of Thrones," the Wall protects humans from the deadly White Walkers. Sadly, many websites' "walls" aren't nearly as well-fortified or monitored.

What is it? A data breach occurs when protected data loses its protection. Sometimes that's due to attackers logging into a company network with stolen credentials or breaking into a database by exploiting a security flaw. Other data breaches are accidental, the digital equivalent of a filing cabinet falling off a truck and spilling open.

Data breaches can expose sensitive personal information, including individuals' names, email addresses, credit card numbers, home addresses, medical histories or Social Security numbers — most of which can be used to steal identities.

When a company website can't adequately protect its users' personal data, not only does it put the users at risk, but it can make other companies more vulnerable as well.

"If you are a user of a website, your biggest threat is that you re-use the same password everywhere, so that when a hacker breaks into a weak website, they get your password to strong website (like Google or Twitter)," said Robert Graham, chief executive officer at Atlanta-based Errata Security.

MORE: How to Protect Yourself from Data Breaches

Data breaches involving credit card numbers are less harmful to the end user than those involving Social Security numbers, thanks to consumer-protection laws. But they cost banks and other card-issuing financial institutions millions of dollars in fraudulent charges.

"The impact of [card] breaches is getting greater and greater, as criminals are able to steal tens of millions or hundreds of millions of credit cards from these institutions," said Dmitri Alperovitch, co-founder and chief technology officer of Irvine, Calif.-based security firm CrowdStrike. "The impact is felt across the economy."

Alperovitch also says that criminals are getting smarter about how they attack databases. "Their tradecraft is getting a lot better. It used to be [cybercriminals would] go after consumers directly…They realized they can be a lot more efficient by going after the institutions that store all this data: retailers, banks, credit card processors.

"We're seeing them go after the places where they can steal millions of credit cards in one fell swoop," Alperovitch said.

But it's not just credit cards or email addresses that can threaten your identity. Online marketers want every bit of information on you they can get -- Web browsing habits, income, preferences, family size, race, age, gender and sexual orientation. You may have never heard of Little Rock, Arkansas-based Acxiom, but it has individual profiles of most American adults, and an estimated 500 million individuals worldwide.

Acxiom has been breached twice in the past: once in 2003 and once in 2006. For reference, Facebook was founded in 2004, and began admitting anyone over 13 years old (instead of merely high school and college students) in 2007. Imagine if Acxiom — or Facebook — was breached today?

A devastating data breach is not just possible; some say it's likely. A report by Joseph Feiman of Stamford, Conn.-based tech research firm Gartner says that "By 2020, enterprises and governments will fail to protect 75 percent of sensitive data, and will declassify and grant broad/public access to it."

There's little the average Internet user can do to protect himself against data breaches. It's up to the websites and other holders of sensitive data to employ strong protections and train their employees to recognize and defend against attacks.

What's the worst that could happen? Your identity is stolen; strangers get bank accounts and driver's licenses in your name; your friends and colleagues are hit by phishing and spam emails; your credit cards need to be replaced; if your physical address is leaked, you might be stalked.

Reality Check: All that can be stolen is what a breached institution has. Minimize your exposure by using unique passwords for every account, taking advantage of online payment systems such as Paypal and Amazon Payments and never give your Social Security number to anyone who doesn't absolutely need it.