What is a data breach?
A data breach occurs when cybercriminals illegally extract sensitive information from a data source. This can be done by criminals either directly or remotely accessing computers and networks by exploiting security flaws, or by tricking employees into accessing this data on their behalf.
How to prevent a data breach
Understand your regulatory obligations towards secure data storage and processing to protect against common data security threats.1 Review your compliance with these regulations quarterly.
- Secure passwords: Review your password policy. The NCSC provides guidance for system owners
- Employees information: Create a data security policy and inform employees of why it matters, and how to comply
- Response plan: Create a data breach response plan to ensure you can quickly detect, manage and recover from breaches
- Access restrictions: Restrict access to sensitive data to only those who need access
- Cybersecurity software: Put internet and cybersecurity software and systems in place to prevent your data becoming vulnerable to viruses and malware. Ensure IT teams keep software regularly patched and updated
- Email safety: Establish standards for safe email usage
- Data storage: Create protocols for safely storing, processing and deleting data
- IT Security Officer: Hire a specialist IT Security officer to monitor threats and identify vulnerabilities
- Clients: Ensure clients and suppliers don’t make payments to any new accounts without independently verifying it is an official request.
What to do if you're a victim
Organisations or individuals who have fallen victim to identity fraud should report it to Action Fraud 0300 123 2040 or online searching via the Action Fraud website.2
- Report immediately: Immediately report the data breach to the Information Commissioner’s Office (ICO)
- Change passwords: Ensure all users change their passwords to new, strong passwords using a combination of upper- and lower-case letters, numbers and special characters (see NCSC guidance)
- Report suspicious transactions: Check your bank accounts daily, and immediately report any suspicious transactions to your bank immediately and reconcile your accounts daily
- Inform clients: If sensitive information has been breached report it to the relevant customers and clients as they are now vulnerable to fraud
- Inform suppliers: Confirm with suppliers that your bank account details have not changed and that they should contact you directly before amending any account or payment details that they hold for you
- Stay vigilant: Be extra alert for potential scams as you are more likely to be targeted if your data has been stolen
- Credit agencies: Use a credit agency such as Equifax, Experian or TransUnion. They can alert you if any new credit or accounts have been established in your name3
- CIFAS Protective Registration: Consider applying for the CIFAS Protective Registration service which will trigger additional checks on any new credit applications.
Wake up to the reality of data breaches
Is your data as secure as you think it is?
Here are four common ways cyber criminals can access your data
Remote hacking is the most common form of data breach and can be performed using techniques like Malware attacks or SQL Injections, or simply by using stolen credentials.8
2. Social Engineering
It is common for employees to be targeted by criminals and manipulated into disclosing sensitive information. This often takes the form of phishing emails or phone calls.
Hackers often smuggle malicious software into innocuous seeming files like email attachments. Malware can obtain sensitive data from the memory of devices or use key logging to record the entry of confidential information.9
4. Unauthorised access
An alarming amount of data breaches are caused by people exploiting weak passwords or abusing their access privileges to access sensitive data.10
Your next steps
To report any fraudulent activity, or attempts, contact Barclays corporate fraud on 0330 156 0155*.
If you receive a suspicious email, send it as an attachment to firstname.lastname@example.org and delete the email immediately.
Are you protected?
To keep yourself, and your organisation protected from criminals, ensure you keep up to date with our latest resources and advice.
Fraud and Scam Toolkit