Skip to main content

Cyberattacks often leading to major data breaches

(Image credit: Image Credit: Maksim Kabakou / Shutterstock)

If cybercriminals successfully dispossess a company of sensitive information or payment data, you can be sure they will attempt to use it for fraudulent activities.

This is according to a new report from Which? that claims almost half (46 percent) of people whose data was stolen by hackers then went on to experience fraud. Almost a quarter (23 percent) of respondents said their data had been compromised following a breach.

To add insult to injury, companies that are breached and have their customer data stolen rarely do enough to compensate affected customers.

One Which? member, whose credit card was stolen from an airline company and subsequently frozen due to suspicious, is still battling for compensation two years later.

Which? also asked its customers to check their email addresses using the HaveIbeenPwned? service - essentially a database of compromised addresses.

It found that 79 percent were involved in at least one data breach, while the average number of breaches per email sat at 3.7. In one extreme case, meanwhile, an email was linked to 19 different breaches.

Which? concluded that, at the moment, victims have “limited options” to seek redress after a data breach.

“Whether we're shopping online, booking a holiday or signing up to a new mobile phone contract, we have to trust the companies we deal with to protect our details –  and if things go wrong we need to know that businesses are held to account,” said Jenny Ross, Which? Money Editor.

“We need the ICO to be a regulator with teeth that is prepared to step in and issue fines in the event of companies breaking data protection laws, to ensure more businesses better protect consumers from data breaches. Consumers should also have a much clearer route to redress when they suffer the financial and emotional toll of data breaches – and that’s why the government must allow for an opt-out collective redress regime that deals with mass data breaches.”