Auto Amazon Links: No products found. Blocked by captcha.
Data breaches have become alarmingly frequent, making it challenging for individuals to determine how best to respond when their personal information is compromised. Although it may be tempting to dismiss such incidents, the reality is that falling victim to a data breach significantly raises the likelihood of becoming a target for criminals and scammers. This was the case for Sue Shore, who shared her experience with the BBC after scammers accessed her personal details online.
Sue was subjected to a Sim swap attack, a tactic where fraudsters deceive mobile network operators into issuing a new Sim card for the victim’s phone number. Using this method, the criminals gained control over nearly all of her online accounts by intercepting security codes sent to her device. She described the ordeal as “horrible,” recounting how the scammers took over her Gmail account and subsequently locked her out of her bank accounts by bypassing security checks. In addition, the attackers opened a credit card in her name and spent over £3,000 on vouchers. Sue had to make multiple visits to her bank and phone provider to regain control of her accounts. The intruders did not stop there; after hacking into her WhatsApp, they sent alarming messages to horse riding groups warning that people were coming to harm the horses, an act Sue called “sinister.” Investigations revealed that Sue’s personal information—including her phone number, email, date of birth, and address—had been leaked in breaches from platforms such as PaddyPower in 2010 and Verifications.io in 2019. Cybersecurity expert Hannah Baumgaertner from Silobreaker explained that this leaked data likely aided the Sim swap attack by allowing scammers to intercept identity verification codes.
Scams don’t always involve large financial sums, as illustrated by Fran from Brazil. Fran discovered that her Netflix account had been hijacked by another user who raised her subscription fees without her permission. “I was charged $9.90 (£7.50) on my payment card, even though I hadn’t made this purchase,” she told the BBC. After confirming with her family that no one else had accessed the account, it became clear that a freeloader was responsible for the unauthorized charges. While the exact method the scammer used to gain access remains unknown, Fran’s email address had appeared in multiple data breaches, including those involving the Internet Archive and Wattpad. According to Alon Gal, co-founder of cybersecurity firm Hudson Rock, there is a thriving market where stolen streaming accounts like Netflix and Spotify are sold cheaply on forums, allowing cybercriminals to exploit data leaks for ongoing fraud.
Private information combined with publicly available details can also increase risk, as demonstrated by Leah, a small business owner who was targeted in a phishing scam. Leah received an email purporting to be from Facebook, claiming she was due a refund. She clicked a link and entered her credentials on a fake Meta site, which enabled scammers to take over her business account despite two-factor authentication. The attackers then posted illegal content under her name, leading to her being blocked from Messenger and her business page. Over three days, the fraudsters ran unauthorized advertisements costing Leah hundreds of pounds, which she was eventually reimbursed for. Cyber intelligence expert Alberto Casares found that Leah’s email and other data were compromised in breaches such as those at Gravatar and Qantas, and suggested the scammers combined stolen private information with publicly listed business contact details for a targeted phishing attack.
Massive data breaches continue to fuel scams globally, with 2025 witnessing several high-profile incidents. For example, the Co-op suffered a breach affecting 6.5 million people in April, Marks & Spencer was hacked with an undisclosed number of individuals impacted, Harrods lost information of 400,000 customers, and a Qantas airline hack exposed records of 5.7 million flyers. Proton Mail’s Data Breach Observatory reported 794 verified breaches this year alone, with over 300 million records exposed. Eamonn Maguire from Proton Mail highlighted that stolen data is highly valuable to criminals as it consistently generates profit through fraud, extortion, and cyberattacks. While companies are obliged to notify customers and regulators after breaches, there are no strict requirements regarding victim support. Some firms, like Ticketmaster last year, have offered free credit monitoring, but the trend is declining. Others, such as the Co-op, have provided vouchers with conditions, while Marks & Spencer and Qantas have not offered similar services. Legal actions, including class lawsuits, are becoming more common but often face challenges due to difficulties in proving individual harm. However, there have been exceptions; for instance, T-Mobile agreed to pay $350 million in settlements to customers affected by a 2021 breach, with payments between $50 and $300 per person
Read the full article from The BBC here: Read More
Auto Amazon Links: No products found. Blocked by captcha.