When passwords are exposed in cyberattacks: advice

When passwords are exposed in cyberattacks, victims can be entitled to make a claim for data breach compensation with us on a No Win, No Fee basis.

As a leading firm of data breach and consumer action specialists, we represent thousands of people for individual and group action cases. Many of those have had personal information exposed as a direct result of a cyberattack, which has involved exposed credentials. People have legal rights that are enshrined in law, and you could be entitled to claim damages if this has happened to you.

Data breach compensation amounts can be based on the extent of any distress and any impact on you. There are also some key steps to take to protect yourself as well.

What to do when passwords are exposed in cyberattacks

When passwords are exposed in cyberattacks, swift and effective action is needed to protect people from further data exposure and from financial harm.

Any organisation that suffers a cyberattack where passwords are exposed should, at the very least, force all users to reset their passwords. Advice should be issued in terms of making sure that passwords are strong and unique, and that people could now be targeted by criminals and fraudsters.

For those who are the victims, you need to change your password immediately. No one should re-use the same credentials across more than one account, but we know that this still happens. If you have done this, you should also immediately change any other account credentials where the same ones have been used.

Make sure to use unique credentials for each account.

They say, ‘once bitten, twice shy’ – maybe it’s time to step up your personal security. Make use of technology like two-factor authentication that can act as an added layer of protection when passwords could be exposed. Set up login alerts if possible to know in real-time if something suspicious may be happening.

Are the risks really that bad?

The risks when passwords are exposed in cyberattacks can be substantial. Your personal data can be exposed, and criminals may access your account to find out more about you to target you further.

For example, if an email address password is hacked, they may see that you have emails from Amazon and have an Amazon account. They may then try to break into your Amazon account, which could be easy if you’ve used the same credentials. Or, they may go through the password reset facility. You may then have situations leading to fraud and theft.

You may also be contacted by criminals who pose as legitimate organisations. They may see that you have an account with BT and may contact you about an upgrade that you had received marketing material for. Fraudsters are good at tricking people into handing over access to accounts or even money, and we have seen it before. We helped people who had money stolen in the wake of the TalkTalk hack and, more recently, fraud events have taken place for victims of the easyJet data breach.

Claiming compensation

When passwords are exposed in cyberattacks, victims can be entitled to bring a claim for data breach compensation with us on a No Win, No Fee basis.

If the cyberattack led to your personal information being exposed, and more could – and should – have been done to have prevented the breach, that’s when you may be able to claim. For free, no-obligation advice, make sure you speak to our team today using our contact page here.

Some of the over 45 group and multi-party actions that we represent people for involve substantial cyberattacks, including:

• The British Airways data breach which we are on the Steering Committee for – the first GDPR Group Litigation Order (GLO) in England and Wales;
• The 2017 Equifax data breach;
• The Ticketmaster cyberattack of June 2018;
• The recent LOQBOX hack;
• The very recent and monumental easyJet data breach affecting 9 million people.

NHS ransomware attacks: rights for victims

Confidential patient information data breach