Last month, hackers breached the website of Wendy’s Philippines and leaked the personal data of more than 80,000 members.
The records obtained from infiltrating the fast-food chain’s website here in the Philippines included sensitive information such as customer names, contact information, address, passwords, transaction history, and others. These records were published online and thousands of people were exposed to the said leak.
After the leak, the National Privacy Commission (NPC) launched an investigation to find out more about the said breach. Wendy’s was also ordered by the agency to notify its customers who were affected by the attack on their servers.
As a preventive measure, the NPC also ordered Jollibee to temporarily suspend its online delivery service due to vulnerabilities spotted in its system.
Although the scale of the data leak is smaller than that experienced in more prominent events, such as the Commission on Elections data breach in 2016, these things can still harm individuals.
What happens when your personal information has been leaked to the public? You may want to know how your data is being used once it becomes available to the public.
Stage 1: Nothing
Some pieces of information about you may have been leaked online and you think that they might do something with your data.
Whether there’s a swift response to the leak or just plain luck, sometimes nothing will happen to your user information. In addition to the reaction (or lack thereof) to your data, the leaked information may not contain anything useful for the hackers to use.
Finally, there’s a chance that the leak may not be intentional at all.
Stage 2: Spamming and Scamming
If hackers obtaining some of your contact details during the data breach, chances are you’re going to receive unsolicited phone calls and emails from marketers.
There are two ways your contact information can be used after a leak: either you as well as others affected by the breach end up on a list that will be sold to marketing firms as leads or you’ll be targeted by scammers. These scammers may use your data for phishing scams and other forms of fraudulent activity.
Stage 3: Fraud
Let’s say that the security at your favorite e-commerce website has been breached by a group of black-hat hackers. They stole your data, including credit card details or other forms of payment.
With this stolen information, they can attempt to make fraudulent purchases using your account. Left unchecked, you might end up paying for things you never even bought—and received—in the first place.
Stage 4: Identity Theft
How would you know if a data leak is serious? If they contain enough details for the criminal elements to create “versions” of you to use in their activities.
Sensitive information such as biometric data, financial records, social security number, and other pieces of personal information can be used against you. This can be used to create ID cards bearing your name, take out credit cards and loans, and misrepresent you in illegal activities.
Since the identity thieves will be trading under your name, you’ll be the first one apprehended by the authorities.
How to protect yourself after a data theft
In the event of a data leak and your personal information being obtained illegally, you can keep yourself safe by following these measures:
Know your rights
According to the NPC, “your personal data is treated almost literally in the same way as your own personal property.
Under Republic Act No. 10173 or the Data Privacy Act of 2012, these are your rights as data subjects:
- The right to be informed
- The right to access
- The right to object
- The right to erasure of blocking
- The right to damages
- The right to file a complaint
- The right to rectify
- The right to data portability
Follow the news
In the event of a data breach, make sure to keep yourself updated with all the developments, starting from the origin of the breach up to the investigations undertaken by the different government agencies and groups.
By being in the know, you can make informed decisions and even learn a thing or two from the whole debacle.
Check your bank accounts
Even if the news of an information breach happens overnight, we now have the technology to instantaneously check our accounts to see if there have been signs of unauthorized access.
If there are any transactions made without your consent, contest them with the bank immediately.
Set up two-factor authentication
With two-factor authentication (2FA) is set on your accounts, they cannot gain access without your security codes.
For banking products like credit cards, it’s highly likely you can use your provider’s app to enable 2FA via app or text.
Meanwhile, online accounts like email and social media credentials can be further secured with apps like Authy and Google Authenticator.
Level up your password gaming
It’s hard to get out of your old password habits, but if you want to make your digital security almost impenetrable, you have to learn new skills.
For instance, attempts at breaching your accounts should prompt you to change your passwords immediately.
Also, stop using your birthday, your crush’s name, and other weak passwords for your important accounts.
Sources: CNBC, Lawphil.net, The National Privacy Commission