Public urged to be aware of post-data breach scams

• The National Cyber Security Centre (NCSC) warns the public of the threat to their personal data following cyber attacks or breaches after 46% of UK businesses reported incidents in the last year
• New guidance published on international Data Privacy Day encourages people to look out for suspicious emails and consider changing passwords
• Public encouraged to visit www.cyberaware.gov.uk for key advice on staying safe online

CYBER security experts have today issued new guidance to help individuals avoid being scammed following data breaches against organisations.

With nearly half of UK businesses reporting a cyber breach or attack in the past year, the National Cyber Security Centre (NCSC) – a part of GCHQ – has produced guidance to help individuals and families stay safe in the aftermath of a breach.

Criminals can use information taken from a breach, such as email addresses, to send phishing messages to try and trick people into handing over sensitive personal data like credit card details.

The guidance – published on international Data Privacy Day – explains what data breaches are, how they can affect people, and steps to take if their data may have fallen into the hands of cyber criminals as a result of a breach.

For example, if people receive a message that includes a password they have used in the past, the recommendation is to change the password immediately to one that uses 3 random words.

The majority of scams against individuals can be defended against the majority of the time by following the six behaviours set out in the cross government Cyber Aware campaign – and the NCSC is encouraging people to follow the advice set out at www.cyberaware.gov.uk.

Sarah Lyons, NCSC Deputy Director for Economy and Society, said:

“With so many aspects of our lives our now managed online, people understandably want to know that their personal data is secure.

“Data breaches against organisations might seem like distant events, but they can have real-world consequences to individuals.

“I encourage everyone to follow the steps in our ‘Data Breaches: Guidance for Individuals and Families’ to help you stay secure online.”

The guidance, Data breaches: guidance for individuals and families, sets out the steps to take if your data may have fallen into the hands of cyber criminals as a result of a breach, including

• being alert to suspicious messages after the breach is made public which talk about ‘resetting passwords’ or ‘receiving compensation’;
• receiving a suspicious message that includes a password you’ve used in the past;
• checking for unauthorised activity on your online accounts, and;
• what to do if you suspect an account of yours has been accessed.

Alongside the new advice, the NCSC is encouraging anyone who receives a suspicious text message – such as those relating to the NHS coronavirus vaccination campaign - to forward it to 7726. Suspicious emails should be forwarded to report@phishing.gov.uk.

Those who do fall victim to online fraud should contact their bank immediately and report it as a crime to Action Fraud.

The NCSC is also delivering the cross government ‘Cyber Aware’ campaign aimed at helping people in the UK to stay as secure as possible when online.

The Cyber Aware campaign encourages the public and small businesses to adopt six behaviours to protect their online accounts and devices. These are:

• Use a strong and separate password for your email
• Create strong passwords using 3 random words
• Save your passwords in your browser
• Turn on two-factor authentication (2FA)
• Update your devices and apps
• Back up your data

The campaign is supported by leading organisations such as Microsoft, Vodafone, BT, ASOS, Barclays and Citizens Advice, who are actively helping their customers adopt Cyber Aware’s key behaviours.

Notes to editors

• Data shows that nearly half of UK businesses (46%) reported a cyber breach or attack in the past year (46%) and a quarter of charities (26%) report having cyber security breaches or attacks in the last 12 months, and over 55% of all businesses hold personal data about customers electronically.
• The NCSC works closely with organisations and charities across the UK, and has published its bespoke Small Business Guide, which provides information on how to improve cyber security in a way that saves time and money.
• The NCSC has also published advice for charities and medium and large sized organisations