Bad actors are after your data.  They want to turn your data into money any way that they can.  That may involve using your data to steal your online banking passwords and account numbers, or may involve stealing personal and contact data to make a phishing attack more convincing and effective.  Why?  So that you will unknowingly click on a link in an email to install ransomware, as the city of Baltimore recently learned to its horror or to gain access to your company’s servers.  It may involve simply selling your information to online marketers.

How do the bad actors collect your data?  Sometimes it’s as easy as opening a file, as when a data aggregator leaves your data lying around in a file accessible to the Internet without even the flimsiest of passwords.  In other cases it’s through an un-patched vulnerabilityin an operating system, or a skilled spear phishing attack by a malevolent state actor.

Huge amounts of data have been leaked or purloined over the years.  Now there are free services that will check whether your data (or at least your e-mail address) has been leaked in the large data breaches.  Here is one such service.  Here is another.   ‘Free’ is, of course, a relative term.  You have to give up your e-mail address.  Your loyal author has only one e-mail address, which is plastered all over the Internet.  Receiving even more spam e-mail is not a burden for me, but it may be for you.  

You and your company also have options to detect and respond to actual breaches from your computer system occurring in real time.  If your company handles information from European Union or California residents, then you may be subject to the EU’s General Data Protection Regulation or to the California Consumer Privacy Act .  You or your company may be liable for data breaches under those laws.  Several other states also have data privacy laws in place.  You are well advised to learn about your obligations and to take steps to prevent data loss and to monitor and respond to data loss that does occur.

— Robert Yarbrough, Esq.