National Cyber Security Centre
Public urged to be aware of post-data breach scams
New NCSC guidance helps people stay safe online when cyber criminals use information from data breaches to try and steal sensitive personal data.
- The National Cyber Security Centre (NCSC) warns the public of the threat to their personal data following cyber attacks or breaches after 46%* of UK businesses reported incidents in the last year
- New guidance published on international Data Privacy Day encourages people to look out for suspicious emails and consider changing passwords
- Public encouraged to visit www.cyberaware.gov.uk for key advice on staying safe online
CYBER security experts have today issued new guidance to help individuals avoid being scammed following data breaches against organisations.
With nearly half of UK businesses reporting a cyber breach or attack in the past year, the National Cyber Security Centre (NCSC) – a part of GCHQ – has produced guidance to help individuals and families stay safe in the aftermath of a breach.
Criminals can use information taken from a breach, such as email addresses, to send phishing messages to try and trick people into handing over sensitive personal data like credit card details.
The guidance – published on international Data Privacy Day – explains what data breaches are, how they can affect people, and steps to take if their data may have fallen into the hands of cyber criminals as a result of a breach.
For example, if people receive a message that includes a password they have used in the past, the recommendation is to change the password immediately to one that uses 3 random words.
The majority of scams against individuals can be defended against the majority of the time by following the six behaviours set out in the cross government Cyber Aware campaign – and the NCSC is encouraging people to follow the advice set out at www.cyberaware.gov.uk.
Sarah Lyons, NCSC Deputy Director for Economy and Society, said:
“With so many aspects of our lives now managed online, people understandably want to know that their personal data is secure.
“Data breaches against organisations might seem like distant events, but they can have real-world consequences to individuals.
“I encourage everyone to follow the steps in our ‘Data Breaches: Guidance for Individuals and Families’ to help you stay secure online.”
The guidance, Data breaches: guidance for individuals and families, sets out the steps to take if your data may have fallen into the hands of cyber criminals as a result of a breach, including
- being alert to suspicious messages after the breach is made public which talk about ‘resetting passwords’ or ‘receiving compensation’;
- receiving a suspicious message that includes a password you’ve used in the past;
- checking for unauthorised activity on your online accounts, and;
- what to do if you suspect an account of yours has been accessed.
Alongside the new advice, the NCSC is encouraging anyone who receives a suspicious text message – such as those relating to the NHS coronavirus vaccination campaign - to forward it to 7726. Suspicious emails should be forwarded to firstname.lastname@example.org.
Those who do fall victim to online fraud should contact their bank immediately and report it as a crime to Action Fraud.
The NCSC is also delivering the cross government ‘Cyber Aware’ campaign aimed at helping people in the UK to stay as secure as possible when online.
The Cyber Aware campaign encourages the public and small businesses to adopt six behaviours to protect their online accounts and devices. These are:
- Use a strong and separate password for your email
- Create strong passwords using 3 random words
- Save your passwords in your browser
- Turn on two-factor authentication (2FA)
- Update your devices and apps
- Back up your data
The campaign is supported by leading organisations such as Microsoft, Vodafone, BT, ASOS, Barclays and Citizens Advice, who are actively helping their customers adopt Cyber Aware’s key behaviours.
Latest News from
National Cyber Security Centre
GCHQ reflects on the passing of His Royal Highness The Prince Philip, The Duke of Edinburgh13/04/2021 11:10:00
GCHQ and the NCSC reflect on the passing of HRH The Duke of Edinburgh.
Paws-word change recommended on National Pet Day09/04/2021 14:15:00
Ahead of National Pet Day, the NCSC is encouraging people to use three random words for passwords rather than the names of their pets.
More Master's degrees at UK universities recognised by cyber security experts09/04/2021 11:15:00
Ten universities around the UK have received official recognition for their postgraduate degrees in cyber security.
CYBERUK: flagship event set to take place in fully digital format02/04/2021 10:15:00
UK government’s cyber security event to be held virtually on 11-12 May giving the widest audience chance to participate.
New NCSC CEO warns against complacency while outlining future cyber risks29/03/2021 14:48:00
Wide-ranging speech from Lindy Cameron outlines the NCSC’s key successes so far, as well as recognising new challenges and developing threats the organisation faces.
New NCSC CEO to deliver first major speech in the role this morning26/03/2021 14:15:00
Lindy Cameron will speak to a virtual audience at Queen’s University, Belfast, today.
New web tool to test your cyber risk as survey exposes 80% of British people fear online attacks24/03/2021 13:15:00
As part of the Cyber Aware campaign, a new tool has been developed to help consumers understand their cyber security risk.
Cracked it: Codebreaking schoolgirls see off local rivals for chance to win UK cyber contest22/03/2021 15:43:00
The ten teams to tackle the cyber challenges at the virtual CyberFirst Girls Competition Grand Final 2021 announced.