HACKED|
The story of a data breach,
and its consequences for you

Facebook, Yahoo, Equifax. Billions of records stolen.

You may have heard of these breaches,
But what does that mean for you?

Get Started

What exactly is a data breach?

A data breach is when confidential or sensitive information is stolen or exposed, and then used by an unauthorized party. Anyone and anything could be a target of data breach, but the vast majority of data breaches happen to companies that have billions of data about individuals like you.



What does it mean for me?

You probably have heard about data breaches, or even experienced them. But what does that mean for you?

This project investigates what happens after a company is breached to show you who and what is targeted, and how and why this impacts you.

3:42AM

The breach begins

A hacker breaks into your hospital's network and starts extracting their database.

Healthcare and non-retail businesses being targeted more recently

Schools, governments, and retailers used to be the targets, but the targets have been changing.

Click to highlight different sectors:

While accidental leaks happen, targeted hacks are the dominant cause

Targeted hacks now account for over 70% of breaches...

...But accidental leaks are still 12–25% of breaches each year

Stolen devices were the cause of many breaches in the past, but much less so now

4:15AM

Your data is stolen

The hacker finishes downloading all the personal data, including yours.

Personal and contact information are being stolen more frequently

As we live more of our lives on line, we have been handing over this information to more companies. While it may seem harmless, contact information is quite useful to attackers — they can use it to commit identity fraud (pretending to be you), or they can sell it to data brokers for targeted marketing.

Full names appeared in 64% of breaches last year

Phone numbers appeared in 49% of breaches last year

Home addresses appeared in 42% of breaches last year

Over 100 types of data have been exposed to date

It’s not all just emails, passwords, and contact info. Over 100 distinct types of information have been exposed in breaches of online services over the past decade.

Click to explore the full breadth of stolen data:

12:04PM

Your data is sold on
the dark web

The hacker packages your name, Social Security Number, and other data for sale on a dark web marketplaces, where they are scooped up by a lucky buyer.

The price of your data varies,
but packaged data are among the most valuable

Prices of Stolen Personal Information on the Dark Web

Hover to explore the prices:

11:42PM the next day

Your data is
weaponized against you

These can happen in many different ways. The buyer can transfer funds from your accounts, secure a loan under your name, or impersonate you to scam your family members.

Your personal information can be weaponized in many ways:

As a victim, you stand to lose...

$500

median financial loss from identity fraud
according to the FTC

But financial loss is not the only damage. The reputational harm from having your social media or e-commerce accounts taken over, stress from being attacked, and time lost dealing with the damage are incalculable.

What can I do about it?

The number of stolen records is increasing, but you’re not helpless! There’s a lot you can do to keep yourself protected.

3 things to do right away:

Use a Password Manager

A password manager allows you to use a strong, unique password for every site without having to remember and type them all. That way, if your password for one service is exposed, attackers won’t be able to use it to figure out what your passwords for other services might be.

Turn on Two-Factor Authentication (2FA)

Two-factor authentication makes it impossible to use your login info without having physical access to your phone. A 2019 study by Microsoft found that two-factor authentication blocks 99.9% of automated attacks.

Set Up Free Monitoring

Breach monitoring services like HaveIBeenPwned.com will alert you when they uncover stolen data with your email address or phone number in it, so you can take action quickly.

Set Up Free Monitoring

3 things to do after your data is breached:

Change Your Passwords/Cards

Whenever you get a breach notification, the first thing to do is change your password for the breached service. If your service had credit or debit card information breached, replace those cards too. You may also want to change your email password too to stop password reset.

Freeze Your Credit & Enable Fraud Alert

Freezing your credit stops any attackers from opening a new account, loan, or credit card. It is free and can be requested to credit bureaus TransUnion, Experian, and Equifax (US). You can also request a fraud alert to one of the bureaus, and they are required by law to alert the other bureaus.

Freeze Your Credit

File a Report to the FTC

You can file a report to the FTC and they will guide you with further measures you can take to stop identity theft. They also have more resources for what to do before and after a breach and identity thefts.

Access FTC Resources