MoveIt Hack: What Action Can Data-breach Victims Take?
More than 100,000 people have been warned their personal data is in the hands of cyber-criminals as a result of a continuing mass hack.
The BBC, British Airways, Aer Lingus and Boots are among the companies whose staff have been affected by the MoveIt data breach.
And more organisations are expected to issue staff warnings, as the extent of the breach is discovered.
But what action can those caught up in mass hacks take?
Don't panic
In the early stages of an attack such as this, the most pressing advice is aimed at the organisations.
Hackers are not interested in going after individuals - it is too time consuming and they care about one thing only, getting paid.
And they will probably send ransom demands to the organisations breached, asking for the cryptocurrency Bitcoin.
"The important message to organisations right now is not to panic, to install the security patch and not to pay the criminals," former National Cyber Security Centre lead Prof Ciaran Martin says.
But once an organisation has been breached, the hackers have the upper hand.
And the criminals thought to be responsible for the MoveIt hack are notoriously ruthless with their extortion techniques.
Don't pay
The hackers often take time to consider their extortion tactics.
"Some prior incidents involving these criminals have seen victims not contacted until weeks after data was stolen - so if you don't hear from them in the coming days, you are not in clear," Mandiant Intelligence senior manager Kimberly Goody says.
The group, thought to be based in Russia, will then contact a company email address, demanding payment not to publish the stolen data online, Mandiant research suggests.
These demands are usually in the seven- or eight-figure range, Mandiant experts say, but there have been ones over $35m (£28m).
And law enforcement agencies around the world advise organisations not to pay, as it fuels the growth of these criminal gangs.
Be suspicious
For individuals, the advice is also not to panic but to be suspicious.
If your organisation refuses to pay the criminals, there is a good chance they will publish the data on the dark web or try to sell it to other hackers.
But there are many steps between that and you losing money.
"There really is an important message not to panic, as it's very unlikely that organisations have been storing data like full bank details which can lead directly to sort of financial harm," Prof Martin told BBC Radio 4's Today programme.
And although some organisations, such as British Airways, say some staff bank details have been stolen, this was highly unlikely to lead to individuals' bank accounts being drained.
The risk, experts say, is from secondary attacks, where hackers use the details they have to trick victims into revealing more details.
So the advice is to look out for suspicious emails and phone calls - particularly ones about the hack.
Don't log in
In a typical scam, individual victims might receive a message claiming to be from their organisation, asking them to log in and verify their account because "fraudulent activity has taken place".
Things to look out for, experts say, include:
- official-sounding messages about "resetting passwords", "receiving compensation", "scanning devices" or "missed deliveries"
- emails full of "tech speak", designed to sound more convincing
- being urged to act immediately or within a limited timeframe
The MoveIt breach is likely to become more serious as other companies discover they have been hacked - but, experts say, data stolen in previous hacks has been published in an obscure corner of the dark web, with little consequence to individuals.
From Chip War To Cloud War: The Next Frontier In Global Tech Competition
The global chip war, characterized by intense competition among nations and corporations for supremacy in semiconductor ... Read more
The High Stakes Of Tech Regulation: Security Risks And Market Dynamics
The influence of tech giants in the global economy continues to grow, raising crucial questions about how to balance sec... Read more
The Tyranny Of Instagram Interiors: Why It's Time To Break Free From Algorithm-Driven Aesthetics
Instagram has become a dominant force in shaping interior design trends, offering a seemingly endless stream of inspirat... Read more
The Data Crunch In AI: Strategies For Sustainability
Exploring solutions to the imminent exhaustion of internet data for AI training.As the artificial intelligence (AI) indu... Read more
Google Abandons Four-Year Effort To Remove Cookies From Chrome Browser
After four years of dedicated effort, Google has decided to abandon its plan to remove third-party cookies from its Chro... Read more
LinkedIn Embraces AI And Gamification To Drive User Engagement And Revenue
In an effort to tackle slowing revenue growth and enhance user engagement, LinkedIn is turning to artificial intelligenc... Read more