He Santander Bankthe DGT, Ticketmaster and Iberdrola are some of the large companies and organizations that have suffered security breaches in the last weeks. When this happens, the data of thousands of customers and users is used to extort the company or sold on the Dark Web to be used for criminal purposes, or both. After knowing that the security breach has occurred, the affected company or organization has a period of 72 hours to communicate it to the Spanish Data Protection Agency and inform affected customers and users.
It may happen that the attackers have managed to “non-sensitive data“, as Iberdrola stated about the hack suffered last month, or that also includes data from Credit cards, as in the case of Ticketmaster. But it would be a mistake to think that if you are in the first group you don't have to worry.
That information is used in phishing and spam campaigns and a user may be the victim of a phishing scam in which the attacker presents himself as a trusted company of which you are already a customer and knowing data that seems to confirm it. For example, your ID, your car registration number or your phone number.
This is, for example, what a Twitter user has reported in relation to the security breach he suffered. Carrefour Financial Services last January and in which data such as customer names, ID numbers and information about loyalty cards were leaked. Now this user reports a phishing campaign in which cyber scammers They use this data to present themselves as Carrefour and offer you access to a fraudulent websitein which you will be asked for more information, to supposedly redeem your loyalty points for a Nespresso coffee machine.
They are sending Carrefour PASS phishing with the data that was stolen from them. Name, ID, customer code and card are valid. pic.twitter.com/lc3lkB9diZ
— Marc Pàmpols (@mpampols) June 11, 2024
The OCU's advice if you appear in a data breach
The OCU has recalled on its page Web the importance of personal data, even if they are not passwords or banking information, and perform the following recommendations to people whose data appears leaked on the Internet after a cyber attack.
- HE suspicious with calls, emails or SMS that may not come from who they say. If you have doubts, contact the sending company directly to verify if it is genuine.
- Do not leave your data on any page that looks suspicious. Creating a fraudulent website that imitates that of a company or organization is very simple.
- Practice the call egosurfing. That is, search the Internet for information about yourself, it may lead you to find that it is where it should not be.
- The OCU reminds that victims of cyber attacks can claim to a bank or company that has made unauthorized charges for its reimbursement.