What should I do if I have suffered a security breach?

Computer attacks, such as the one recently recognised by Orange at the beginning of this November, have increased substantially in recent times or at least their knowledge by citizens. The fact that, since the entry into force of the GDPR, there is a dual obligation to notify the Spanish Agency for Data Protection and those affected of a security breach has resulted in greater knowledge of these facts, which does not necessarily mean that it did not occur before.

Not only has Orange been the recent victim of cybercriminals. Large companies with thousands or millions of customers have suffered: Netflix, Zoom, or Wallapop are just a few recent examples.

Regardless of the measures taken by the companies affected, the question really is:

If my personal data has been exposed as a result of a security breach, what can I do? There are four basic recommendations:

How do I protect myself from a security breach? Modify your access credentials:

As soon as you know that you are a client of a company that has been affected by a security breach, if you access private areas with passwords or other types of identifiers, change them immediately.

Even if such a breach does not occur, changing credentials on a regular basis (at least every 6 months) should be common practice to maintain good internet “health”.

Can I report?

Depending on the type of attack, there are different routes that can be taken:

1. Any leak of personal data can be reported to the Spanish Data Protection Agency. Remember that the purpose of this complaint is sanctioning, which means that if a breach is detected, the consequence will be a fine for the company in question, but never compensation for you. In fact, anyone can file a complaint with the Spanish Data Protection Agency, even if they are not the data subject.

2. Report to the Police if the facts may constitute a crime. Computer attacks can usually result in the theft of credentials or personal data, in order to carry out practices such as phishing that can lead to attempted crimes such as identity theft. Other cases may involve illegal action compatible with the crime of damage.

Am I entitled to compensation for a security breach?

If you can prove moral or patrimonial damage, the answer is certainly yes. That said, to date there is no case law in Spain on compensation related to computer damage, so the case should be studied well because, as a judicial procedure, legal representation is required and you run the risk of assuming the costs if your claim is dismissed.

Furthermore, we must add that in most cases the counterparty will be a large company with almost unlimited resources. We already discussed this topic in a blog in 2014 and, in essence, not much has changed.

And what else?

As we have said, computer attacks can seek to steal personal data that companies process, all this in order to carry out social engineering practices (deceit), such as phishing.

If you find yourself in this situation, pay special attention to emails, SMS or calls that you may receive after the attack, as it may be fraudulent communications posing as the attacked companies in an attempt to make you carry out unwanted activities: provide passwords, bank details or, for example, provide data from third parties.

If you have been a victim of a security breach or want more information on this subject, do not hesitate to contact us!

Information on data protection

Company name
LEGAL IT GLOBAL 2017, SLP
Purpose
Providing the service.
Sending the newsletter.
Legal basis
Compliance with the service provision.
Consent.
Recipients
Your data will not be shared with any third party, except service providers with which we have signed a valid service agreement.
Rights
You may access, rectify or delete your data and exercise the rights indicated in our Privacy Policy.
Further information
See the Privacy Policy.