How to protect your data against cyber attacks

In the last few weeks, some of the country’s biggest brands - Co-op, M&S and Harrods - have all fallen victim to cyber attacks.

The fact that major retailers are increasingly being targeted isn’t surprising, as they hold a huge amount of information on their customers, from people’s bank details to their purchasing history.

At the same time, any brands are investing more heavily in digital technology, such as new apps and payment options.

That, in turn, makes them more vulnerable to sophisticated cyber threats, such as ransomware and phishing.

So what does this mean for you and how can you keep your data safe?

How to stay safe against ransomware scams

Ransomware typically affects businesses rather than their customers, but the consequences can often trickle down. 

If your personal data is compromised during a cyber attack, scammers may try to use that information to target you directly. 

But there are ways to reduce your risk.

Be wary of emails or texts from retailers

Even if it looks legitimate, double-check by visiting the brand’s official website or ringing their customer service number. 

Don't click on links or download attachments unless you're absolutely sure it's genuine.

Update your passwords

If you've shopped with a retailer that’s been breached, update your log-in details straight away.

Choose strong, unique passwords that are hard to guess and set up two-factor authentication (2FA) if it’s an option.

Use antivirus and anti-malware software

Make sure your devices are protected and that security software is kept up to date.

Back up your data

If you’re ever hit with ransomware directly (which is rare but possible), having secure backups means you won't be at the mercy of cybercriminals.

How to spot scams after a cyber attack

Scammers often take advantage of the confusion following a data breach. 

For example, they might send you a message that appears to be from the affected company, claiming to offer you compensation or help recovering your account.

So it’s important to know what to look out for.

Unusual urgency or threats

Be wary of emails that pressure you to act straight away to secure your account.

Legitimate businesses won’t rush or threaten you into handing over sensitive information.

Requests for sensitive information

Real companies won’t ask you for personal information, such as your password, bank details or answers to your security questions, over email or text.

Misspellings and odd formatting

Scammers will often copy the branding of legitimate organisations so their emails appear genuine.

But there may be clues that it’s not real, such as spelling mistakes or strange email addresses.

Check the sender address

Look beyond the display name to see the actual email address. 

If it looks off, it probably is.

And if you’re in any doubt, contact the company directly through their official customer service channels to find out if they’ve tried to get in touch.

What are my rights after a data breach?

If you’re affected by a data breach at a company, you do have some legal rights.

The company must let you know

If your personal data has been compromised and it poses a risk to your rights or freedoms, the company is required by law to tell you straight away.

You can ask what was taken

You’re entitled to know what data of yours was affected and what the company is doing to mitigate the damage.

You can complain or claim compensation

If you think the company didn’t do enough to keep your data safe, you can complain to the Information Commissioner’s Office (ICO).

You may also be able to seek compensation for distress or financial loss, either from the company itself or through the small claims court.

Be proactive after a data breach

If you’re worried that your data has been compromised, then act quickly and decisively. 

You can start by closely monitoring your bank accounts, credit cards and any other financial services you use. 

Look out for unfamiliar transactions, unexpected direct debits, or changes to your account details. 

Even small, unexplained charges can be an early sign that someone is testing your information before making larger purchases or withdrawals.

You can also check your credit file regularly through services like Experian, Equifax, or TransUnion. 

This can help you spot any attempts to open new credit cards, loans or mobile phone contracts in your name. 

If you notice anything suspicious, report it to your bank, the credit reference agency and Action Fraud.

Recent attacks ‘should be a wake-up call for businesses’

This week, cabinet minister Pat McFadden described cyber attacks as “serious organised crime” and urged businesses to take the threat seriously. 

“What we have seen over the past couple of weeks should serve as a wake-up call for businesses and organisations up and down the UK,” he said.

“Cyber security is not a luxury but an absolute necessity."

But while it’s down to businesses to do all they can to keep your date safe, that doesn’t mean you can’t do anything.

By staying alert and taking a few simple precautions, you can reduce your risk and, hopefully, stay one step ahead of the scammers.