Cyber Attack - personal data

Yvie_1

Just been notified from a former employer that they experienced a cyber incident between Feb 2023 to Sept 2023.  The employer has only just notified me of this and I have been given access to a credit reference agency free of charge to check.  My concern is that this happened almost 2 years ago and the letter indicates that my personal data was stolen, I may have already had my identity stolen.  The employer is based in the US so I am unsure what I need to do to check whether my personal data has been used outside of the UK.  Any advice would be appreciated.

MattMattMattUK

Yvie_1 said:

Just been notified from a former employer that they experienced a cyber incident between Feb 2023 to Sept 2023.  The employer has only just notified me of this and I have been given access to a credit reference agency free of charge to check.  My concern is that this happened almost 2 years ago and the letter indicates that my personal data was stolen, I may have already had my identity stolen.  The employer is based in the US so I am unsure what I need to do to check whether my personal data has been used outside of the UK.  Any advice would be appreciated.

Keep an eye on your credit reports for anything that is not financial products that you have taken out, that is pretty much it. I would say that if it happened two years ago and nothing has happened yet then it almost certainly will not. Data used for financial fraud is almost always fresh. 

vacheron

It is possible if you have just recieved this warning that your former employer may also have just realised or been made aware that the incident took place 2 years ago. 

Does the letter say that you details "were stolen", or instead "may have been stolen / compromised", or something of that nature?

It may have simply been that they have identified that hacker or other unauthorised person was simply able to access these files, they may have then just browsed them or passed them by.

Not all data that a hacker or unauthorised person accesses is necessarily stolen, in the same way that if someone leaves a department store door unlocked overnight, someone may gain unauthorised entry, and look around while being captured on CCTV, but may have no intention of stealing, or simply may not see anything they wanted to take. 

ch3shirecat4

Yvie_1 said:

Just been notified from a former employer that they experienced a cyber incident between Feb 2023 to Sept 2023.  The employer has only just notified me of this and I have been given access to a credit reference agency free of charge to check.  My concern is that this happened almost 2 years ago and the letter indicates that my personal data was stolen, I may have already had my identity stolen.  The employer is based in the US so I am unsure what I need to do to check whether my personal data has been used outside of the UK.  Any advice would be appreciated.

That’s really rough, especially finding out so long after it happened. Good shout keeping an eye on your credit reports and freezing them if you can. Might also be worth checking with the ICO about what you can do since it involves a US company. If you want extra peace of mind, services like CloudGuard.ai can help detect and stop threats. Hope that helps. 

MEM62

If the data was compromised that long ago, if anyone was going to do anything nefarious with it you would have known about it by now.