I don’t recognize a company breach I was involved in

Reviewed by Ryan Lindley, Director of Information Security

Usually when there’s a data breach, you’ll recognize the company as one you’ve done business with or have a social media account with. But sometimes you’ll see a name that you don’t recognize or even one that seems malicious like “Breachforums.”

One quick way to determine how your information might have been compromised in this hack is to read the breach description on your alert. This can provide context to the breach.

Here are the six main reasons why you might not recognize a breach:

Your Data was on the Site Maliciously

Some illegal sites sell stolen data and occasionally they themselves are breached. For example, in 2022, BreachForums was attacked and their database was put up for sale.

The breached data came from many sources. Previously reported data breaches could have been involved, but unreported data breach information could have also been accessed.

The Company That was Breached Owns a Company you do Business With

Often one company will own multiple brands. So when the parent company is breached, all the data from the various different brands could be affected. One example of this is the Luxottica data breach in 2021. While most people have not heard of Luxottica, they own over 150 sunglasses manufacturers globally, as well as LensCrafters and EyeMed. So people who had EyeMed vision insurance through their work were affected by this breach.

The Company That was Breached Provides Services to a Company you use

Companies often use a variety of software providers for their infrastructure, IT, or storing their data. So the data that was breached may have been from a site you do know, but that data was stored by a third-party company that was breached.

Enter your email address and get results in seconds

Hackers and thieves don’t wait and neither should you! See if your passwords have been exposed in a data breach.

The Company That was Breached is a Government Organization or an Affiliate Entity That has Your Data

We don’t really have a choice about our data being stored by government organizations or by associated entities like credit bureaus. While you may never have signed up for an Experian® account, as one of the three credit bureaus they already have your data. So when they were breached, your data could have been leaked.

A Company has Rebranded

Sometimes the reason is as simple as a company changing their name. Twitter rebranded to X and JarvisAI to JasperAI. A simple Google search for the company can often reveal if they’ve changed names.

Someone Used Your Email to Create an Account

If none of the previous reasons could explain the breach, it could be that someone has either used your email to create an account or sign up for an email list. To check if this is the case, use your email to reset your password for that account and log in to see if any of your other information is stored there.

Your Data was Part of a Combo-List

Combo-lists are generally compiled lists of breach data (typically usernames and passwords) organized by region or some other identifier. Hackers then try to gain access to multiple websites and platforms using the stolen information. What this means for you is that your information may be breached in a manner that seems almost entirely disconnected from any relationship to the breach source.

What Cyber Security Professionals are Saying

Chester Wisniewski

Principal Research Scientist at Sophos

“Looking forward into 2023 has me very concerned with what developments we see with the malicious use of machine learning technologies”

Matt Kapko

Cybersecurity Reporter

"Threat actors don’t just follow the news — they react to it and identify new ways to target potential victims during moments of heightened sensitivity."

Chester Wisniewski

Principal Research Scientist at Sophos

"ChatGPT3 could easily be weaponized to help criminals write more convincing phishing and business email compromise scams."