Nearly half of the victims of big business data breaches then go on to be targeted by fraudsters, it is claimed.
The shocking figures come from consumer group Which? amid concerns that companies and public bodies are not taking security seriously.
They hold huge archives of sensitive information, including customers’ addresses and payment card details, which can be used for ID theft and money transfers.
Concerns are rising that businesses do not do enough to protect their clients from online fraud
Even a cache of email addresses can be used for phishing attacks in which fraudsters pretend to be official bodies.
A consumer survey by Which? found 46 per cent of those whose data was stolen then experienced fraud.
Often, they suffered huge distress and struggled to get any help or compensation.
BA, easyJet, Marriott Hotels and software company Blackbaud are among firms to have been hit by hackers.
As part of its investigation, Which? asked members to submit their email addresses to the website haveibeenpwned.com, which can tell if they have been involved in a hack.
This revealed that 79 per cent of 610 email addresses had experienced at least one breach and one had been involved in 19.
Which? said firms are doing too little to protect customers.
Editor of Which? Money Jenny Ross said: ‘Whether we’re shopping online, booking a holiday or signing up to a new mobile phone contract, we have to trust the companies we deal with to protect our details – and if things go wrong we need to know that businesses are held to account.’
Here are some consumer tips from Which? for protecting data:
Always set strong passwords. There are many services available which will alert you if your passwords have been compromised. And where possible, turn on two-factor or multi-factor authentication.
Do not save your credit card details if you are not going to use the service regularly.
Although it may be inconvenient to resubmit them, it is better than having your financial information unnecessarily stored in a database that could be compromised.
Just checkout as a guest if you are not going to use the service that often. Only create an account if you really need to.