With the rise in cyber-attacks worldwide, you’ve likely received more than one notification from a company you work with informing you that your data has been compromised in a breach. While there are steps we can take as consumers to protect ourselves, sometimes we can’t control when a company that promised to protect our personal data gets hacked.
In 2023, Statista reported that 52% of all global organization breaches involved customers’ personal identifiable information (PII), making your personal data – addresses, numbers, names, birth dates, social insurance numbers, etc. – the most commonly breached type of data. A recent example is the recent major data breach of a company called National Public Data that has resulted in 2.7 billion records from the UK, US, and Canada being leaked.
So now what? What do you do when you receive a letter in the mail from your health care provider or favorite retail store admitting, “Whoops, we got breached.” It’s more than upsetting to think that your data is now in the hands of criminals.
When sensitive information leaks, you’ll have to do some recon to protect your accounts from suspicious activity. Follow these seven steps to safeguard your accounts after a data breach.
What To Do After Your Data’s Been Leaked
1. First, make sure the breach is legit
One ploy that hackers use to get our data is to impersonate popular companies and send out fake e-mails or letters about an alleged breach. Whenever you get a notification like this, go to the company’s website or call the company directly. Do NOT use information in the letter or e-mail because it could be fake. Verify that the company was hacked and which of your data may have been compromised. Try to get as much information as possible from the company about the breach. When did it happen? Was your data actually impacted? What support is the company offering its customers to mitigate the breach? For example, some companies offer yearlong free credit monitoring or identity fraud prevention.
2. Figure out what data was stolen
After speaking directly with the company, determine what data was stolen. Credit cards can be easily replaced; Social Insurance Numbers, not so much. You’ll want to know what was compromised so you can take the necessary steps to monitor or update that information.
3. Change passwords and turn on MFA
After a breach, you’ll want to quickly update to a new, strong password for the breached account and any account with the same login credentials. Additionally, if you see an option to log out all devices currently logged in to your account, do that.
While you’re doing that, make sure you have multifactor authentication turned on in your account or privacy settings so that even if a hacker has your login, they can’t access your account without your biometric data or a separate code.
4. Monitor your accounts
Even after changing your passwords, you should keep a close eye on any accounts linked to the breach. Watch out for any account updates or password changes you didn’t authorize. They may be a sign of identity theft. If your credit card number was stolen, pay attention to your bank and financial accounts and look for unusual activity, such as unexpected purchases.
5. Report it
If you’re not sure a company knows it’s been breached or you’ve experienced fraud due to a breach, report it to relevant authorities like local law enforcement or the Federal Trade Commission. They can provide guidance and next steps on how to protect your identity.
6. Be aware of phishing attempts
Often, after data leaks, hackers use the information about you they stole to send you phishing e-mails or calls to trick you into giving away even more sensitive information. Be very wary of any e-mails you weren’t expecting, especially those that request personal or financial information, and avoid clicking on any links or attachments.
7. Consider identity theft and data breach protection
Consider identity theft protection after a breach, especially when highly sensitive data is stolen, like your SSN. It’s a time-consuming process to replace a Social Security card. In the meantime, criminals could be using it to impersonate you. Identity theft and data breach protection help monitor your credit or other accounts, protect your identity and notify you when your data appears on the dark web.
While companies are responsible for protecting customer information, breaches can and will still occur. Because of this, we must all take steps to protect our information in an increasingly risky digital world. By following the steps above, you can minimize a breach’s impact on your life.