- 5 Important Steps to Take After a Data Breach
- What is a Data Breach?
- How to Stay Informed About Data Breaches
- Some of the Biggest Data Breaches of the 21st Century
- Frequently Asked Questions
Data breaches can happen at any time to any company, even large-scale enterprises, which means our information is always at a high risk of being compromised. If compromised, what do you do after a data breach? Are there steps you can take to protect your data after it’s stolen? The answer is yes, and we’ve compiled some helpful tips to follow in the aftermath.
5 Important Steps to Take After a Data Breach
If your information has been compromised, it's up to you to protect your accounts and data following the breach. Although the company that was hacked may offer identity theft services free of charge, you still need to do your due diligence to ensure your identity (and money) isn't stolen. Here's what you'll need to do:
- Determine what information was exposed
- Contact your financial institutions
- Place a credit freeze on your accounts
- Remove your home address from sites
- Change your passwords
Determine What Information Was Exposed
Before you take any steps after a data breach, it’s essential to know what was leaked in the breach. Often, companies will reach out after a breach to let you know whether your information was compromised or not. This isn’t always a guarantee, though.
Several tools are available for you to check whether your email address or phone number has been compromised. These include:
Contact Your Financial Institution or Credit Card Issuer
If any of your financial information was exposed in the breach, it’s important to contact your financial intuition, such as your bank or credit card issuer. They can help you determine the best next steps based on your situation. For instance, you may need to change your account numbers, dispute or cancel any authorized charges, or set up fraud alerts.
Place a Fraud Alert and Freeze Your Credit
If the recent breach exposed your social security number or financial information, it might be ideal to freeze your credit files. This will ensure identity thieves can’t open any new accounts in your name. You’ll want to contact the three major credit bureaus and place a fraud alert and freeze your credit:
If you’re applying for a credit card, buying a new car or home, or renting an apartment, you’ll have to remember to lift the freeze temporarily. You can also request a free annual credit report to make sure someone isn't taking out lines of credit under your name. Regularly monitoring your credit reports can help you spot unauthorized accounts in your name.
Remove Your Home Address from Websites
Did your home address get compromised? If so, you’ll want to act quickly or risk your home address being posted on other sites. You can search for your address on search engines. If it shows up, we suggest you report it immediately to Google and Bing.
You can also file a report with Twitter, Facebook, and Reddit if your private information was shared. Information on the internet is difficult to remove completely, but you can also use paid services to remove your address from specific websites. These services include Kanary and DeleteMe.
Change and Strengthen Any Compromised Passwords
When your password has been compromised, it’s crucial to change and strengthen that password, not just for this account but any other account with the same password.
As humans, we can be creatures of habit. So, it’s likely you’ve used the breached password more than once, and hackers can use that information to steal your data on other accounts. We suggest using a password manager, which will help you generate and store complex passwords for all your accounts.
Need Help Choosing a Password Manager?
We can help! We've picked our favorites for different needs and situations, including the best free options, the best password manager for families, and even small businesses.
Best Practices for Staying Safe Online
You can take many precautions to stay safe online, even if you can’t avoid data breaches. We suggest:
- Creating strong passwords (and using a different one for each account)
- Enabling privacy safeguards on browsers
- Using a virtual private network
- Purchasing from legitimate websites
- Staying current with antivirus and security software.
What is a Data Breach?
A data breach is the intentional or accidental exploitation of a corporation’s database to reveal confidential or protected information. This information can include your:
- Social Security number
- Bank account details
- Credit card numbers
- Personal health information
- Email addresses
Often, cybercriminals find an unauthorized entry point to hack into a corporate computer or network to expose consumer data and use it for identity theft or fraud. However, in some instances, an employee of the corporation may accidentally expose your information. Either way, your data gets compromised, and cybercriminals can profit at your expense.
According to multinational cybersecurity and anti-virus provider Kaspersky, this can occur due to several reasons, such as:
- An accidental insider
- A malicious insider
- A malicious outsider
- A lost or stolen device with sensitive information that’s unencrypted
Why Should You Care About Data Breaches?
Businesses, governments, hospitals, individuals, and retailers alike can be the subject of a data breach and have their personally identifiable information exposed. Cybercriminals have mastered the art of revealing information through the internet, Bluetooth, text messages, social media, or other online services you use.
James E. Lee, Chief Operating Officer of the Identity Theft Resource Center (ITRC), says that not surprisingly, financial services, such as banks, credit unions, insurance, and investment firms, are consistently among the most breached organizations.
"Healthcare is also one of the most breached sectors," he says. "Other sectors tend to rise and fall from year to year, but education and manufacturing/utilities each rose to be among the most breached organizations in the past year."
The subsequent damage of these incidents can be substantial. They can:
- Ruin an organization’s reputation
- Expose military operations and other types of confidential information to foreign parties
- Put individuals at risk of identity theft
"We've evidenced a massive amount of identity-related benefits fraud related to the pandemic," Lee says, explaining there has been a shift from identity theft to identity fraud.
"Much of the identity information used to apply for government benefits were stolen in previous data breaches," he says. "That means it is especially important for consumers to follow best practices."
How to Stay Informed About Data Breaches
If you want to stay informed about data breaches, there are three main things you should do:
- Follow us for the latest updates on data breaches and other online scams.
- Keep your email current for any of your online accounts because companies will usually send out communication regarding data breaches.
- Use websites such as Have I Been Pwned, Firefox Monitor, F-Secure Identity Theft Checker, and BreachAlarm, to check if your information has been compromised.
Sign Up for the Free Data Breach Alert Service
The Identity Theft Resource Center will be launching a new service (an extension of the Notified website) in April 2022 to help people protect their identities by being notified of data breaches as they occur.
You'll be able to add a list of companies that have your information and get an email alert if said information has been compromised.
Some of the Biggest Data Breaches of the 21st Century
You’ve likely heard of the infamous data breaches of the 21st century, affecting hundreds of millions if not billions of people. These included the:
- 2016 AdultFriendFinder account breach
- 2017 Equifax data breach
- 2013 Adobe security breach
The AdultFriendFinder breach spanned 20 years on six databases due to a Local File Inclusion vulnerability. It impacted 412.2 million accounts of sensitive nature with stolen information, including:
- Email addresses
The Equifax data breach exposed information about 147.9 million consumers due to an application vulnerability. Compromised information included social security numbers, birth dates, addresses, and drivers' license numbers.
The Adobe security breach affected 38 million active users. Cybercriminals hacked into Adobe’s databases and stole login credentials, encrypted customer credit card records, and passwords.
Other Companies That Have Had Data Breached
According to CSO from IDG Communications, Inc., other companies involved in the biggest data breaches include:
- Heartland Payment Systems
- Marriott International
- Sina Weibo