With the rise in cyber-attacks worldwide, you've likely received more than one notification from a company you work with informing you that your data has been compromised in a breach. While there are steps we can take as consumers to protect ourselves, sometimes we can't control when a company that promised to protect our personal data gets hacked.
In 2023, Statista
reported that 52% of all global organization breaches involved customers'
personal identifiable information (PII), making your personal data - addresses,
numbers, names, birth dates, SSNs, etc. - the most commonly breached type of
data. A recent example is ChangeHealthcare, breached in February of this year.
Due to the breach, it's estimated that one-third of Americans - possibly
including you - had sensitive information leaked onto the dark web.
So now what? What
do you do when you receive a letter in the mail from your health care provider
or favorite retail store admitting, "Whoops, we got breached." It's more than
upsetting to think that your data is now in the hands of criminals.
When sensitive information leaks, you'll have to do some recon to protect your accounts from suspicious activity. Follow these seven steps to stop the bleeding after a company fails to protect your data from being compromised.
What To Do After Your Data's Been Leaked
1. First, make sure the breach is legit.
One ploy that
hackers use to get our data is to impersonate popular companies and send out
fake e-mails or letters about an alleged breach. Whenever you get a
notification like this, go to the company's website or call the company
directly. Do NOT use information in the letter or e-mail because it could be
fake. Verify that the company was hacked and which of your data may have been
compromised. Try to get as much information as possible from the company about
the breach. When did it happen? Was your data actually impacted? What support
is the company offering its customers to mitigate the breach? For example, some
companies offer yearlong free credit monitoring or identity fraud prevention.
2. Figure out what data was stolen.
After speaking
directly with the company, determine what data was stolen. Credit cards can be
easily replaced; Social Security numbers, not so much. You'll want to know what
was compromised so you can take the necessary steps to monitor or update that
information.
3. Change passwords and turn on MFA.
After a breach,
you'll want to quickly update to a new, strong password for the breached
account and any account with the same login credentials. Additionally, if you
see an option to log out all devices currently logged in to your account, do
that.
While you're
doing that, make sure you have multifactor authentication turned on in your
account or privacy settings so that even if a hacker has your login, they can't
access your account without your biometric data or a separate code.
4. Monitor your accounts.
Even after
changing your passwords, you should keep a close eye on any accounts linked to
the breach. Watch out for any account updates or password changes you didn't
authorize. They may be a sign of identity theft. If your credit card number was
stolen, pay attention to your bank and financial accounts and look for unusual
activity, such as unexpected purchases.
5. Report it.
If you're not
sure a company knows it's been breached or you've experienced fraud due to a
breach, report it to relevant authorities like local law enforcement or the
Federal Trade Commission. They can provide guidance and next steps on how to
protect your identity.
6. Be aware of phishing attempts.
Often, after data
leaks, hackers use the information about you they stole to send you phishing
e-mails or calls to trick you into giving away even more sensitive information. Be very wary of any e-mails you weren't
expecting, especially those that request personal or financial information, and
avoid clicking on any links or attachments.
7. Consider identity theft and data breach
protection.
Consider identity
theft protection after a breach, especially when highly sensitive data is
stolen, like your SSN. It's a time-consuming process to replace a Social
Security card. In the meantime, criminals could be using it to impersonate you.
Identity theft and data breach protection help monitor your credit or other
accounts, protect your identity and notify you when your data appears on the
dark web.
While companies are responsible for protecting customer
information, breaches can and will still occur. By following the steps above,
you can minimize a breach's impact on your life. Ultimately, we must all contribute
to protecting our information in an increasingly risky digital world.