July 02, 2019 | 13 min read
What to Do If Your Data Was Leaked in a Data Breach
Data breaches are becoming more and more devastating. In 2018 alone, billions were affected by data incidents. In daily interactions with brands and companies, you hand precious pieces of personal information over. However, you never know which organization will be the next one to lose to hackers or expose your details due to careless data handling.
What can you do when your data is stolen and your identity, finances, and safety are at risk? As a radical step, you can try to remove all traces of yourself from the internet. But if this is too much trouble, you can prepare for a data leak should it happen.
The first thing you can do is to reduce the influence of your data loss beforehand with preventative measures. On this point, we have prepared a 5-step guide to securing your information against cyber breaches. However, if an accident does happen, you’ll need to take additional steps. We’re here to help you learn what you have to do to minimize the consequences.
Your step-by-step guide to successful data breach response
Check out this list of actions and learn more below. Remember: the crucial thing in a data breach is to act quickly and stay attentive.
When a responsible company falls victim to a data breach, they will inform their community of the incident in an honest and timely way. They’ll also share what kind of data was stolen and advise on protective steps for people to take. Unfortunately, some companies learn about an information breach but decide to keep quiet. If this fact is known to security researchers, they may reveal the breach to the public through reputable media.
That is, if you’re affected by a data breach, you’ll usually find out that data was compromised from either the hacked company itself or from the news. However, you should be cautious regarding such announcements: Scammers have been known to pose as company representatives to reach out and trick you into giving even more of your personal information to them.
For instance, if a major bank was hacked but the most sensitive of the stolen data, like account passwords, was encrypted, fraudsters may call or email this bank’s account holders to ask them for passwords in order to “protect” the customers. Don’t fall for such scams. If you have received a communication by email, check the source email and sender attentively. Stay cautious when following the recommended steps. If you were contacted by phone, stop the conversation and call the company yourself using its hotline. If you’re doubtful, call the company directly.
Find a trustworthy source of information and learn what types of data have been compromised. Then, follow our guide to take action responsibly. We've outlined the crucial steps you should take for whatever kind of important data was leaked.
Logins and passwords: 3 steps to deal with a data leak
Imagine that your login (probably, your email address) and a password to a social media account were compromised. This doesn’t automatically mean that someone is already using it. Still, after password breaches, you have to act quickly to retain control over this account as well as secure your other accounts.
- Change your passwords and security questions. Log into the compromised account and change the password. If there is a password-changing security question enabled, answer it, get a new password, and change the security question as well. Next, update passwords for all the accounts where you’ve used the same combination of login and password. Do not reuse passwords; be sure to choose different ones for each account.
- Add multi-factor authentication. The idea with multi-factor authentication is that besides your password, you will need to provide additional proof of identity such as a secret code sent to your phone. This way, if your account is ever hacked, cybercriminals won’t be able to access it using just your password.
- Monitor account-related payments. Check appropriate accounts linked to buying data—shopping sites or simply your bank account—for any orders you don’t remember placing. The sooner you find them, the better the chance you have of successfully cancelling the orders.
Credit or debit card details: how to stay protected after a breach
Large-scale leaks of payment card information indeed happen from time to time. For example, in 2018, British Airways experienced a data breach where the card details of more than 185,000 customers were stolen. Shockingly, for a staggering 77,000 of the cards, the leaked records included names, email addresses, billing addresses, card numbers, expiry dates, and CVV numbers—everything that attackers could need for some tremendous shopping.
On the bright side, if a thief has made purchases with your credit or debit card number, not the card itself, you are not responsible for such transactions. Importantly, for unauthorized debit card purchases, this is only true if you report the theft within 60 days after a bank statement was sent to you. So, you better not linger.
- Notify your bank to cancel your card and get a new one. Call your bank first and then follow up with an email to have proof of your report. It makes sense to include details about the card you want to reissue as well as the date and time of your initial phone report. If your bank sends confirmation emails or secure notifications, this last step may not be necessary.
- Check your card statement for suspicious transactions. Notify the bank additionally if there are payments you have not authorized.
- Update automatic payments with your new card number. When you get a new card, don’t forget to update all your accounts including paid services. You don’t want to be cut off from your favorite TV show mid-season, right?
Social Security number: protect yourself from identity theft
If your Social Security number has been stolen in a data breach, fraudsters can pose as you and do a lot of harmful and frustratingly annoying things. Namely, they can open bank accounts in your name, file applications for loans, get credit cards, claim your tax refund, and so on. As a result, they get the money and you get to deal with debt collectors. To avoid it, check your credit reports regularly for signs of fraud and take all possible preventive steps.
- Review your Social Security statement on ssa.gov/myaccount. This document shows your prospective retirement benefits based on your earnings. If your stated income is much higher than it really is, it may mean that someone is abusing your Social Security number.
- Go to identitytheft.gov and follow the steps that match your case. This website from the Federal Trade Commission conveniently recommends what to do depending on various situations. Importantly, some organizations like banks and the Social Security administration may require a formal report of your identity theft. If this is your case, you can get a report here as well.
- Get free credit reports from annualcreditreport.com. Keep monitoring your credit reports for signs of SSN misuse. Once every 12 months, you can get a free credit report from Equifax, Experian, and TransUnion—one free report every four months.
- Place a fraud alert or a credit freeze. A fraud alert is a notification that you could be a fraud victim. You can place it on your credit report for free so that creditors take additional steps to verify your identity before granting a loan. You only need to notify one of the three credit reporting companies to place a fraud alert. Alternatively, you can place a credit freeze—this way, no one will be able to access your credit reports or open new accounts and extend credits in your name. However, this stronger protection be an inconvenience as well. A credit freeze is free, but you’ll have to contact each of the three credit bureaus to place it.
- Sign up for credit monitoring services. Sometimes companies affected by a hack will help take responsibility for the mess and offer you free credit monitoring services. We strongly recommend to take advantage of them. These services usually include monitoring of your credit report and credit score, so you’ll be alerted about any suspicious activity.
- File your taxes early. Fraudsters may try to file a tax return in your name if they have your Social Security number and other personal information. Do your best to outrun the criminals.
Healthcare data: 4 things to do in case it is stolen
If your personal information was leaked from a healthcare facility, it’s double trouble as medical records are usually accompanied by Social Security numbers, debit or credit card details, addresses, insurance policy numbers, and so on. Apart from protecting your bank accounts and credit report as described above, be sure to pay extra attention to your healthcare-related activities.
- Check your medical records. Thieves can use your personal information to get treatment or prescription drugs. Carefully read your medical and insurance statements as well as other medical records and report all the services you haven’t received.
- Notify your health insurer. They may inform you about suspicious activity or issue a new health insurance account and card.
- Report Medicare or Medicaid fraud on oig.hhs.gov. The Department of Health & Human Services Office of Inspector General is in charge of investigating complaints about medical identity theft involving Medicare and Medicaid beneficiaries.
- Monitor your healthcare-related payments. Check out your card statements regularly to catch suspicious payments in time—remember if you have fraud transactions on a debit card, you may only have 60 days to fix it!
Driver's license information: ways to prevent its abuse
With your driver’s license information, fraudsters may create fake licenses and sell them to whoever is interested, from teenagers to careless drivers who need replacement documents. Thieves can even try to open accounts and get loans in your name, especially if they have more of your personal information.
- Notify the Department of Motor Vehicles in your state. Ask to flag your license number so that the police are extra attentive to any person who tries to identify themselves with this license. Additionally, request a record of traffic violations connected to your license number. This usually requires a small fee, but you’ll learn whether anyone has used a fake license with your number.
- Place a fraud alert or a credit freeze, and sign up for credit monitoring services. If you suspect that someone may be using your stolen driver’s license or a fake one made with its number, take care of your credit score.
If you see evidence that someone wrongfully has used your personal data and is posing as you, be sure to report identity theft to the Federal Trade Commission and, optionally, to your local police department—just follow the recommendations by the Federal Trade Commission.
Safeguard your personal information for the long run
Unfortunately, even if there are no signs of private data misuse right after an information breach, it doesn’t mean you can relax and forget about the incident. Sometimes, thieves intentionally wait for the victims to lower their guard, making it easier to steal their identity. In other cases, compromised databases are resold, and it’s hard to predict when someone will take advantage of the specific records contained there. The practical outcome is that you have to stay alert if you’ve ever lost data in a breach as it can be misused years later.
We surely hope that you won’t be affected by data breaches, and we’re always here to help you with the tricky side of internet privacy. If you need more useful hints, check out these 30 little steps to protect your privacy online.