Data breaches have become a little like the weather — something we complain about in line for our morning coffee, but ultimately so beyond our control that we simply accept nothing can be done. For those of us with smartphones, social media, online bank accounts and browser histories that know way too much about us, it has become less a matter of preventing breaches than of containing the fallout after one happens.
Big data breaches happen where the data is: databases held by either companies or the government. Often, these databases hold Social Security numbers, private financial information and other sensitive data that can leave you vulnerable to identity theft if not handled properly. Because we don’t own or have control over these databases, there’s very little we can do to safeguard our data.
“It’s not a question of if it’s going to happen, but when,” says cybersecurity expert Brett Johnson. “Your number has just not been drawn yet.” The good news is that if you’ve been the victim of a data breach, there are several steps experts say can help you protect your data — both online and off.
Why do data breaches occur?
Data breaches occur when hackers gain access to confidential or sensitive information. This may include passwords, credit card and bank account information, Social Security numbers, phone numbers and more. Cybercriminals use various methods to breach networks and steal valuable data for their criminal activities. These methods include identity theft, fraud and extortion.
Organizations become vulnerable to data breaches due to a lack of security measures or inadequate cybersecurity protocols. Weak passwords, outdated software and a lack of employee training leave organizations open to breaches. In some cases, the actions of an insider may also contribute to a breach, such as when an employee or contractor with access to sensitive data misuses their privileges.
Steps to take to protect yourself after a data breach
Similar to protecting yourself after someone has physically stolen your wallet or smartphone, there are certain steps to take to protect yourself after a data breach that can minimize the damage and help you regain control.
Follow these steps to protect yourself after a data breach:
Step 1. Delete your (old) accounts
Limit your points of exposure by restricting new online accounts and deleting ones you no longer use. You may have been an active eBay merchant a decade ago but no longer have the time or energy to pursue this side hustle after starting a family. If so, delete your eBay and related PayPal accounts — both of which have already experienced breaches.
“Think about it as basic cyber hygiene,” says Scott Shackelford, cybersecurity expert and Executive Director of the Ostrom Workshop at the University of Indiana Bloomington.
Though many companies try to increase customer engagement by letting you create an account on their website, consider logging in as a guest when making purchases instead. If there’s no personal advantage beyond eliminating a step or two in the checkout process, why store your credit card number, address and other info on yet another site that could eventually be breached?
The problem isn’t necessarily with the information contained in the account itself, but with the fact that people are prone to consistently repeating usernames and passwords in online accounts.
Step 2. Sign up for credit monitoring
Like a flat tire, to fix the problem you need to find out where the leak is. Knowing which breach — or breaches — your data was part of may tell you what kind of data was exposed and can help you determine a course of action.
For victims of breaches involving banks, credit cards or other financial data, signing up for a credit monitoring service like Experian or PrivacyGuard should be a high priority. These services will also alert you when there’s a hard pull inquiry on your credit report or a new line of credit opened in your name. Some will even monitor the dark web for your personal information.
Don’t make the mistake of thinking that breaches outside of the financial sector aren’t potentially damaging. Take every attack on your data seriously, no matter how seemingly mundane the nature of the exposed data.
Step 3. Change your passwords
Breach or no breach, you should change your passwords on a regular basis anyway, but let’s be honest: Humans are generally more reactive than proactive. Stop using the same password for every one of your accounts. This alone can save you all kinds of headaches when hackers get ahold of one login.
One way to keep yourself honest is by using one of the best password managers, like Dashlane, LastPass or Keeper. Not only will these managers store hard-to-remember passwords for the 90 online accounts the average internet user has, but they will also create randomized passwords that are harder to crack than the easy-to-remember phrases you’re probably using.
Many password managers offer these basic services for free, with an option to pay for more powerful protection options, the ability to sync across devices and platforms and other digital security add-ons.
Step 4. Notify your financial institutions
Finally, contact your bank(s) and credit card issuer(s) to notify them that you’ve been the victim of a breach and that they should monitor your accounts for suspicious activity. Do this even after you’ve signed up with a credit monitoring service. Credit monitors can tell you where your information is being used, but they won’t prevent the theft of your ID or the opening of fraudulent new accounts in your name.
For that, you’ll need to contact the credit bureaus (like Equifax) to have them freeze your credit and contest the fake accounts. In fact, Shackelford suggests preemptively freezing your credit. “You don't need your credit open 99% of the time, so it should be frozen 99% of the time,” he says.
What happens with personal data after a data breach?
The data that’s been leaked in a data breach can be sold or traded on the dark web, used to commit identity theft and other frauds or simply held for ransom. In the worst-case scenario, critical information can be used to sabotage a business, organization or individual. In other cases, personal information may be exploited for marketing purposes.
No matter which of these scenarios comes to pass, the damage done by a data breach can range from inconvenient to potentially devastating.
Protect yourself from data breaches FAQs
How do I know if there has been a data breach?
The best way to stay informed of data breaches that may affect you is to regularly monitor the websites and services you use for notifications. If an organization experiences a data breach, it will alert you about the incident and provide information on steps to protect yourself. In addition to staying up-to-date on data breach alerts and using online tools to check for compromised personal information, pay attention to any unusual activity on your accounts or credit report.
This could include a sudden drop in credit score, unauthorized credit card charges or suspicious emails or phone calls. You're entitled to check your credit report for free once a year from the three major reporting bureaus (Experian, Equifax and TransUnion), which can be accessed at AnnualCreditReport.com.
What is the best way to store my passwords after a data breach?
Does a data breach affect my credit score?
How can I prevent a data breach?
While you can't prevent a data breach of information stored by another company or organization, there are some steps you can take to protect yourself from data breaches. First, use strong passwords for all of your online accounts and enable multi-factor authentication where available. You should also be careful when clicking on links in emails or text messages that may be phishing scams or install malware on your computer. Also, avoid entering personal information on unfamiliar websites.Staying up-to-date on the latest security patches for your computer and mobile devices is a must. This is the best way to ensure your device is not vulnerable to known weaknesses commonly exploited by hackers and cybercriminals. Finally, using a virtual private network (VPN) when connecting to the internet on a public or shared Wi-Fi network can help keep your data secure.