What you should do if you have been impacted by a data breach
What should you do if you’ve been affected by any of the myriad data breaches of recent times?
Many people in the U.S. are worried about their data privacy following the huge data breach at credit monitoring agency Equifax last week that saw the personal data of up to 143 million people compromised.
That is more than half of the adult population of the U.S. The Equifax breach is particularly serious due to the nature of the data that was leaked: names, Social Security numbers, birth dates, addresses, and even some driver’s license numbers. As well as this, around 209,000 credit card numbers and 182,000 “dispute documents” were also leaked.
The Equifax breach is far from the only big breach to have taken place in the last few years, though given the sensitivity of some of the information leaked it is certainly one of the most serious. However, recent times have also seen data breaches at an array of high-profile companies, including Yahoo, LinkedIn, and health insurance giant Anthem.
Depending on the data they glean from these breaches, criminals can use the information for a variety of purposes, such as: selling it on underground marketplaces; using it to launch phishing attacks; using it to steal your identity and do things like open lines of credit in your name, and even steal cash from your bank accounts.
So, what should you do to protect yourself from identity theft or other unpleasant consequences of recent breaches?
1. Find out if you’re affected
The first thing to do is to find out if your information has been compromised in a data breach. Most U.S. states have pretty strict rules that mean companies must inform their customers if their data has been breached, so you should receive a notification from the company. However, it may take a company some time to contact all their customers in the event of a large breach, so if you hear a company you know you have had dealings with has been impacted by a data breach then you should contact the company yourself to see if you have been affected. Website Have I been pwned? (HIBP) allows you to search your username or email address to see if it has been leaked in a publicly declared data breach, which can also be a way to find out if you’ve been impacted by some of the myriad data breaches of recent times. However, just because your email address or user name doesn’t show up in the HIBP database does not mean you have not been affected by a data breach. It is possible that the relevant data may not have been shared with HIBP. Also, many data breaches that occur are not detected or publicly reported.
2. Change your passwords
Change your passwords for any accounts that have been affected by a breach. If, like so many do, you use the same password for multiple accounts then change your password for all those accounts also. And stop reusing passwords! Make sure the passwords you use for your online accounts are long, unique, and difficult to guess.
3. Enable two-factor authentication
If you do not already have two-factor authentication enabled (and you should) then ensure you switch it on. If you have 2FA enabled on your accounts, then even if a hacker has your user name or email address and manages to crack your password they still will not be able to access your accounts. Most online banking accounts now have 2FA, as do most email address providers, and many social networks.
4. Watch out for phishing attacks
While you may think that provided a hacker hasn’t accessed your financial information you don’t have too much to worry about, that isn’t true. Hackers can use information gleaned about you in data breaches to target you with tailored phishing attacks that could trick you into handing over information, or clicking malicious files to download malware onto your computer. Cyber criminals have also been known to send emails in the wake of large data breaches pretending to be the company affected in an attempt to get further information from victims.
5. Monitor your bank accounts
If you discover you have been impacted by a data breach you should immediately check your bank accounts to ensure they have not been accessed by any unauthorized individuals. Continue to monitor your debit and credit accounts in the wake of a breach to check for unauthorized access. Many banks will set up a “fraud alert” if you request it and text you if any suspicious activity takes place on your account. If you do discover any unauthorized activity on your account you should notify your bank immediately. If you are concerned, you may also want to implement a credit freeze, to prevent any new lines of credit being opened in your name. However, this would mean that if you want to open a new line of credit yourself you would have to “unfreeze”, and it may also cost money. Also, customers who implemented a credit freeze following the Equifax breach found it wasn’t quite as secure as they thought.
6. Consider investing in identity theft protection
Identity theft protection offerings from companies like LifeLock offer a variety of services. They will scan the internet for evidence of threats to your identity or to see if your information is being sold on dark web marketplaces; they will send you alerts if they spot any suspicious activity using any of your details, and they will work with you if your identity is stolen to try and rectify the situation as quickly as possible. Many of the plans also offer to reimburse you for any funds stolen due to identity theft, and to fund lawyers to resolve matters, if that is necessary.
7. Upgrade your security going forward
In most cases, consumers bear little blame when it comes to data breaches, and more often than not it is the company in question that needs to pull up its socks, security wise. However, it is still advisable to take steps to ensure that your data is kept as safe as possible. Be wary of who you entrust with your private data, and keep an eye on your online and bank accounts so that any suspicious activity is detected as soon as possible.
Check out the Security Response blog and follow Threat Intel on Twitter to keep up-to-date with the latest happenings in the world of threat intelligence and cybersecurity.
Like this story? Recommend it by hitting the heart button so others on Medium see it, and follow Threat Intel on Medium for more great content.
