Even if you’ve never used any of the sites and services listed on our list of biggest data breaches, there are hundreds of smaller data breaches that we didn’t mention. Before we get into our steps for responding to a data breach, you may want to visit Have I Been Pwned and see for yourself. All you have to do is enter your email address in the “pwned?” search box and watch in horror as the site tells you all the data breaches you’ve been pwned in.
It’s also worth noting that your data may be part of a breach that the public at large doesn’t know about yet. Often times a data breach won’t be discovered until years later.
One way or another, there’s a good chance your data was compromised and there’s a very good chance your data will be compromised again.
Now that you know your data is floating around somewhere on the Dark Web, we’ve created this step-by-step list of what to do when your data is stolen.
It’s also worth noting that your data may be part of a breach that the public at large doesn’t know about yet. Often times a data breach won’t be discovered until years later.
One way or another, there’s a good chance your data was compromised and there’s a very good chance your data will be compromised again.
Now that you know your data is floating around somewhere on the Dark Web, we’ve created this step-by-step list of what to do when your data is stolen.
- Reset your password for the compromised account and any other accounts sharing the same password. Really though, you shouldn’t reuse passwords across sites. Granted, remembering a unique alphanumeric password for all of your online accounts and services is impossible—unless you’re good with mnemonics or, better yet, you have a hard drive implanted in your head like Johnny Mnemonic. For everyone else, consider using a password manager like 1Password. Password managers have the added benefit of alerting you when you land on a spoofed website. While that login page for Google or Facebook might look real, your password manager won’t recognize the URL and won’t fill in your username and password for you.
- Monitor your credit accounts. Look for any suspicious activity. Remember you get a free credit report, one from each of the three major credit bureaus, every year at annualcreditreport.com. This is the only US Federal Trade Commission authorized site for obtaining free credit reports.
- Consider a credit freeze. A credit freeze makes it harder to open up a line of credit under your name by restricting access to your credit report. You can lift or stop the freeze at any time. The only hassle is that you must contact each credit bureau individually to enact or remove a freeze.
- Watch your inbox carefully. Opportunistic cybercriminals know that millions of victims of any given data breach are expecting some kind of communication regarding hacked accounts. These scammers will take the opportunity to send out phishing emails spoofed to look like they’re coming from those hacked accounts in an attempt to get you to give up personal information. Read our tips on how to spot a phishing email.
- Consider credit monitoring services. Should you sign up? Often times, after a data breach, affected companies and organizations will offer victims free identity theft monitoring services. It’s worth noting that services like LifeLock et al. will notify you if someone opens up a line of credit in your name, but they can’t protect your data from being stolen in the first place. Bottom line—if the service is free, go ahead and sign up. Otherwise, think twice.
- Use multi-factor authentication (MFA). Two-factor authentication is the simplest form of MFA, meaning you need your password and one other form of authentication to prove that you are who you say you are and not a cybercriminal attempting to hack your account. For example, a website might ask you to enter your login credentials and enter a separate authentication code sent via text to your phone.