What Do I Do When I Find Out My Data Has Been Breached?

It is always a bit unsettling when you find out that your data has been breached. Here are some tips on what to do next.

  1. Find out what data the hackers got. Did they get your username and password, credit card information, social security number, your phone number and where you live?
  2. Make an attempt to find out how they got ahold of that data. If a company has been compromised, they would have notified you. Otherwise, download and run virus scanners, check your email for phishing emails (usually with strange “from” email addresses even though the emails themselves look official), etc.
  3. If your credit card number has been compromised, review your purchase history and make sure there aren’t any unauthorized charges. Report any suspicious charges to your credit card company (the phone number would be on the back of the card) and make sure to cancel the card.
  4. Consider purchasing credit monitoring services or freezing your credit account
  5. If you know which online account has been compromised, log into the account (reset password with the forgot password link if the password has been changed). Look around for anything that looks wrong and correct it. Some accounts (like Facebook and Google) allow you to log into other sites using the existing account’s password (i.e. when you log in with Google and a window says that this website is asking to access your email, inbox, etc). For these sorts of accounts, look up which apps or services have requested access as the hacker might have set up access for themselves which would stick around even after you change the account’s password. Make sure to remove access to apps you don’t recognize
  6. If you know which password was used for the compromised account, make sure to change every account you have that utilizes that same password. Hackers will create what they call a “combo list” that may disregard the source of the breach and use those credentials against several online sources.
  7. Make sure to choose complex passwords when changing your password. Consider using a password generator (some browsers have one built in) or a password manager (although they too have been susceptible to data breaches, overall, they seem to be more secure than most things users do). Using these services, you’ll be able to utilize very complex and long passwords (different ones on each site or app) without worrying about how you’ll remember them.
  8. Don’t rely on security questions since most hackers might have enough information to be able to guess what your answers were (such as where you were born, your mother’s maiden name, or what school you attended).
  9. Enable 2FA (Two Factor Authentication). When you or a hacker try to log in, you can either receive a text message with a code or look up a code utilizing a special app like Google Authenticator (iphone, android).

Remember that everyone is susceptible to having their information breached. Stay vigilante and be careful (make sure you know what your downloading from emails or websites, use strong passwords, etc).

Remember, you can also monitor breached data in our consumer product!