With the rise in cyber-attacks worldwide, you’ve probably received more than one notification that says “your data has been compromised in a breach.” While there are steps we can take as consumers to protect ourselves, sometimes we can’t control when a company that promised to protect our personal data gets hacked.
In 2023, Statista reported that 52% of all global organization breaches involved customers’ personal identifiable information (PII), making your personal data – addresses, numbers, names, birth dates, SSNs, etc. – the most commonly breached type of data.
So now what? What do you do when you receive a notification from your health care provider or favorite retail store admitting, “Whoops, we got breached.” It’s more than upsetting to think that your data is now in the hands of criminals. When sensitive information leaks, some recon is needed to protect your accounts from suspicious activity. Follow these steps to stop the bleeding.
1. First, make sure the breach is legit.
One ploy that hackers use to get our data is to impersonate popular companies and send out fake e-mails or letters about an alleged breach. Whenever you get a notification like this, go to the company’s website or call the company directly. Do NOT use information in the letter or e-mail because it could be fake.
Verify that the company was hacked and which of your data may have been compromised. Try to get as much information as possible from the company about the breach.
- When did it happen?
- Was your data actually impacted?
- What support is the company offering its customers to mitigate the breach? For example, some companies offer yearlong free credit monitoring or identity fraud prevention.
2. Figure out what data was stolen.
After speaking directly with the company, determine what data was stolen. Credit cards can be easily replaced; Social Security numbers, not so much. You’ll need to know what was compromised so you can take the necessary steps to monitor or update that information.
3. Change passwords and turn on MFA.
After a breach, first thing is first … you’ll want to quickly update to a new, strong password for the breached account and any account with the same login credentials. If you see an option to log out all devices currently logged in to your account, definitely do that.
You’ll also want to make sure you have multifactor authentication (MFA) turned on in your account or privacy settings so that even if a hacker has your login, they can’t access your account without your biometric data or a separate code (like those sent to a separate email address or texted to a phone number).
4. Monitor your accounts.
Even after changing your passwords, you should keep a close eye on any accounts linked to the breach. Watch out for any account updates or password changes you didn’t authorize. They may be a sign of identity theft. If your credit card number was stolen, pay attention to your bank and financial accounts and look for unusual activity, such as unexpected purchases.
5. Report it.
If you’re not sure a company knows it’s been breached or you’ve experienced fraud due to a breach, report it to relevant authorities like local law enforcement or the Federal Trade Commission. They can provide guidance and next steps on how to protect your identity.
6. Be aware of phishing attempts.
Often, after data leaks, hackers use the information about you they stole to send you phishing e-mails or calls to trick you into giving away even more sensitive information. Be very wary of any e-mails you weren’t expecting, especially those that request personal or financial information, and avoid clicking on any links or attachments – avoid it like the plague!
7. Consider identity theft and data breach protection.
Consider identity theft protection after a breach, especially when highly sensitive data is stolen, like your SSN. It’s a time-consuming process to replace a Social Security card. In the meantime, criminals could be using it to impersonate you. Identity theft and data breach protection help monitor your credit or other accounts, protect your identity and notify you when your data appears on the dark web.
Need more help?
A Managed Services Provider (MSP) such as Atlantic Technology Services can take the worry out of IT management for your company. Our sibling company, Fortifi Cyber Security, can help your organization protect itself against cyber threats with world-class, highly-affordable security services. Call our office today at 888-500-9111 or sign up for a free vulnerability test.