If your password was compromised in a data breach last year, or if you’ve been affected by a recent data breach, you’re not alone.
According to Info Security magazine, a total of 108.9 million accounts were breached in the third quarter of 2022. That number represents a 70% increase compared to the previous quarter.
When a company experiences a data breach, both employees and customers are put at risk of having their information used against them. While we can’t guarantee that companies are doing their part to keep our information safe, we can take steps toward better security on our side of the equation.
If you find out that a company you do business with – or an online service that you use – has suffered a data breach, here are 5 steps you need to take right away:
1.) Change Your Password – Including Variations
The first thing you need to do after a data breach is to change your password, immediately. And if you’ve been complacent with your passwords, you shouldn’t stop there.
Most people don’t practice proper password hygiene, often using the same password for work, banks, and miscellaneous personal accounts. This is why hackers continue to attack seemingly-unimportant apps and companies: your login credentials for UberEats or Twilio are valuable on the blackmarket because they can potentially open the door to your personal financial accounts.
And, if you use a slight variation of passwords for different accounts, those accounts aren’t safe either. Not only can a cybercriminal try to use your known password, but if that doesn’t work, they can also try thousands of variations of that password generated by software. This can be done at lightning speed, across your accounts. This method works so well that exploiting weak passwords is now the leading tactic of cyberattack by a wide margin.
The good news is that it often takes time for one hacker to sell the stolen credentials to another who intends to use it to break into accounts. While that fact may provide some comfort, changing your password ASAP (and all variations of it) is the best path to preventing future unauthorized access.
2.) Sign Up For 2 Factor Authentication
Two Factor Authentication, or 2FA, is an identity and access management system that requires 2 forms of identification to access data. The 2FA system will ask to send the user a unique code to their mobile device before granting access to their accounts.
While many consumers consider 2FA to be a hassle, for victims of a data breach, 2FA provides a layer of protection between you and would-be-hackers. 2FA makes it very difficult, if not impossible, for cybercriminals to get access with just a stolen password.
With 2FA, even if a scam artist does gain access to your credentials, they’ll be immediately slowed down – or even stopped in their tracks.
3.) Check For Updates From the Company
After you’ve been notified about the data breach, the company will hopefully continue to send out updates on the situation and disclose which customers were affected. They may also provide guidelines for how best to protect yourself.
While the FTC has guidelines for how businesses should respond to a data breach, there is no federal law currently in place regarding responses. Luckily, in the state of Minnesota, companies are held to a high standard.
Minnesota companies are “required to notify residents of any unauthorized acquisition of their unencrypted personal information,” without delay. Additionally, “if more than 500 individuals must be notified, breached entities must also notify all consumer reporting agencies that compile and maintain files on consumers on a nationwide basis within 48 hours.”
4.) Watch Your Accounts and Credit Reports
If you know that your information has been compromised, then it would be wise to watch all your accounts. That includes the account you have with the affected company, as well as any financial or credit card accounts.
Check your bank account activity daily, looking for any suspicious transactions. Scam artists will often “test the waters” by making small, insignificant purchases, to see if your banking information is safe for them to use. If you don’t catch this transaction in time, the scammer will consider that the “OK” to make larger purchases.
Aside from watching your bank accounts, it’s also a very good idea to sign up for credit monitoring services through companies like Securus Partner Solutions. Another step you can take would be to initiate a credit freeze – this will restrict access to your credit report, essentially blocking anyone from opening new accounts while the freeze is in place.
5.) ID Theft Protection Services
If you want to bring out the big guns when it comes to protecting your personal information, sign up for a comprehensive ID Theft Protection package. These plans cover all the necessary bases so you lose less sleep over identity theft.
For example, Securus Partner Solutions’ Comprehensive ID Theft Protection Plan includes:
- CyberAgent® / Dark Web Monitoring
- Social Media Monitoring
- Social Security Number Trace with Monitoring
- Change of Address Monitoring
- Up to $1 million of Expense Reimbursement Insurance with $0 Deductible including stolen funds*
- Annual Credit Report with Score - Experian**
- Credit Monitoring - Experian
How to Keep Your Information Secure Moving Forward
For better protection of your personal information, you should adopt some proactive habits that will minimize the risk of another exposure.
- Use a password manager. Many people don’t use complex passwords simply because they’re afraid that they’ll forget them. This problem can be solved by investing in a reliable password manager that stores all of your password data. It will remind you of your password each time you log in.
- Use antivirus or anti-malware software. These programs can be installed on your devices and will protect you from viruses, malware, bots, and other attempts to steal your personal information.
- Use a VPN app or personal hotspot when using public WiFi. A VPN, or virtual private network, encrypts your internet traffic so that no one is able to see your data. A personal hotspot works as well, but make sure the password for it is complex enough so that no one could guess it.
- Sign up for ID protection. An ID Protection Plan will protect you from all angles, monitoring the dark web for your information, keeping an eye on your credit for any suspicious activity, and more.
(For more great tips on tightening your security online, check out “8 Practical Ways to Tighten Up Your Personal Online Security.”)