If your password was compromised in a data breach last year, or if you’ve been affected by a recent data breach, you’re not alone.
According to Info Security magazine, a total of 108.9 million accounts were breached in the third quarter of 2022. That number represents a 70% increase compared to the previous quarter.
When a company experiences a data breach, both employees and customers are put at risk of having their information used against them. While we can’t guarantee that companies are doing their part to keep our information safe, we can take steps toward better security on our side of the equation.
If you find out that a company you do business with – or an online service that you use – has suffered a data breach, here are 5 steps you need to take right away:
The first thing you need to do after a data breach is to change your password, immediately. And if you’ve been complacent with your passwords, you shouldn’t stop there.
Most people don’t practice proper password hygiene, often using the same password for work, banks, and miscellaneous personal accounts. This is why hackers continue to attack seemingly-unimportant apps and companies: your login credentials for UberEats or Twilio are valuable on the blackmarket because they can potentially open the door to your personal financial accounts.
And, if you use a slight variation of passwords for different accounts, those accounts aren’t safe either. Not only can a cybercriminal try to use your known password, but if that doesn’t work, they can also try thousands of variations of that password generated by software. This can be done at lightning speed, across your accounts. This method works so well that exploiting weak passwords is now the leading tactic of cyberattack by a wide margin.
The good news is that it often takes time for one hacker to sell the stolen credentials to another who intends to use it to break into accounts. While that fact may provide some comfort, changing your password ASAP (and all variations of it) is the best path to preventing future unauthorized access.
Two Factor Authentication, or 2FA, is an identity and access management system that requires 2 forms of identification to access data. The 2FA system will ask to send the user a unique code to their mobile device before granting access to their accounts.
While many consumers consider 2FA to be a hassle, for victims of a data breach, 2FA provides a layer of protection between you and would-be-hackers. 2FA makes it very difficult, if not impossible, for cybercriminals to get access with just a stolen password.
With 2FA, even if a scam artist does gain access to your credentials, they’ll be immediately slowed down – or even stopped in their tracks.
After you’ve been notified about the data breach, the company will hopefully continue to send out updates on the situation and disclose which customers were affected. They may also provide guidelines for how best to protect yourself.
While the FTC has guidelines for how businesses should respond to a data breach, there is no federal law currently in place regarding responses. Luckily, in the state of Minnesota, companies are held to a high standard.
Minnesota companies are “required to notify residents of any unauthorized acquisition of their unencrypted personal information,” without delay. Additionally, “if more than 500 individuals must be notified, breached entities must also notify all consumer reporting agencies that compile and maintain files on consumers on a nationwide basis within 48 hours.”
If you know that your information has been compromised, then it would be wise to watch all your accounts. That includes the account you have with the affected company, as well as any financial or credit card accounts.
Check your bank account activity daily, looking for any suspicious transactions. Scam artists will often “test the waters” by making small, insignificant purchases, to see if your banking information is safe for them to use. If you don’t catch this transaction in time, the scammer will consider that the “OK” to make larger purchases.
Aside from watching your bank accounts, it’s also a very good idea to sign up for credit monitoring services through companies like Securus Partner Solutions. Another step you can take would be to initiate a credit freeze – this will restrict access to your credit report, essentially blocking anyone from opening new accounts while the freeze is in place.
If you want to bring out the big guns when it comes to protecting your personal information, sign up for a comprehensive ID Theft Protection package. These plans cover all the necessary bases so you lose less sleep over identity theft.
For example, Securus Partner Solutions’ Comprehensive ID Theft Protection Plan includes:
For better protection of your personal information, you should adopt some proactive habits that will minimize the risk of another exposure.
(For more great tips on tightening your security online, check out “8 Practical Ways to Tighten Up Your Personal Online Security.”)
Want more information about Securus’ identity theft protection plans? Visit our website or contact us at +1 (877) 833-9041 or info@securusid.com.