What Should I Do When My Information Is Involved in a Breach?

This year, major names like Microsoft, Marriott, T-Mobile, and Nintendo have all suffered data breaches that have impacted tens of millions of people. And this is just in 2020. In the past, Yahoo, Equifax, Capital One, and other brands have likewise befallen a similar fate. 

The question no longer is if a data breach will happen to you, but when. Whether you’ve suffered one already or want to be prepared if one does happen, here’s everything you need to know. 

What Does A Data Breach Mean? 

It’s essential to start by understanding what a data breach actually means. A data breach means hackers have penetrated a company’s network to gain access to private databases. 

We often hear about cybercriminals exposing customer lists that include sensitive information like account information, credit card details, and addresses. But most companies do have decent security, so fraudsters may not get your password. 

However, that’s not a guarantee you should bet on. And though this other data may not seem like much, it could be enough information to brute-force attack and penetrate your online accounts. 

That’s why you should be ready to take action immediately. Here’s how: 

Step 1: Change Your Account Password

It’s never a bad idea to change your password. But if a data breach has occurred or you’ve noticed something suspicious, you should create a new one. 

Now’s the time to also create a secure password that has these qualities: 

  • Is at least eight characters long—the longer it is, the better 
  • Combines upper and lowercase letters
  • Includes numbers and special characters
  • Is genuinely a random sequence of numbers

While doing so, you should also change your password anywhere else you may have recycled this same or similar password. To keep track of all these passwords, consider using a password manager. 

Step 2: Enable Two-Factor Authentication 

Two-factor authentication of 2FA creates an additional security layer by generating one-time passcodes sent via SMS or email. 

By itself, 2FA isn’t a complete digital safety solution, but combined with highly secure passwords, it goes a long way in protecting your accounts. 

In addition to greater security, 2FA also gives you a notification each time somebody tries to access your account, so you’ll be able to identify potential risks. 

Don’t get lazy. Enable 2FA everywhere and not just on the accounts you think are important. Hackers can leverage these to get access to something you do care about. Just turn it on anywhere, it’s easy enough to use anyway.

Check out our other article about the 500,000 zoom accounts that got hack

Step 3: Assess The Damage 

By now, you’ve hopefully stopped the bleeding. Now it’s time to figure out what may have been stolen. Information can generally be broken down into three categories: 

Least Sensitive – Information like your name, street address, and job information. This information is pretty easy to find won’t cause much trouble for you if fraudsters get their hands on it. 

Sensitive – Email addresses, account IDs, date of birth, and payment account numbers like credit and debit card. The worst of these is the date of birth, as it never changes and is used to verify identities. While it seems bad, you should likely have fraud protection that limits liability on your card. Likewise, you may end up getting more spam, but there are plenty of ways to block that. 

Very sensitive – Social Security Numbers, passport numbers, financial-account numbers, payment-card security codes, account passwords. These things can be used to steal your identity, track your financial history, and more. 

So how do you know what was stolen? You can’t very well ask the hackers. By law, the companies have to report what was stolen though they may not tell you the full story. For example, they may say just email addresses were lifted, but that the other data was encrypted, so there’s not much to worry about.  

Don’t believe them. Hackers can crack many types of encryption. The general rule is that if a password was ten characters long or less, you should consider it stolen. 

Contact The Credit Reporting Bureau

If you suspect your Social Security Number was a part of a breach, you need to contact the Credit Reporting Bureaus. 

  • TransUnion: 1-800-680-7289
  • Equifax: 1-888-766-0008
  • Innovis: 1-800-540-2505
  • Experian: 1-888-397-3742

Fortunately, you don’t have to call all of them. If you set up a Fraud Alert with one of them, that bureau will check with the other three. 

Here they’ll monitor for suspicious activity, including new account signup and other transactions. You can also take further action, such as a credit freeze or reporting identity theft to the federal government. 

What Else You Need to Know

There’s no way to 100% prevent a data breach from occurring. However, there's a lot you can do to reduce the chances of one from happening to you and minimize potential risks. 

Above all, you should use a VPN. What is a VPN? A VPN or virtual private network encrypts and anonymizes your internet connection radically, improving your privacy and security. It not only prevents people from intercepting your data, but also reduces your online footprint. 

Combined with strong passwords, multi-factor authentication, and scanning all files and links before you click on them, a VPN is the most effective way to protect yourself. Before a data breach happens to you, start integrating these tips into everything you do online now.