Key Takeaways
- Data breaches are common, be prepared for your data to be exposed, take action immediately.
- Change passwords after a data breach, use password managers for strong unique passwords.
- Utilize MFA, identity theft protection, and monitor accounts to prevent fraud and phishing scams.
If it feels like you’re hearing about a major new data breach every week, it’s because there is. In 2023, there were over 3,200 data breaches. In the summer of 2024, data breaches at AT&T and National Public Data have made national headlines and put billions of people’s data at risk—including my own. Here’s how I protected myself after a string of recent breaches.
Learn About the Data Breach
Whether or not a company informs users that their data has been exposed depends on several factors, including the data compromised, state and federal laws, the number of people who had their data exposed, and more.
Even when companies are legally required to notify users, they may choose to delay. According to a PBS report, this is exactly what happened with AT&T’s 2022 data leak that exposed over 100 million records.
It is difficult to stay up to date with the many data breaches that occur. I recommend reading company emails, texts, and push notifications. When you become aware of a beach, continue to follow the story and read company updates, as a company may continue to learn information about the breach and which data was exposed. The more you learn about the breach, the more effectively you can respond.
Change Passwords
After learning my data had been exposed, the first thing I did was change my password. Even though the company didn’t make it known that passwords had been exposed, I didn’t want to take any chances.
Even if you aren’t certain your password was exposed, it’s still worth changing the password of the account impacted. If you reused this password across multiple accounts, I’d advise changing each password so you have a unique password for every account you use.
If creating strong passwords for all your accounts is a hassle, I suggest using one of these password managers.
Use Identity Theft Protection
On two occasions, companies gave me access to Experian for identity theft protection after my data was exposed in a data breach. Even if your data is exposed, companies are in no way legally obligated to pay for an identity theft protection service.
Services an identity theft protection company might offer include credit monitoring, dark web scanning and scrubbing, credit lock, and fraud resolution. If you don’t want to pay for identity theft protection, you should use the free dark web monitoring tool Have I Been Pwned?. You can also freeze your credit for free by contacting Equifax, Experian, or TransUnion.
Turn on MFA
MFA stands for multi-factor authentication. By turning it on, you’re giving yourself another layer of security to protect against evildoers trying to log into your accounts. Even if someone gained access to my username and password, if they try logging onto most of my accounts, they won’t be able to due to MFA. MFA can use a variety of ways to verify your identity.
Here are some of the most popular MFA methods:
- SMS code
- Email code
- Hardware tokens
- Biometric information
- Authentication apps, like Google Authenticator
You can also find magic links within apps that provide unique, one-time access to an account.
Check Your Financial Accounts
If sensitive data was stolen from a financial account, you must check to see that your account hasn’t been impacted. That being said, even if data from a non-financial account was stolen, it’s still important that you ensure that your financial accounts haven’t been logged in to and that your cards have not been charged fraudulently.
Remember that data leaked from one account may be used to access data from another. Also, if cybercriminals have access to an account connected to a bank account, they may be able to make charges.
If they have been, flag fraudulent charges and change account passwords.
Lookout for Phishing Scams
Phishing scams always increase after major data breaches. A cybercriminal must only learn your email address associated with the hacked company to craft a precise phishing attack.
Let’s say you’re a PayPal user whose data was exposed in the 2022 hack. If a cybercriminal has your email address and knows you’re a PayPal customer, they can create an email mimicking it, claiming that you must change your password due to a recent security breach. As a worried customer, you click the link provided and land on what looks like a PayPal login page. You type in your old and new passwords and think you’ve just shored up your login information; in reality, you just gave the hackers the keys to the castle.
Identifying a phishing scam can be difficult. To do so, we recommend:
- Not clicking on suspicious links
- Read the email address carefully to determine who sent you the email
- When in doubt, go directly to the company website for more information
Data breaches happen nearly daily. Chances are your data has or will be exposed at one point. The good news is that you can take steps to prevent the exposure of sensitive data from resulting in a financial loss. Remain vigilant, and remember to follow this blueprint should your data become exposed.