What Do I Do If I Fall Victim to a Data Breach?
Your personal information has been exposed in a data breach and is now sitting somewhere on a hacking forum. You feel like someone has intruded your digital life and has made off with something very dear to you. Your privacy is compromised, and the consequences of this could be catastrophic. But what do you do next? What are the steps you need to take after your data has been exposed? We've got a few tips for you.
Table of Contents
1. Calm down!
You could start pulling your hair out and vow never to use that wretched thing called the Internet again, but that's not going to be terribly productive, is it? There's not much you can do about the breach. It's outside your control, and it's already happened, but if you keep your wits about you, you can minimize the potential damage.
2. Change some passwords.
Obviously, you need to change the password for the account that's been potentially compromised. This should be the very first thing on your mind, but it shouldn't be the only one. If you've used the same password on other websites, go out there and change those as well. Use unique passwords for all your accounts. It's the only way to ensure that if one account gets pwned, the rest will remain intact.
3. Change some more passwords.
Whether it's an online discussion board, a blogging website, or something else, your account will probably contain your email address which will likely be stored in plain text. And you might be surprised to learn just how much information this single piece of data could bring. If the hackers have your email, they will likely find your Facebook profile. And from there, they'll be able to learn the name of your significant other, the name of your dog, and the make and model of your car. If you've used these things as passwords or security questions for some of your accounts, change them as quickly as you can. The passwords and security questions, that is, not your girlfriend and dog.
4. Enable Two-Factor Authentication where possible.
Not that long ago, it was a case of "stolen password" = "compromised account". Things have changed now, and more and more services are offering two-factor authentication options, which, for inexplicable reasons, are usually off by default. Two-factor authentication means that the system will ask you for two things before letting you in. The first one is obviously your password. The second one could be a special code that is sent to you over email, text message or generated via an authentication app on your phone. It could also be a USB thumb-like hardware token.
Two-factor authentication is not infallible, but it is a layer of protection that is often enough to stop the crooks in their tracks.
5. Stay informed.
The potential consequences of a data breach depend on what's been stolen. Hacking incidents tend to make quite a few headlines these days, especially if a large number of people are involved which is why you should read the news and learn what's happened exactly. Obviously, if there's even the slightest chance of your credit card being a part of the stolen data, talk to your bank and make sure that it's no longer active. Even after you cancel the old card, keep a close eye on your bank balance. If extremely sensitive information like your Social Security Number has been compromised, speak to the experts and learn what you can do to stop random people from impersonating you.
This, of course, is the worst-case scenario. In some cases, the compromised information is relatively harmless, and sometimes, even if passwords are stolen, they are hashed and salted properly which makes them unusable for hackers. Make sure you have all the information and act accordingly.
You might also want to see how the hacked vendor is responding. Websites get compromised day in, day out these days, but some are reacting better than others. Some try to downplay (or even cover up) the incident while others work with their users to ensure that the damage is minimized. If you feel that the vendor isn't doing what it's supposed to be doing, you might want to consider whether you want to continue using its services.
6. Be vigilant.
The hackers likely have your email address already, which means that they can start spamming you with phishing and malware-laced emails. You know what a typical Viagra-peddling spam message looks like, but you might be surprised at how much work the bad guys put into an email to make it look convincing sometimes. Make sure you don't click on any links or open any files unless you are 100% sure that they're coming from a legitimate source.
Now that your data is leaked, you are much more vulnerable. Don't forget this.
7. Learn from your mistakes.
A data breach is an unpleasant experience both for the regular user and for the vendor that got hacked. But it could also be a lesson in cybersecurity, especially for you. You can see how serious the implications of a data breach could be if you've been using or reusing simple passwords. If you've made these mistakes, don't repeat them and try to figure out what changes you can implement to your everyday online life to ensure that should this happen again, your data will remain unharmed.