Being involved in a data breach can be a scary situation. Knowing that someone has access to your personal information, especially if it is sensitive, is unsettling and worrying.
Rather than panicking, it is important to stay calm and be aware of what to do when you find out that your information is part of a data breach. By taking the right steps immediately, you can protect yourself from further theft or fraud.
How to know if you have been involved in a data breach
Due to the rise of data breaches over the past decade, several services have been created that enable you to see if your data has been involved in a breach.
The most popular of these is Have I Been Pwned. By entering your email address or phone number in the search bar, you will be able to see if that piece of data has ever been involved in a breach.
For more proactive notification, you can use their “Notify Me” service, located in the menu at the top of the website. By entering your email address here, Have I Been Pwned will let you know when that email address is involved in any future breaches, allowing you to act immediately.
There are several other services like this, but they work in much the same way. The important thing is that you can find out when and how you’ve been involved in a data breach and take the appropriate steps to protect your information in the future.
Protect your online accounts
Once you are aware that you have been involved in a data breach, especially if it’s happened recently, you must take steps to protect your accounts.
Immediately reset the passwords of all affected accounts, including your email account. Use strong, unique passwords containing a combination of uppercase and lowercase letters, numbers, and symbols
Utilise external authentication software, such as Microsoft Authenticator, to secure accounts, where possible
Review and delete any accounts that you no longer use. This removes an avenue for hackers to gain access to your information
Minimise the amount of information you provide
Many accounts will allow you to review and make changes to the personal information you store. Only put in the information that is required to create an account. For example, if an account creation process requires you to put in an email but the phone number is optional, never put the optional information in.
By doing this, you ensure that if your data is released in a breach, the amount of data is the smallest it can be.
Another way of minimising data released is to use multiple email accounts. Using one for sensitive activity, such as banking and online shopping, and another one for more trivial purposes, such as social media, gaming, newsletters, etc. This ensures that if a data breach occurs involving your email, there’s less chance it will involve your more sensitive information.
The process for doing this depends on the type of information leaked and the specific situation. The best thing to do is to speak to a lawyer who specialises in data protection. They can advise you on the next steps and ensure you follow the proper channels.