What to do if you are in a data breach…
Stay Calm
Data breaches are becoming common these days. As of April 2019, the Have I Been Pwned website reported roughly 7.9 billion accounts as part of their database of breached accounts. In other words, you’re in good company.
Learn About the Breach
The correct response for any data breach is specific to what type of data has been stolen. Here are some common data elements and suggested responses:
- E-Mail, Username, Full Name, other biographic information: You may start receiving new junk e-mail, but for the most part this data is pretty common knowledge anyway and you should assume that it is out on the web. Keep that in mind when choosing security questions for websites and change any that may rely on this information.
- Plain Text Passwords: Change your password for this site and any other site that uses the same password. Hackers will often add your account to a database and use it to try other websites (social media, banking, etc.) to see what else they can get into.
- Hashed or encrypted passwords: It takes more work to decrypt an encrypted or hashed password, but computers are getting really fast these days. It may take some time for them to get your password, but you should go ahead and assume that they can and follow the same guidelines as plain text passwords.
- Credit Card, Banking, Social Security, or Other Financial Information: Contact your bank or financial institution immediately to replace credit cards, check for unrecognized transactions, and any other security protocols that they have in place. The sooner you contact your financial institution the sooner it becomes their problem. Sign up for credit monitoring if you don’t have it already and check your credit report for accounts that you don’t recognize.
General Tips
Here are some general tips and tricks to consider:
- You can reduce your risk by using unique passwords for every site. The best password is the one that you don’t know. Consider using a password manager like LastPass or 1Password so that you can use a password for each site that is unique and random.
- After each data breach there is an uptick in blackmail e-mails that use the information in the breach to convince you that they have access to your computer. They don’t, so don’t pay them (and make sure your antivirus is current and running).
- You can sign up for breach monitoring for free at the haveibeenpwned.com website.
There was a time when the focus was on preventing your data from being breached. While this is still a good practice, we’ve reached a point where a lot of people collect data about you and not all of them will be as careful as you are with that data. Take some time to think about how you can minimize the impact when your data might be leaked because there is a very good chance that data about you has been leaked or will be leaked soon.