What to Do After a Data Breach

Data breaches have become commonplace. The latest involves AT&T, which recently announced that the personal information of 73 million current and former customers was stolen and had appeared on the dark web.

Earlier this year, a leaked dataset containing 26 billion records from users of a long list of services, including Twitter, LinkedIn, Dropbox, Adobe, Evite, Canva and MyFitnessPal, and government agencies was discovered and referred to as the "Mother of All Breaches."

“We’ve had thousands of breaches and leaks. You’ve had billions of pieces of information released,” says cybersecurity expert Adam Levin, co-host of the What the Hack with Adam Levin podcast. “The information is out there, and a great deal of it is for sale on the dark web. We’re living in a cyber siege state because we are under constant attack.” 

When breaches occur, it's important to know what steps to take if your information has been exposed.

Step 1: Find out if your accounts have been compromised

When large companies experience data breaches, they typically notify customers. However, it sometimes can take weeks or months for notifications to be sent. In the meantime, hackers could be circulating the stolen data on the dark web. That's why it’s a good idea to frequently check if your data has been leaked by using a free data leak checker such as the one provided by CyberNews.

Step 2: Change account passwords

It’s always a good idea to change your account password after a data breach. If you used the same password for other accounts, you’ll need to change those passwords, too. 

Consider using a password manager to generate strong, unique passwords for you. For example, account, credit and identity monitoring service Carefull offers a digital Vault that includes a password generator and stores passwords with military-grade encryption. 

Also, consider getting additional email addresses to segment accounts in order of priority and sensitivity, Levin says. For example, you could use one email address for retail accounts and a different one for financial accounts. Because your email address often is part of your account login credentials, thieves might be able to use it to access your accounts (especially if you don’t have a strong password). Having more than one email account can help lower this risk.

[ See: How to Protect Your Account Passwords ]

Step 3: Use multi-factor authentication

In addition to using strong passwords, Levin recommends getting an extra layer of protection by setting up multi-factor authentication on your accounts. Opt to receive a text message with a code to enter in addition to your username and password when logging into your accounts. 

Better yet, consider downloading an authentication app to use as your multi-factor verification method. Free authentication apps such as Duo Mobile and Google Authenticator create unique passcodes that you’ll need in addition to a password to log into your account and can be an even more secure option than text message codes..

Step 4: Freeze your credit

Keep thieves from using your personal information to open new accounts in your name by freezing your credit. A credit freeze blocks access to your credit reports and sends a message to lenders that they shouldn’t extend new credit in your name because you’re potentially a victim of identity theft. “It should let you sleep a little easier at night,” Levin says.

It’s free and easy to place a freeze on your credit reports at all three of the credit bureaus.You can lift the freeze if you need to apply for credit.  

• Equifax security freeze
• Experian security freeze
• TransUnion credit freeze
  ‍

Step 5: Monitor your accounts, credit and identity

After a data breach, it’s critical to monitor your accounts for unusual activity, Levin says. That’s because not only do the hackers who breached a company’s database have access to your personal and account information, but also they can sell that information on the dark web to other thieves. 

To make it easier to keep constant tabs on your accounts, Levin recommends setting up alerts to be notified of activity on your accounts. To get more comprehensive monitoring, consider a service such as Carefull. It monitors bank, credit and investment accounts 24/7 for unusual transactions, signs of fraud and money mistakes. 

Carefull also provides credit and identity monitoring and up to $1 million in identity theft insurance. Plus, it has Care Agents who can walk you through the steps to take to recover your identity if you become a victim.

Step 6: Install a spam blocker

If phone numbers are accessed during a data breach, thieves can launch smishing attacks—text messages that aim to steal people’s personal information and money, Levin says. So be careful not to click on links in any text messages you receive, even if they appear to come from a reputable company. Instead, contact the company directly to see if there are issues with your account. 

Scammers also can use phone numbers to make spam calls. Cut down on the number of these calls you receive by installing a spam blocker. In addition to account, credit and identity monitoring, Carefull provides spam blocking assistance. Members can select their phone provider and device type and be automatically sent a link to install their provider's preferred spam call blocking application. 

‍

Try Carefull for free for 30 days to protect your finances, credit and identity.

‍

Step 7: Watch out for phishing attacks

When hackers get access to email addresses in data breaches, there tends to be an increase in phishing attacks, Levin says. Be on the lookout for emails that appear to come from legitimate organizations and prompt you to click on links. Those links could include malware or take you to fake websites, where you’ll be prompted to provide your personal or account information.  

To protect yourself, don’t click on any links or attachments in emails—even if those emails appear to come from a trusted source. Contact the company or organization directly to see if it was trying to reach. And if you received an email from friends with a link or attachment, call them to see if they actually sent you an email. Their computer or email could have been hacked, and the hackers could be using their email address to send scam emails.  

Bottom line

The best way to protect yourself against data breaches is to be proactive. You should have protections in place already, Levin says. Don’t wait for a data breach to occur to take the steps listed above. 

[ Keep Reading: What to Do When Your Identity Is Stolen ]‍