Data breaches are a real and present danger for everyone, but they’re particularly troubling for consumers.
An estimated 254 million people were exposed during attacks on various financial organizations in 2022, with 9.4 million of those affected hailing from the US. Add to this targeted attacks conducted on popular social media platforms like Facebook, which was fined $277 million in the wake of an attack that affected 500 million users.
When incidental data breaches like this are combined, you can see what a serious issue this has become. Unfortunately, just 50% of the consumers caught up in these breaches actually take the necessary steps to protect their data from further harm, such as changing passwords or deleting old accounts.
My point? Often the weakest link is the one you ignored. That’s why taking inventory, isolating weaknesses, and building up strong internal practices to prevent data breaches like those above is no longer “optional.”
In this post, I wanted to offer readers a step-by-step guide to data breach response. If you suspect you’ve been affected, follow these steps:
#1 Confirm the Breach Occurred
The first step in responding to a suspected data breach is confirming that one has occurred.
Confirming a data breach requires taking an inventory of your accounts. The aim here is to locate potential vulnerabilities, and monitor for any suspicious activity or unauthorized access attempts.
Next, you should inform anyone else whose data might have been compromised due to the breach. Think about friends, relatives, or coworkers; if any of their data might’ve been exposed, you have a duty to inform them.
#2 Identify How You Were Targeted
Cybercriminals employ a variety of tactics to target consumers, taking advantage of their vulnerabilities to steal personal information and money. Fraudsters use various methods to target consumers for data breaches, including:
- Phishing: Scammers attempt to impersonate a legitimate account in hopes the consumer will voluntarily provide them with sensitive data, including passwords, account numbers, or credit card information.
- Identity Theft: In this case, the fraudster will obtain a person’s information, such as their Social Security number, date of birth, or address, and create accounts in the victim’s name.
- Vishing: Voice phishing, or “vishing,” happens when scammers call victims pretending to be from a legitimate company (such as their bank), and ask for confidential information such as passwords and account numbers.
- Malware: Any malicious software installed on a computer without the user’s knowledge or permission. Once installed, malware can give scammers access to personal information stored on the device.
- External Breach: This happens when your data is exposed by someone else, let’s say, a popular app or a social media site. These occur through no fault of your own, but their effects can be devastating, nonetheless.
In reality, there are dozens of ways scammers can access and utilize your information; therefore, your next step will be to take stock of the situation and determine how bad the breach really was.
#3 Assess the Damage
Now, you should have a pretty good idea of how you were targeted. You’ll be better informed about which systems and platforms are most at risk and which could use improvement. That means it’s time to gauge the real extent of the damage that the exposure represents.
For instance, if you realize that your data was hacked through one of your favorite social media apps, you can consider whether the login credentials you use for that site are also used for any other account. In this way, you’re empowered to prevent further damage.
#4 Freeze Credit & Enable Account Holds
Once you ascertain that a data breach has impacted you, contact all three of the major credit reporting companies immediately and inform them of the breach. Contact Equifax, Experian, and TransUnion directly, and ask each company to freeze your credit. This will prevent new accounts from being opened in your name with further verification from you.
To freeze your report, each agency may require additional information such as your name, address, date of birth, social security number, or other identifying information.
#5 Address Login Concerns
Many people suffer from “password fatigue.” This isn’t difficult to understand, considering the rate at which passwords can become corrupted and how often we need to change them to keep ahead of the problem.
However, adopting just a few best practices can alleviate hassles and keep your data safe:
- Create Unique Passwords for each Account: To ensure that your passwords remain secure, create a unique password for each account you have. This will help prevent attackers from accessing multiple accounts if one of your passwords is compromised.
- Use a Password Manager: You could use a password manager such as LastPass or Dashlane to quickly and easily generate and manage secure passwords. These programs will create random, high-strength passwords for each of your accounts, encrypt them for maximum security, and remember them so that you don’t have to.
- Implement Two-Factor Authentication: To further strengthen the security of your accounts, you should enable two-factor authentication (2FA).
#7 Deploy Fraud Alerts
After contacting each credit reporting agency and placing a freeze on your credit profile, take an extra step and place fraud alerts on all three credit reports.
Fraud alerts can help prevent hackers from opening new accounts or using your identity to commit further crimes. The idea is that, if anyone tries to open new lines of credit in your name, you’ll be notified.
Fraud alerts remain active for 90 days unless removed earlier or extended by a consumer. Once renewed or re-established after that period of time, alerts will remain active until the end of that year. Afterward, they will only be renewed/re-established upon request.
#8 Monitor Account Activity
You should consider signing up for a credit monitoring service such as LifeLock or IdentityForce for added protection against identity theft and fraud related to the data breach.
These services provide you with real-time alerts if suspicious activity appears on your credit report or if someone attempts to use your personal information for fraudulent purposes online. Some of these services also offer additional benefits such as dark web monitoring, insurance coverage in case of identity theft-related losses, and recovery assistance should you become a victim.
Another tactic that shouldn’t be overlooked is regularly reviewing your financial statements and account activities for unauthorized transactions. Be alert to any charges on bank statements, bills with unfamiliar addresses listed on them, or emails requesting information about accounts you don’t remember opening. These could all be signs that someone might have gained access to your personal data.
Finally, be on the alert for strange and unsolicited phone calls, texts, emails, or letters about your finances. Any of these could be signs that your data was exposed in a breach.
#9 Beware Data Brokers
A data broker is a third-party entity that collects and sells personal data about consumers to marketers, advertisers, and other companies. Data brokers typically collect information such as purchase history, credit scores, social security numbers, and social media profiles.
Once you’ve identified that a data broker has your personal information, there are a few options for removing it from those sites. These include:
- Opting-out: When and wherever possible, opt out of any caching or data storage by sites you visit.
- Requesting data removal: Many data brokers have policies that will allow you to demand your historical data be removed. This can be done either through an online form or by sending a written request by mail.
- Avoiding unsecured sites: If a website you frequent doesn’t have an “HTTPS” designation, refrain from making purchases or entering any data.
#10 Delete Old Accounts and Update Data
Once all vulnerable data sources have been secured, it’s essential to delete all old user accounts that may have been compromised due to the breach.
As part of this process, you should also delete any records related to those accounts that may contain personal or confidential information that hackers could use if acquired. In addition, any stored passwords and payment details associated with those accounts should be deleted or securely stored elsewhere when necessary.
Ultimately, no one should take fraud prevention lightly. With these tips in mind, you can safeguard your data, limit your exposure to fraudsters, and remain vigilant about how your data is used online.
You can’t prevent every potential data breach. However, you can drastically lower your chances for future attacks… and that’s a great place to start.