Here’s What You Must Do After a Data Breach

Data breaches are terrible and usually messy affairs for everyone involved. It may be a reputation nightmare for the company that has suffered a data breach, but things can be so much worse for its customers. 

Where do people even start doing damage control when they hear their information could have been compromised in a data breach? Well, here are five essential steps to take if someone suspects there is stolen data.

It’s easy to panic whenever a new data breach announcement pops up, but things might not be quite as dire at first glance. Since not every system works in the same way, only some people’s data may be compromised. Whenever a data breach occurs, a company is often able to protect some of the data.

So, the first step should always be to verify whether the data breach occurred and determine what happened. Usually, people turn to news sites for this, but it’s better to hear it straight from the source. Look out for any announcements from the company, and if those are missing, reach out to them for information.

Every person is within their rights to know what is going on with their data. If a data breach has occurred, they have to know about it. So, the company must notify everyone, but sadly this isn’t a perfect world.

Before you can make any decisions, it’s important to understand what type of data we’re talking about. Email addresses can be at risk due to phishing potential, but passwords are worse – especially if people reuse them or don’t have 2FA enabled. You can cancel credit cards, but there’s no way to change a social security number.

So, understanding what type of data is now compromised will help with:

• Knowing the severity of the issue.
• Realizing what needs to be done going forward to curb the potential for any further damage.

What types of data can hackers expose in a breach? 

• Email addresses (most common)
• Passwords and security questions
• Telephone numbers
• IP addresses
• Personal information like name and surname, birth date, and physical address
• Credit/debit card information and other banking details
• Social security number
• Personal ID documents, like driver’s licenses
• Intellectual property
• Personal photos or videos

Having any combination of these types of personal data stolen could have devastating effects. Criminals can get into important accounts, empty a person’s bank account, commit identity fraud or credit card fraud.

What often turns a data breach into a crisis is when people don’t do anything about it. They learn that their data has been stolen, panic, and then leave it at that. But this is a crucial time to act because you can still try to salvage the situation.

What you need to do depends on the situation, however. First off, see if the company is offering any help to deal with the fallout from the breach. Many companies will (and really should) offer assistance with things like advice, monitoring, and even financial restitution. After the 2017 Equifax breach, the credit reporting agency offered cash reimbursements, identity restoration services, and credit file monitoring.

Even if the company isn’t offering anything of this sort, it’s important to take a hands-on approach. For example, if a hacker stole your password, make sure to change it and security questions for that account. Also, add two-factor authentication if you haven’t activated it for that account. If credit card information has been stolen, check credit reports and monitor account activity. Also, consider placing a credit freeze or fraud alert on the account, or just cancel the card entirely.

This is also the time to start becoming more vigilant. Be on the lookout for phishing attempts, scam calls, and any unusual activity on accounts or devices. If any personally identifiable information (PII) like social security or driver’s licenses was compromised, the relevant authorities should be notified. For example, if a driver’s license number has been exposed, you should notify the authorities.

Cybersecurity isn’t a one-off task. It’s a continuous habit. But if someone’s data has been compromised, it’s time to reevaluate and adjust. First and foremost, should be passwords and account safety. Review these and remember to avoid saving passwords on a browser. Use a reputable password manager instead, if necessary.

Online privacy and security aren’t just about strengthening password safety and locking devices. It’s also about what information people choose to share online and where they do it. Reevaluate each post before posting it online to see what others can glean from that information. Be wary of adding location tags. 

Also, look at what accounts are still open and the apps you have on your devices. Delete all of these old accounts and apps to offer a way for hackers to get more information or hack a device.

These days, the problem with data is not just what people opt into sharing but also what they don’t intentionally share. Companies, governments, agencies, websites, and outsiders of all kinds are monitoring what people do online via their browsing activity. It’s popularly called a digital footprint, and it contains a lot of sensitive personal information. This information is stored in various servers all over the world.

While there has been some legislative reform in this area thanks to initiatives like the GDPR, sadly, there’s still a lot of invasive data tracking happening. So people are turning to tools like virtual private networks (VPNs) to defend themselves. A VPN is a service that keeps outsiders from tracking a device or network’s internet activities by encrypting the connection. 

With a VPN installed, the connection is secured and also routed through a VPN server first, rendering online activities private. Not even a person’s ISP can track what exactly they’re doing online. This is a great way to take back control of who gets hold of one’s data.

Final Thoughts

All of the information and tips here are not just important for individual people. Companies should take these into account, as they are just as much at risk when a data breach occurs. Except their risk is often on a much larger scale. 

Teach employees about cyber safety and what they need to do when they suspect a breach.

---