How to Respond When Your Data Is Compromised by a Company

Source: Vector choice - URS Preferred Partner

Protecting Yourself After a Data Breach

With the rise in cyber-attacks worldwide, you've likely received notifications from companies informing you that your data has been compromised in a breach. While we can take steps as consumers to protect ourselves, we cannot always control when a company that promised to safeguard our personal data gets hacked.

In 2023, Statista reported that 52% of global organization breaches involved customers' personally identifiable information (PII), making data such as addresses, phone numbers, names, birth dates, and Social Security numbers the most commonly breached type. A recent example is ChangeHealthcare, which was breached in February. Due to the breach, it's estimated that one-third of Americans—possibly including you—had sensitive information leaked onto the dark web.

So, what do you do when you receive a notification from your healthcare provider or favorite retail store admitting, "We got breached"? It's more than upsetting to think that your data is now in the hands of criminals.

When sensitive information is leaked, you'll need to take action to protect your accounts from suspicious activity. Follow these seven steps to mitigate the damage after a company fails to protect your data.

What To Do After Your Data's Been Leaked

  1. Verify the Breach First, confirm that the breach notification is legitimate. Hackers sometimes impersonate companies and send out fake emails or letters about an alleged breach. When you get a notification like this, visit the company's official website or call them directly. Do NOT use contact information from the letter or email, as it could be fraudulent. Confirm that the company was indeed hacked and determine which of your data was compromised. Gather as much information as possible about the breach, such as when it happened, whether your data was affected, and what support the company is offering to mitigate the breach. For example, some companies provide free credit monitoring or identity fraud prevention services.

  2. Identify Stolen Data After confirming the breach, determine what data was stolen. Credit cards can be easily replaced, but Social Security numbers cannot. Knowing what was compromised will help you take the necessary steps to monitor or update that information.

  3. Change Passwords and Enable MFA Update to a new, strong password for the breached account and any other accounts with the same login credentials. Log out all devices currently logged into your account if the option is available. Additionally, ensure you have multifactor authentication (MFA) enabled in your account settings. MFA adds an extra layer of security by requiring biometric data or a separate code to access your account.

  4. Monitor Your Accounts Keep a close eye on any accounts linked to the breach, even after changing your passwords. Watch for unauthorized account updates or password changes, as these may indicate identity theft. If your credit card number was stolen, monitor your bank and financial accounts for unusual activity, such as unexpected purchases.

  5. Report the Incident If you're unsure whether the company knows about the breach or if you've experienced fraud due to the breach, report it to relevant authorities like local law enforcement or the Federal Trade Commission (FTC). They can provide guidance on how to protect your identity and take further steps.

  6. Beware of Phishing Attempts After data leaks, hackers may use stolen information to send phishing emails or make calls to trick you into giving away more sensitive information. Be wary of unexpected emails, especially those requesting personal or financial information, and avoid clicking on any links or attachments.

  7. Consider Identity Theft Protection Consider investing in identity theft protection, especially if highly sensitive data like your Social Security number was stolen. Replacing a Social Security card can be time-consuming, and in the meantime, criminals could use it to impersonate you. Identity theft protection services monitor your credit and other accounts, protect your identity, and notify you if your data appears on the dark web.

While companies are responsible for protecting customer information, breaches can still occur. By following the steps above, you can minimize the impact of a breach on your life. Ultimately, we must all take part in safeguarding our information in an increasingly risky digital world.

To learn more Contact us