What to Do After a Data Breach â 7 Security Steps
Updated on July 13, 2021: From now on, traffic filtering, malware protection, and suspicious DNS activity blocking are available as a part of the separate DNS Firewall app.
When we hear the news of yet another data breach of a credit reporting agency or a social media website, our first question is likely to be whether we are among the millions of potential victims. Is our personal information in the hands of the hackers? The next legitimate question to come to mind: What should we do now?
Nowadays, cybersecurity threats have become routine, if not expected. Some of us take precautions to try keep their personal information private, but even theyâre not beyond the danger. Thereâs plenty of third-party organizations that hold or have access to our information and, should they suffer breaches, will expose this data.
When an entity that holds your personal information fall victim to a breach, you need to know what steps to take â and fast. The exact steps may vary, depending on the nature and circumstances of the breach, and how sensitive the stolen information is. So first of all, consider your particular situation:
- Verify that a breach actually occurred, and that it might affect your information
- Determine what type of data breach it is
- See if your information was exposed the breach
- Figure out the scale â is it your Social Security number or some other sensitive information that was exposed, or is the stolen data more limited?
- Check ASAP whether the hackers are doing anything with your sensitive information yet, like using it to commit identity or financial fraud?
In this piece, VPN Unlimited team will discuss the most common data breach types, illustrate the degrees of personal data that could be stolen, and suggest actions that consumers should take in response to a data breach.
What to Do After Security Breach â Checklist
0. Take precautionary measures before the breach
1. Confirm that the data breach occurred and check if your information was compromised
2. Define what type of information was compromised
3. Accept the breached organizationâs help
4. Change your passwords, security questions, and other login info
5. Take additional action and contact the right people
6. Monitor your accounts and stay alert
7. File your taxes early
Be Alert and at the Ready
What to Do After Security Breach â Checklist
0. Take precautionary measures before the breach
This is a bit of a cheating on our side, but in reality, the easiest way to protect from a security breach is via preventing measures. Make sure your passwords are strong enough, your credentials are well protected, and your identity is secured using privacy and anonymity solutions.
1. Confirm that the data breach occurred and check if your information was compromised
First of all itâs important to confirm whether a breach actually occurred. Donât believe just any email saying thereâs a breach. It can actually be the scammers reaching out to you posing as the compromised company and utilizing the stolen info to get even more of your personal data. Donât fall for this! Check the companyâs official website or reach their customer support to confirm the breach and learn what information got involved.
Normally, a breached organization will use some of its secure communication channels to notify the affected consumers. For instance, a web-services provider could reach them by email and post the text of the email notifications on their websites. A credit reporting agency would establish a call center and dedicated website to help clients determine if their sensitive info was among the breached data.
2. Define what type of information was compromised
The nature of the information in question dictates the appropriate data breach response. A stolen credit card can be canceled and replaced, while obtaining a new Social Security number is a whole different story. Not to mention that your SSN and other sensitive information gives fraudsters more opportunities than, say, a hacked email or credit card account.
To provide you some context, here are three infamous data breaches where different types of data were exposed:
- A big-box retailer became victim to a security breach in 2013. The data of 70 million customers was stolen, including credit and debit card information, mailing and email addresses, names, phone numbers, etc.
- 2014 saw the largest U.S. data breach, in which 3 billion user accounts of a web-services provider were compromised. The specifics of the stolen information are still not completely clear, possibly including names, addresses, phone numbers, dates of birth, security questions, and passwords.
- Lastly, in the 2017 a credit reporting agency suffered a data breach, with the hackers stealing up to 145 million SSNs, addresses, birth dates, and driverâs license numbers. Such sensitive information enables hackers to do much more than a mere credit card fraud. They can essentially assume your identity for whatever end they wish, from filing fake tax returns and renting or buying properties, to applying for employment benefits and committing other criminal acts in your name.
As you can see data breaches that involved different kinds of data have different degrees of sensitivity. For instance, even a massive web-services provider data breach might end up not as damaging to individuals as that of a credit reporting agency that, while smaller in scale, involves Social Security numbers. So, while these 7 steps are important regardless of the type of breach, other steps may also be in order where the exposed data was more sensitive.
3. Accept the breached organizationâs help
It is likely that the breached company will offer to help protect you or repair you the damage. As long as their offer seems legit, thereâs no reason for you to reject it. For example, after the 2017 credit reporting agency breach, this organization offered identity theft protection and credit file monitoring to its clients who were affected.
4. Change your passwords, security questions, and other login info
Itâs vital to immediately change your login information for the breached accounts. Also, any other accounts that shared similar passwords and security questions-and-answers are now endangered. Make sure you update their login information as well to keep them out of the harkersâ sticky fingers.
This step is especially important for victims who got their accounts stolen, e.g. email accounts compromised in a data breach of a web-services provider. And make sure to strengthen your accountsâ security by taking any precautions available, such as two-factor authentication.
5. Take additional action and contact the right people
This is where you really have to consider the type of data breached. If your sensitive information or credit/debit card data is stolen, reach out immediately to the respective financial institution, cancel your card, and request a new one.
However, if some other, more sensitive personal information got breached, simply blocking your card might not be sufficient to avoid becoming a victim of fraud or identity theft. If thatâs the case, you want to enable credit monitoring, consider a credit accounts freeze, and fill your taxes early to deny scammers a chance to file a fraudulent tax return.
6. Monitor your accounts and stay alert
Itâs crucial to keep watching for signs of new suspicious activity. For example, if an SSN was stolen, hackers who put their hands on it might use it right now, or they might patiently wait for years until their victims put their guard down.
7. File your taxes early
Whether you just want to take precautionary measures, or know for sure that your Social Security number has been stolen, a good practice is to file your taxes early. In todayâs cyber threat landscape, this way you can beat fraudsters to the IRS, making it impossible for them to commit tax-refund identity theft with your SSN.
Be Alert and at the Ready
The data breach threat is no joke, and youâd better be ready than sorry. When sensitive info such as Social Security numbers is stolen, unlike credit cards, itâs not so easy to change your Social Security number. So make sure you stay alert and know what to look for. If you see some red flags, take the appropriate actions outlined in this piece.