Data breaches happen constantly. Unfortunately, no matter how effective your personal online security is, you cannot prevent attackers from stealing your private information from a service you’ve used.
Some breaches only include passwords, but often criminals find ways to steal bank card information, social security numbers, and other crucial pieces of personally identifiable information. These compromises and the leaks that follow can expose your private data to online criminals, who can use that information to fuel phishing attacks, fraud and even identity theft.
F‑Secure Labs also notes that a data breach doesn’t just put your information at risk, because following an account takeover your personal details may then be used by criminals to commit further online crimes against other individuals.
We have seen, for example, cryptocurrency scams promoted by stolen Youtube or Twitter accounts, says Maria Dacuno, Senior Researcher at F‑Secure Labs.
But you shouldn’t feel singled out if your details are included in a breach, because just about everyone who uses the internet will eventually get a data breach alert. And in this post you’ll find out the five steps you should take as soon as you get one, which will help prevent your data from being used against you.
In the aftermath of a breach, publicity will often lead to websites of the affected services or companies being overloaded with worried individuals, all trying to check their data. In addition, the security team of a breached company may restrict your account access while they assess the damage.
After a few days, though, the breached service will likely be accessible. That’s when you should login and change your password to a new, longer, unique password.
And you should change your password for any service that has been breached, regardless of whether a company told you that your information was affected by the cyber attack. If you have used the same password, or any variation of this password–for example, adding a number or symbol to the end of the password for use on another service–you should also change those passwords.
And it is worth noting here that password tricks, like adding a number or slightly varying the ending of a password for use on multiple logins, add absolutely no additional security to your recycled passwords. And whilst your password may be breached, there are steps you can take to ensure that your account remains secure. According to F‑Secure Labs one of the best ways to do this is to make sure that you turn on multi-factor authentication (MFA) for this and every account where it’s available.
Multi-factor authentication in general adds a layer of protection for your accounts, says Dacuno.
However, enforcing an MFA through a more secure method like an authenticator app is highly recommended.
Following a breach alert you should check your account on the compromised service and immediately delete any stored bank or credit cards.
In general, it is good practice to avoid storing card details with any online services. So, this is a good time to remove any stored financial account information for any of your online services, unless absolutely necessary.
Even the most careful companies can be breached. And you do not want your cards to be part of any eventual breach.
If you have been notified that your bank or credit card details have been leaked, you need to take immediate action. Call your bank and cancel your card.
This is a huge inconvenience, but necessary, especially if you do not have an alternative card to use, or have automatic payments set up with this card. You will have to wait for a new card to arrive, which can take days, or even weeks. But this is exactly why it is good practice to never save your cards with online services.
You should monitor the transactions on any card connected to a breached service, whether you were informed that card data was breached or not. Check for suspicious activity on a weekly basis–at least–and be ready to contact your provider to cancel the card.
Services like privacy.com allow you to generate a unique, limited, temporary credit card number. These temp cards reduce the risk of credit card compromise. However, such services, sadly, do not seem to be available outside the United States.
Temporary credit cards require extra effort. Yet they are worth your time–as they limit the damage of any individual service being breached. This strategy is like using unique passwords for every service: the uniqueness helps avoid a domino effect of one breach impacting your whole digital life.
The best time to start using a password manager is before your data is breached. The second-best time is right now.
Not only is using a password manager the single best thing most people can do to improve their cyber security, it’s also much easier than most methods of storing and using secure data.
A password manager makes creating, saving, and using strong unique passwords for all your accounts easy. By simply using this tool many cyber security experts trust for their password and refusing to store your card numbers with any online services, your risks of data breach will be quite minimal. Especially if you do a good job of monitoring your online identity in general.
Special thanks to Fennel Aurora, Senior Product Manager at F‑Secure, for his contribution to this post.
If your passwords and private data are breached, criminals can take over your accounts and steal your identity. ID theft is expensive and painful to fix. Preventing identity theft can save you money and time.
F-Secure TOTAL online security package helps you avoid identity theft. A password manager, data breach monitoring, antivirus that blocks phishing websites, and a VPN all combine to make stealing your personal information difficult. You can try TOTAL free for 30 days, with no credit card required.