4 practical tips on what to do after a data breach

Let’s kick things off with a quick question: what do eBay, Facebook, Adobe, LinkedIn, Microsoft, Alibaba, Twitter, Experian, Quora, Capital One, Dropbox, Uber, Zoom and Twitch all have in common? The answer is that they’ve all been involved in a data breach that exposed the personal details of their users. And there’s a very good chance that you have an account with at least one of them.

But don’t panic. Data breaches happen often — with Statista claiming more than six million data records were exposed in the first quarter of 2023 — and no company or service is ever totally immune to them. Of course, there are steps you should take to protect your­self from identity theft and data breaches. But, unless you never provide your details to a third-party, which simply isn’t practical for most of us, there is always a risk.

In fact, according to an F‑Secure report, 60% of people suffer a data breach every year. But the biggest concern is that of those 60%, half continue to use exposed pass­words on other accounts — even after being notified of the breach.

Acting quickly following a data breach is what’s important, as it can prevent an inconvenient security breach turning into some­thing far more serious, such as identity fraud. And following a few simple steps is all it takes to stop an inconvenience turning into a serious crime.

1. Change your pass­word

There are various ways to be alerted of a data breach. You might see a story in the news. You could get notification of a compromised pass­word via your phone. Alternatively, you can use a manual tool such as the F‑Secure identity theft checker to scan for breaches. Or, if you want the very best protection, sign up for automated 24/7 identity monitoring, such as that available in F‑Secure Total.

Regardless of how you find out about a breach of your data, you need to act. Change the pass­word for the affected account, but also consider other accounts that may use the same or similar credentials. And change those, too.

Publicity from breach events will often lead to web­sites being overloaded with worried people trying to check their data, and/or the breached company’s security team may have restricted your account access while they assess the damage, explained Fennel Aurora, Principal Product Manager at F‑Secure. When the breached service’s site is less overloaded, login and change your pass­word to a new long unique pass­word.

Also, ensure that your new pass­word is not just strong, but also unique for every affected account, using a tool like F‑Secure’s strong pass­word generator to create them.

2. Check your cards

Not all data breaches are equal: the least damaging may only include user­names; others will include both user­names and pass­words; and some will feature payment and credit card details.

But, even if a data breach didn’t include your payment details, if you have bank or credit card credentials associated with a breached account, you must act quickly to ensure that scammers can’t use them.

Check your account on the breached service, and delete any stored bank cards, suggested Aurora. In general, it is good practice to avoid storing card details with any online services. Even the most careful companies can be breached. You do not want your cards to be part of any eventual breach. And a pass­word manager will help you easily fill out your card details on any service when needed for a specific purchase.

3. Cancel cards for exposed payment details

If you discover that your bank or card details have been included in a data breach, contact your bank immediately and follow their instructions, which may include cancelling your cards or setting up a fraud alert on the account.

If you are one of the lucky people to be notified as having your bank card detail leaked, you are going to have to call your bank and cancel your card, explained Aurora. You will have to wait for a new card to arrive, which is likely going to be disruptive and annoying, especially if you don’t have an alternative card. This is exactly why it is good practice to never save your cards with online services.

And even if you get a notification that your card details have appeared in a breach, and you follow the above steps, you should still monitor trans­actions over the next few months for suspicious activity. And if you do spot any suspicious activity, contact your bank immediately, and file a police report.

4. Use a pass­word manager

It’s easy for experts to preach about the importance of strong and unique pass­words — and they really are important — but trying to remember just one secure pass­word is hard enough, let alone 20 or more. This is why pass­word managers are so useful.

Not only is using a pass­word manager the single best thing most people can do to improve their cyber security, it is also likely to be much easier than whatever you are doing for your pass­words and bank cards today, said Aurora.

The benefit of a pass­word manager is that you only need to remember one master pass­word, and your pass­word manager does all the hard work for you. F‑Secure’s highly-rated ID Protection enables you to generate and manage strong pass­words for all your online accounts, with data encrypted using TLS/SSL.