Article

5 ways to minimize your risks after a data breach alert

5 ways to minimize your risks after a data breach alert
F-Secure
F-Secure
|
Dec 14, 2023
|
5 min read

Prevent your data from being used against you

Data breaches happen constantly. Unfortunately, no matter how effective your personal online security is, you cannot prevent attackers from stealing your private information from a service you’ve used.

Some breaches only include pass­words, but often criminals find ways to steal bank card information, social security numbers, and other crucial pieces of personally identifiable information. These compromises and the leaks that follow can expose your private data to online criminals, who can use that information to fuel phishing attacks, fraud and even identity theft.

F‑Secure Labs also notes that a data breach doesn’t just put your information at risk, because following an account take­over your personal details may then be used by criminals to commit further online crimes against other individuals.

We have seen, for example, crypto­currency scams promoted by stolen Youtube or Twitter accounts, says Maria Dacuno, Senior Researcher at F‑Secure Labs.

But you shouldn’t feel singled out if your details are included in a breach, because just about every­one who uses the internet will eventually get a data breach alert. And in this post you’ll find out the five steps you should take as soon as you get one, which will help prevent your data from being used against you.

1. Change that pass­word — and any similar pass­word

In the after­math of a breach, publicity will often lead to web­sites of the affected services or companies being over­loaded with worried individuals, all trying to check their data. In addition, the security team of a breached company may restrict your account access while they assess the damage.

After a few days, though, the breached service will likely be accessible. That’s when you should login and change your pass­word to a new, longer, unique pass­word.

And you should change your pass­word for any service that has been breached, regard­less of whether a company told you that your information was affected by the cyber attack. If you have used the same pass­word, or any variation of this pass­word–for example, adding a number or symbol to the end of the pass­word for use on another service–you should also change those pass­words.

And it is worth noting here that pass­word tricks, like adding a number or slightly varying the ending of a pass­word for use on multiple logins, add absolutely no additional security to your recycled pass­words. And whilst your pass­word may be breached, there are steps you can take to ensure that your account remains secure. According to F‑Secure Labs one of the best ways to do this is to make sure that you turn on multi-factor authentication (MFA) for this and every account where it’s available.

Multi-factor authentication in general adds a layer of protection for your accounts, says Dacuno. However, enforcing an MFA through a more secure method like an authenticator app is highly recommended.

2. Check your cards

Following a breach alert you should check your account on the compromised service and immediately delete any stored bank or credit cards.

In general, it is good practice to avoid storing card details with any online services. So, this is a good time to remove any stored financial account information for any of your online services, unless absolutely necessary.

Even the most careful companies can be breached. And you do not want your cards to be part of any eventual breach.

3. Monitor and cancel

If you have been notified that your bank or credit card details have been leaked, you need to take immediate action. Call your bank and cancel your card.

This is a huge inconvenience, but necessary, especially if you do not have an alternative card to use, or have automatic payments set up with this card. You will have to wait for a new card to arrive, which can take days, or even weeks. But this is exactly why it is good practice to never save your cards with online services.

You should monitor the trans­actions on any card connected to a breached service, whether you were informed that card data was breached or not. Check for suspicious activity on a weekly basis–at least–and be ready to contact your provider to cancel the card.

4. Consider temporary credit cards (US only)

Services like privacy.com allow you to generate a unique, limited, temporary credit card number. These temp cards reduce the risk of credit card compromise. How­ever, such services, sadly, do not seem to be available out­side the United States.

Temporary credit cards require extra effort. Yet they are worth your time–as they limit the damage of any individual service being breached. This strategy is like using unique pass­words for every service: the uniqueness helps avoid a domino effect of one breach impacting your whole digital life.

5. Use a pass­word manager

The best time to start using a pass­word manager is before your data is breached. The second-best time is right now.

Not only is using a pass­word manager the single best thing most people can do to improve their cyber security, it’s also much easier than most methods of storing and using secure data.

A pass­word manager makes creating, saving, and using strong unique pass­words for all your accounts easy. By simply using this tool many cyber security experts trust for their pass­word and refusing to store your card numbers with any online services, your risks of data breach will be quite minimal. Especially if you do a good job of monitoring your online identity in general.

Special thanks to Fennel Aurora, Senior Product Manager at F‑Secure, for his contribution to this post.

F‑Secure Total secures your pass­words and your online identity

If your pass­words and private data are breached, criminals can take over your accounts and steal your identity. ID theft is expensive and painful to fix. Preventing identity theft can save you money and time.

F‑Secure Total online security package helps you avoid identity theft. A pass­word manager, data breach monitoring, anti­virus that blocks phishing web­sites, and a VPN all combine to make stealing your personal information difficult. You can try Total free for 30 days, with no credit card required.

Read more and try for free