About This Guide
You are probably asking yourself: How does a data breach occur? Well, a data breach occurs when there is a lapse in security, leading to unlawful or accidental destruction, alteration, loss, or unauthorized disclosure of personal information. While there is no guarantee that the data thieves will use your information fraudulently, this experience can be frightening.
The main goal for most cyber threats like spyware, phishing, and hacking is identity theft. So, if the worst happens and your sensitive information leaks, you should know the exact steps to take. Acting immediately after the breach can minimize the potential for the damage. Actually, the more prepared you are, the better.
In this guide, we will discuss several ways in which you can minimize identity theft and, consequently, cut down the damage caused by information leaks. The measures will vary depending on the sensitivity of the leaked information and the circumstances of the breach. For this reason, you should take into account the following factors:
- Find out if the breach affected your sensitive data.
- What type of data breach occurred?
- Has your sensitive information, such as your Social Security number, been exposed during the breach?
- Are the attackers doing anything with your data, such as using it fraudulently?
If a Data Breach Occurs
If you have confirmed that the breach occurred and your information was compromised, plan to fix the damage immediately. Even if you are not sure of what information leaked, you still need to take reasonable steps to protect the unknown. Follow these steps:
First, Find Out What Got Lost
Before anything else, you need to find out the kind of information that was stolen in the data breach. Was it your sensitive information or the less critical one? Besides this, you should find out how the breach occurred. Was it an internal affair or anyone else? After analyzing the information that got leaked, you should be able to categorize it into any of these three broad categories:
1. Least Sensitive Information
This category of data includes the names and street addresses. The information is harmless because attackers may not use them to carry out frauds linked to you. Such information may only be useful to digital marketers and probably your noisy neighbor.
2. Moderately Sensitive Information
Leaked data, such as your email address, payment card account numbers, and dates of birth are sensitive because criminals can use it for fraudulent purposes. A stolen credit card number usually results in some fraudulent charges. Thankfully, the cardholder is protected from liabilities incurred if they report a stolen card. Likewise, a stolen email can be used by spammers. Typically, the date of birth may not be useful on its own, but when it is combined with a name, it becomes more valuable. Unlike an address, your date of birth never changes.
3. Most Sensitive Information
Anything that gives third-party power to pose as you are the worst piece of information to leak out. This information may include your passport numbers, online-account passwords, financial account numbers, Social Security numbers, and related information.
A stolen online-account password, combined with an email address, is often used to hijack online accounts. A stolen bank account number enables a hacker to track your financial transactions, and may even move money out of your account. Similarly, a card security code enables attackers to use a lost card number for telephone and online shopping.
Perhaps the worst form of information to leak out is your Social Security number. If it gets into the wrong hands, they can use it to pose as you. What makes it even worse is that it is almost impossible to replace your old Security Number with a new one.
If Your Sensitive Information Leaks
Different information holds diverse consequences. So, the sensitivity of the data that got leaked should inform the kind of steps you should take. We will look at each case below.
Password and Login Details
Stolen login credentials are the most straightforward type of data breaches to deal with since you can make the stolen information useless to a fraudster. If your username, email, and password, or similar information got leaked, take the following precautions:
1. Tighten security on your online accounts
Changing your password will make it harder for the attackers to continue using your account for malicious purposes. You should make it stronger by using a mixture of upper and lower case, characters, and digits. On top of this, you should change passwords on all your other accounts that share the same password.
Using a password manager will help you create strong passwords. Such services generate hard-to-guess passwords, and then store and autofill them on sites you visit. So, you don’t have to remember each time you log in.
2. Set up a 2-factor authentication
By doing so, you are sure that no one will get into your account, even if they got ahold of your password. In this setup, an intruder needs a second password or PIN before logging in successfully. Your online service often sends the PIN to your mobile device. The only way hackers can get in is if they steal your information and smartphone at the same time.
3. Be watchful of phishing attacks
Some scammers and hackers may not get enough data to break into your online accounts. So, they will use other tricks to convince you to give them the missing information. For instance, they might use your address or date of birth to convince you they are from a legitimate company in order to get other sensitive information.
If you lost your details for your online bank account, credit cards, or other payment details, follow these steps:
1. Report the incident to your financial institution to freeze your cards
If your bank or credit card details were compromised, don’t wait for suspicious transactions to appear on your financial statement. Report the matter to your bank immediately. Ask the bank to cancel the affected card and request a new one. As an identity theft victim, you should also discuss with your financial institution how to avoid further damage. It might involve closing old and opening new accounts, including the uncompromised accounts.
2. Monitor your financial statements
If you suspect that your information has leaked out, closely monitor your bank and credit card statements. Pay attention to any purchases made on your accounts and unauthorized withdrawals. If you find any, please alert your financial institution to remedy the situation. They might deactivate the old card and issue you with a new one.
3. Engage a credit-monitoring service and set up a fraud alert
One of the most important things to do to protect your identity after your information leaks out is to put a fraud alert on your credit reports. If your information was compromised following a data breach, you might be given complimentary credit monitoring. These services help you watch credit reports for dubious activities and alert you accordingly.
What it means is that you are alerting all major credit agencies of your identity theft and that they should look out for any suspicious activities. These activities may include opening bank accounts under your name, applying for a new credit card, or even applying for loans.
4. Get a credit report
Whether you are a victim of a stolen identity or credit fraud, you should review your credit reports to identify any transactions you may not recognize. By law, you are eligible to get at least one free credit report from your agency each year.
5. Watch out for phishing attempts or malicious mails
If your email address was compromised, you are likely to receive suspicious emails. To be safe, avoid clicking on suspicious links in your emails. Actually, you should not open any attachment that you were not expecting, even if they are from your bank. The same goes for snail mail.
Passport, ID, or Social Security Numbers
As mentioned earlier, this category of information is a goldmine to cyber-criminals. You should, therefore, take the right steps if it leaks out:
1. Issue a fraud alert
If you are suspecting that your personal information has leaked out to criminals, request a fraud alert from one of the major credit bureaus. Fraud alerts should prompt any credible creditor to take extra caution by verifying the identity of a person when transacting.
2. Prove your identity
Before data thieves claim your personage, you should reclaim it by submitting an affidavit. Get your theft affidavit from the Federal Trade Commission or your local equivalent.
3. Get credit reports
Credit reports will give you a snapshot of all your liabilities. They will help you find out if someone has tried to use your identity to commit illegality.
4. Go through your Social Security statement
Check for any suspicious charges on your Social Security statement. Fraudsters can use your SSN to create bogus citizenship papers, open new credit lines, or file a fake tax return.
5. File your taxes early
Whether you’re sure that your Social Security number has leaked out or you just want to take precautionary measures, try filing your taxes early. This way, you will defeat criminals who may be planning to commit tax-refund identity theft using your SSN.
Driving License number is almost as crucial as your ID. So, if it leaks, do the following:
1. Report the incident to your Department of Motor Vehicles
The first thing to do whenever your driver’s license number is exposed is to contact your local Division of Motor Vehicles (DMV). The DMV may flag your number to spy on anyone who uses it or have you apply for a duplicate license.
2. Place a fraud alert
Besides reporting the incident to your Department of Motor Vehicles, you should also place a fraud alert with the DMV. This way, they will get notifications whenever someone tries to use your driver’s license to apply for any service.
Medical records, such as your insurance, can be used to make claims under your name. To minimize the potential damage, do this:
1. Inform your health insurer and monitor your health records
Notify your health insurer to be careful not to issue any payments in your name. It is also necessary to review your medical records, especially health-related payments, just in case a criminal has already applied for a claim under your name.
If Someone Has Committed a Crime Using Your Information
The above steps will minimize the possibility of identity theft. However, sometimes, the attackers may have already used your information to carry out fraud. If that is the case, you need to file a report with your local police department as soon as possible. Some people may see this as pointless, but it actually helps in many ways.
The act of reporting alone will enable you to establish a legal basis with which you can challenge future frauds.
If you are in the US, you are required to file a formal report of identity theft with the Federal Trade Commission. Thankfully, you can do so online.
Other than this, you should also accept any valuable help from the breached company. Some companies may help to repair the damage – for instance, providing credit monitoring reports. If there are no major issues with their offer, consider taking it up.
Protect Your Privacy
It is clear that you can’t stop breaches from happening. So, the best way to minimize the occurrence and the impact of breaches of your data is to stay one step ahead of hackers by protecting your data. Here are some ways to improve your online privacy:
1. Delete Cookies
Every website you visit gives you an internet cookie that recognizes you as a user. Internet cookies may carry data, such as the name of the website that issued the cookie and a randomly-generated number that identifies you as a returning user. While they might contain data that may not identify you, they can be a threat to your online privacy. Sure, they may improve your browsing experience, but sometimes it’s better to get rid of some that are of no good to you.
Here are the most common types of online cookies:
- Session Cookies – They are temporary and rarely have an expiration date. A website generates these cookies when you enter it and will only be active during the time you are on that page. The cookie is permanently deleted when you exit the browser.
- Permanent Cookies – These cookies identify you when you are on a subsequent visit to a website. They can take care of user authentication, so that you don’t have to log in every time you enter the site. Typically, permanent cookies are convenient, but it is better to delete them for privacy reasons.
- Third-Party Cookies – These cookies are useful for cross-site user tracking. They are usually used by websites that have external content like banners and ads linked to other sites. So, the data gathered by these cookies may help advertisers to show you targeted ads.
- Supercookies – These cookies are the most malicious ones. They are not only hard to delete, but they can also embed on your device without your knowledge.
So, how do you delete cookies? You usually delete them from the privacy and security settings of your browser. Please keep in mind that it is not enough to delete cookies. You should block them altogether. You can also activate the option for preventing cross-site tracking.
2. Use a VPN
Typically, the internet is designed for easier information exchange, not user privacy. So, without a way to encrypt your communication, your information may leak to the wrong hands. On Wi-Fi networks, unscrupulous users may intercept your data. Likewise, your ISP and other interested agents, such as governments and hackers, may track what you are doing online. They may even steal your personal information and use it to commit a crime in your name.
So, until the internet becomes more private, you should always use a VPN to anonymize your traffic. It is the easiest and the most secure way to minimize information leakage.
In the wake of a data breach, you should remain calm and take drastic actions. The fact that the breach happens does not mean that your information was stolen. But if your sensitive information, such as your passwords and Social Security numbers leaks, you might become a victim of identity theft. And if it has happened already, the above tips will help you minimize the potential damage.