Data Breach Response: What to Do If You're Affected

These days, it seems like data breaches happen so frequently consumers can hardly keep up. Almost every week there are headlines about another company that’s been breached. What should you do if you have an account with one of these breached organizations, and your information has been exposed? When you hear about a data breach you think you might be involved in, you should act quickly to secure your digital accounts. This guide covers what kind of information could be exposed in different types of data breaches. It also provides a list of actions to take following a data breach to secure your information. The type of data breach may dictate how you respond. Common types of data breaches and the possible information that could be exposed are: 1. Confirm the breach occurred Before doing anything, you should confirm that there was, in fact, a data breach. A common phishing scam is sending out an email that looks like it’s from a company you have an account with, saying there’s been a breach or a problem with your account. It will say you need to click a link to log in. If you get an email like this, never click any links . Instead, contact the company directly or search for news stories to confirm the breach. 2. Scan your computer/device for viruses It’s possible you may have logged into the breached company’s account before you realized they were hacked. If your information was exposed, hackers may have already tried to use it. Run a malware scan on your computer, smartphone, or any device you use to access the accounts of the hacked company. 3. Determine which information was stolen Once you know the breach has occurred, you need to figure out which information is potentially exposed. Depending on the type of breach, this information may vary. If it was a healthcare facility, you can probably assume your health info is at risk and start securing it. If you find a news story about the breach or contact the company to confirm, you’ll likely learn what information was exposed. 4. Reset all your passwords Change the passwords on all your online accounts — even those that you think may not be involved in the breach. If the account uses your email address, name, or any other sensitive information that could identify you, it needs a new password. This is also the chance to strengthen your passwords and use something harder to crack than P@ssw0rd. If you don’t already use a password manager , now is the perfect time to start. 5. Review your digital accounts As you’re going through each of your accounts to change passwords, delete any old accounts you no longer use. The less information about you on the web, the better. If you’re deleting an account that has uploaded files such as documents, photos, or videos, delete all those files from the account first, then delete the account. 6. Contact the hacked company and take further actions Changing your passwords is a good step, but you may also need to reach out to banks, doctor’s offices, credit bureaus, universities, or whoever has your information to further protect yourself. It may also involve canceling credit cards, putting a freeze on your account, initiating a fraud alert, or asking for copies of medical records. 7. Keep monitoring your accounts After you’ve reset your passwords and contacted the relevant companies about the breach, your work is still not done. Continue to monitor your accounts for suspicious activity. Be on the lookout for more phishing emails than usual or transactions made in your name. Reading about a data breach in the news is one way to learn about it, but that’s a little passive. To keep your information secure, you should actively check if you’ve been part of a data breach. WhatismyIPaddress.com has a data breach checker , which will allow you to see if your information has been compromised. All you have to do is enter your email address. Learning your information is involved in a data breach can feel stressful and overwhelming. As long as you act quickly and take the proper steps to secure your data, you may be able to minimize the damage. To learn more about data breaches, you can also listen to the Easy Prey podcast episode with Troy Hunt , a web security expert and educator who created the data breach search tool Have I Been Pwned?