How to Check If Your Personal Data Has Been Compromised

You get an email with a password reset link for your Amazon account. You didn’t request it, so you “safely ignore it” as the Amazon email states. Then, a few days later, you get an email asking to confirm your email address for a new account on Robinhood, a stock market e-trading app. Not long after that, you get a text message with a two-factor authentication code you didn’t request for your bank account. All of these notifications should put you on high alert. Why? Because your email address and phone number (and probably some passwords and other sensitive info) have been leaked. A cybercriminal has a hold of them and is trying to log into your existing accounts or open new ones with your info. These kinds of emails and texts are a good indicator of stolen personal data, but they’re not the only sign. You should know which factors to look out for and how to check if your personal data has been compromised. If you suspect that your data might be compromised online and you’re looking for “signs” that your data has been leaked or stolen, chances are it already has been. You shouldn’t wait until you notice unusual account activity to be on your guard—you should always be careful online. With that precursor out of the way, let’s look at some of the most obvious indicators that your personal data (email address, phone number, address, passwords, bank info, etc.) is being shared without your permission. The sign that usually prompts people to run personal data breach scans is receiving an email saying that an application or service you use has been hacked and that your information may have been implicated. If this happens, you should take action immediately. It’s easy to find out if your personal data has been compromised. You can use one of these free tools to see if any of your data has been shared without your knowledge or permission: There are also paid services you can use to check for exposed data, and these generally tend to be more comprehensive. After a certain point, though, it doesn’t matter how much of your data has been leaked. Knowing that even one piece of personal information is where it shouldn’t be is enough to make you take action. When checking for your leaked personal data online, you may come across your information in a people search site like Yellow Pages or Zoominfo. These directories aren’t considered illegal, however, and they didn’t receive your data by stealing it. They legally obtained it, usually by purchasing it from a vendor. And they’re allowed to sell it too. Companies that collect information about people, whether for people search directories, advertising purposes, or healthcare, are known as data brokers. These companies can make certain information about you publicly (or privately) searchable and it’s not considered “stealing” or “leaking” your information. Some examples of data brokers are: Data brokers gather information about you and sell it to third parties. They build profiles on millions of people for advertising, call centers, debt collections, and more. Examples of personal details data brokers deal in are: They can get your information from a variety of sources—and this information isn’t considered confidential. The most common sources are: If data brokers don’t collect or compromise confidential personal data, why should you be concerned about them? While they don’t share your bank account numbers, Social Security number, or other “sensitive” info, hackers can still use brokers to build profiles of their targets. A cybercriminal might obtain a password to one of your accounts in a data leak. Then, they find your email address on the dark web. They can then find your birth date, mailing address, and phone number from a “legitimate” people search site. With just this information, they can open fake accounts in your name or even trick your cellphone provider into porting your number to a new SIM card (a scam known as SIM swapping ). It also shouldn’t be surprising that these data brokers are prime targets for hacks. Equifax was breached in 2017, which affected the personal information of 147 million people. T-Mobile had 15 million records exposed in 2015 because they were stored on Experian’s servers, and Experian was breached. In 2011, Epsilon was hacked , exposing the names and email addresses for millions of people. Most data brokers allow you to request to remove your information from their sites, but they make the task difficult and inconvenient. They’re also continuously collecting info, so even if you succeed at getting your data removed, it may show up again in a year or two. Some services will go through a large number of data brokers and remove your info for you, but they’re not free. Data brokers are completely legal in the U.S. and there are no federal laws to regulate the industry. For the most part, they can sell your information to just about anyone if the price is right. However, as of 2024 they’re prohibited from selling sensitive personal data of Americans to potentially malicious countries or companies that operate in malicious countries. If you want to avoid having your information compromised in a data breach, you should take action now. Online security always works better when it’s proactive, and not reactive. Here are some steps you can take to secure your information: Personal information has become a commodity in the digital age. Brokers want it so they can sell it to the highest bidder; cybercriminals steal it so they can also sell it to whoever’s willing to pay. As our lives have moved increasingly online, it’s become harder to maintain privacy. Fortunately, there are ways to protect your sensitive information, if you’re willing to put some effort into being more cautious. You should have a skeptical attitude about everything you encounter online and never give away your information—name, email address, phone, anything—easily. Your personal data and your identity are the most important things you have. Protect them vigilantly.