According to Breach Level Index, since 2013 there have been 14,700,000,000+ data records lost or stolen. To make things worse, only 4% of breaches were “secure breaches” where encryption was used to make the stolen data useless. Within the last couple years, major corporations such as Facebook, Yahoo, and DoorDash, have fallen victim to data breaches and unfortunately so did we. Following our experience, our team wants to inform small businesses and individuals on how to handle such situations with the Data Breach Response Guide.
With data breaches occurring at a rapid pace and massive scale, it becomes more and more important for everyday consumers to be ready for when their information becomes compromised in a data breach. What should you do if you are affected by a data breach? What are the next steps you should take?
To help, we’ve put together this comprehensive playbook to help you navigate the uncertainty of being affected by a data breach. Hopefully, by following the advice we’ve laid out, you can be better equipped to respond to a data breach and minimize any potential harm to your data and identity.
Figure Out How You’ve Been Affected
The first step in the Data Breach Response is to figure out whether or not you have been affected, and how. If you have been affected as a user, chances are the company will have contacted you in some way to let you know how you have been affected, for example in our case, we directly emailed all potentially affected users and also posted in our social media and blog to inform any other affected data subjects. In another example shown below, Quora acted swiftly to inform 100M users affected by a breach.
Breach Detection Services
Sometimes, however, you may not be alerted about data breaches or you may have been affected by a past breach. There are plenty of services out there that will let you know whether or not your information has been compromised in any sort of way.
One such site is haveibeenpwned.com. Have I Been Pwned? is a helpful service that checks if your account has been compromised in a data breach. Simply put in an email address and get a list of data breaches your data might have been involved in. We advise being careful with these types of sites as well. Entering sensitive information here can also pose a potential threat. Thoroughly vet the security of websites before handing over your information.
Determining What’s Been Compromised
The next step in the Data Breach Response process is once you have determined whether or not you have been affected by a breach, you need to identify what data of yours has been compromised. This data can range from least sensitive to most sensitive.
- Least Sensitive: Email addresses, phone numbers, street addresses
- More Sensitive: Names, dates of birth, card numbers
- Most Sensitive: Social security numbers, passwords, security codes
Keep a note of the data that has been compromised, and how sensitive it is. The more sensitive the information is, the more important it is to respond swiftly and take steps to protect your identity. For example, in the case of Covve, the least sensitive information was breached and as such there was no need for an action, like changing of password.
Strengthen and Secure Your Online Identity
If your data is suspected or known to be compromised in a data breach, hackers and other dangerous agents may have access to your passwords and accounts. The Data Breach Prevention Team highly recommends that you go through the following steps to ensure your online identity is safe and secure.
1. Change your password on as many affected sites as possible
Do your due diligence and ensure that your current and old passwords are replaced with a new, secure password. It’s important to use a unique password for each service, and to avoid predictable password patterns.
2. Use Two Factor Authentication at a minimum
At a minimum, upgrade your account to use two-factor authentication. This ensures that even if hackers obtain your password, they cannot do further damage unless they have access to additional services like your phone or email account.
3. Use a Password Manager
Consider upgrading to a password manager to help keep track of all of your passwords. Many password managers even include a password generator, which makes it easy to create unique and secure passwords for all of your accounts online and automatically store them in a secure location.
Contact the Right Institutions and Take Action
Once you have determined what data has been compromised and secured your current accounts, the next step is to contact the right institutions and take additional action.
Bank and/or Card Details
If your bank and/or credit card details have been compromised, contact your bank and credit card company immediately. Close associated accounts and work with your bank to prevent or resolve fraudulent transactions.
If your SSN has been compromised, in addition to other personally identifiable information, contact relevant government agencies such as the Internal Revenue Service (IRS), Social Security Administration (SSA), and the Federal Trade Commission (FTC). You can report Identity Theft at identitytheft.gov to work with the government and put together a recovery plan.
Credit Reports and Freezes
Check your credit report immediately to see if thieves have been using your data to open up credit cards or bank accounts under your name. If you detect or suspect wrongdoing, you can place a fraud alert or security freeze on your credit accounts which will help prevent further damage.
Monitor Your Accounts
Once you have contacted the right institutions and have taken the steps to secure your identity, the final action in the Data Breach Response Guide is to continue to monitor your accounts for further wrongdoing.
Be on the lookout for additional signals of bad behavior such as unauthorized transactions, new bank/credit accounts, and more.
To help put your mind at ease, you can sign up for additional credit monitoring which will watch your accounts for any possible risky activity.