Skip to main content

Unfortunately, personal data breaches happen quite regularly. In case of an attack that leads to the loss, alteration or unauthorised disclosure of personal data, companies have up to 90 days to notify you after its discovery. During that time, your unprotected information and credentials can be used by malicious actors to cause extensive damage. This damage can range from stolen personal documents and passwords to unlawful financial transactions and total identity data theft.

As a result, monitoring services have become a fundamental element in modern cyber security. If any of your information is exposed online because it was part of a breach or personal attack, monitoring services will notify you faster, allowing you to act almost immediately.

What to do if your privacy is breached

If a company has told you that your information might have been part of a data breach, your personal details may already be on the dark web or in a for-profit database run by malicious actors. With most data privacy breaches, it’s the first 72 hours that are the most critical. It is therefore crucial that you ask the company when the breach occurred so you know how long your information may have been out there. The longer your information is exposed, the more opportunities cyber criminals have to use it to their advantage.

Even if it’s been longer than 72 hours, following the correct recovery stages after a personal breach is incredibly important. Below is a step-by-step guide detailing all of the measures you’ll need to take if you believe that you’ve been a victim of a personal data breach.

1. Figure out what data was breached and check for updates

2. Update any exposed credentials

3. Sign up for two-factor authentication

4. Monitor all of your accounts

5.Protect your financial privacy

1. Figure out what data was breached and check for updates

Sometimes, companies do not reveal exactly which customers have had their information stolen or what kind of data was taken. However, just because they don’t guarantee that your information was part of the breach, it doesn't mean you shouldn't act. If you have received a notification from a company stating that your information may have been exposed, or perhaps you saw information about a leak in the media, you should check with the company and ask them what type of information that includes. The most common forms of stolen personal data are:

  • Email
  • Password
  • Name
  • Phone Number
  • Address
  • Credit Card Information
  • Social Security Number

Changing and/or verifying that this information is secure after a privacy breach can be costly, time-consuming, or both. We recommend that you work in order of priority, based on what information was exposed, and check back with the company, either by phone or on their website, for security updates regarding the breach.

2. Update any exposed credentials

If you think your email address or password has been exposed, whether in combination or individually, you should change them right away. If you have reused your password on multiple sites in the past, it is important to update all your old logins and follow good password hygiene from now on. We recommend using a “strong” password, which will be covered in detail later in this article. In general, it’s best practice to have multiple passwords that are updated regularly (every 3 to 6 months).

Trying to remember all passwords is quite an outdated way to secure your information online. So, we also recommend that you use a password manager to keep track of everything.

3. Sign up for two-factor authentication

Double your online security by signing up for “two-factor authentication” wherever the option is available. Sometimes referred to as “two-step verification" (or “2FA" for short), two-factor authentication is an extra level of security for your online accounts that requires you to enter an additional piece of identifying information.

This identifying information can range from an additional “secret answer” to a question, a secure link sent to your email, or an authentication code texted directly to your phone. So, even if hackers do get your email and/or password, they won’t be able to access your account.

4. Monitor all your accounts

In recent years, hackers have grown very advanced in their methods. One set of exposed credentials can be easily cross-checked across many different websites, social media pages and subscriptions/memberships. If any of your passwords are duplicated across platforms, cyber criminals could quickly gain access to profile information that reveals even more about you, such as personal email addresses, phone numbers and even a physical address.

By slowly gaining access to more personal information, hackers may also be able to get into your most important accounts, like your personal banking website, or your computer itself, allowing them to cause extensive personal damage. That’s why you need to keep a close eye on your accounts following any data breach, even if "only" your password was leaked. In the days and weeks following a breach, it is important to watch for any strange activity in your accounts, such as new purchases, password changes and logins from different locations.


5. Protect your financial privacy

If payment information was leaked as part of a data breach, you should ask your card provider to lock or pause your cards right away and send you a replacement one. By locking the cards, you prevent new purchases from occurring with the leaked card number, and the replacement card will have a new number assigned to it, allowing you to continue with your normal purchases.

Even if your payment information is safe, it's a good idea to set up credit monitoring. This will alert you when there are any changes to your credit report, like if someone applies for new credit in your name. Also, if you think your address, social security number or other private information may have been breached, you should order a free copy of your credit report and take a detailed look through it (ideally, you'll do this every 6 to 12 months anyway).

If you are sure that your financial details have been exposed and you have seen changes, you should take steps to freeze your credit. There is no cost incurred by doing this and it will prevent malicious actors from opening new credit accounts in your name.

an image of a computer screen with scattered numbers, suggesting a data breach

How to prevent data breaches in the future

As cyber criminals become more advanced, the consequences of having even a small bit of information about you stolen are becoming more and more serious. Even with an email address or password, malicious actors are, in some cases, able to find more sensitive and powerful data in very little time. In addition, large company data breaches are not the only way that your information can end up being exposed. Data breaches equally happen in public settings (usually via unprotected Wi-Fi connections) or in the workplace (often as a result of poor cyber security staff training).

So, taking proactive steps to protect your personal information is essential in the modern era, and this means setting up a combination of monitoring services and antivirus software so that your devices, network, and accounts have an extra layer of security against hackers. Equally, there are several steps that any user can take to minimize the chance of a personal data breach. Detailed below is our guide to preventing data leaks from your personal or work devices.

  • Strong Passwords and MFA
  • Keep your Software Updated
  • Back Up your Data Regularly
  • Update your Email Address Book
  • Use Secure URLs
  • Review your Access Controls
  • Educate and Train Employees

Strong Passwords and MFA

As previously mentioned, good cyber security starts with a strong password that is regularly changed (every 3 to 6 months). A strong password usually consists of at least 8 characters (we recommend 10 to 12). This should that are a mixture of letters, numbers, and symbols (if they are permitted) . Never include personal information in your passwords such as your parents’, kids’, pets’ names or even your date of birth. Cybercriminals are searching for this specific type of information among your social media accounts while trying to brute force your password. Some even have special apps which can allow them to combine key words about your life with crucial dates in your life to try and guess your password. Remember, try not to use the same password for multiple accounts. You should have a collection of different passwords that you use. Equally, you should opt-in to two-factor authentication security policies when offered. We also recommend using a password manager to store your different variations.

Keep your software up to date

Often, large companies will provide essential security patches and changes via software updates. That’s why it’s important to keep all your work and personal software up to date and make sure that you are using the latest version of a program to prevent any vulnerable exploits from being exposed. We recommend enabling all automatic software updates whenever possible.

Back up your data regularly

In order to prevent permanent loss of data and important information, we recommend having a backup of your personal data, either held in an external drive or stored securely off-site. Regularly backing up your data means that your information does not have to be constantly stored on your device and anything lost will still be accessible after the initial breach.

Update your email address book

Whether you’re working in an office, from home or freelancing on the go, it’s always prudent to ask your clients to notify you if they change their address or other contact details. Equally, you should periodically ask them if they have had any personal breaches themselves. Both of these measures will prevent malicious actors from accessing your information through identity theft of a colleague/client or a phishing scam.

Use secure URLs

This is an essential part of general IT hygiene for all users today. If you receive a link from a colleague or outside source, only open URLs that begin with HTTPS. Equally, when visiting websites online, it is important that they are trusted, often indicated by a padlock on the left of your browser’s search bar.

Review your access controls

As homeworking becomes more commonplace, it is clear that access to a broader range of software and permissions is needed. However, this does not apply to everyone. If you’re worried about security breaches on your work laptop, talk to your IT department about tightening your access controls.

Educate and train employees in best practice

Data protection is not just your IT department’s responsibility, you and your colleagues are equally responsible. That’s why you should stay up to date with your enterprise’s cyber security training and have access to the right resources in case of a breach. This should include best practices surrounding sending personal information via email and correct naming conventions for documents so that a digital paper trail can easily be established. Ask your IT department or manager for the appropriate response plan in case the worst happens and be sure to report any suspected attack or attempt immediately.

Data breaches have unfortunately become somewhat commonplace in our modern digital world. So much of our personal information is stored and shared online, often with companies that we know very little about. So, next time you're shopping around online or wondering about signing up for a new digital service or to a new website subscription, you should think twice about reusing a password or sharing your most private information.

Related articles and links:

Related Products:

What to Do If Your Personal Privacy is Breached

If you’ve been a victim of a privacy breach, don’t panic. We’ve created a simple guide listing what to do next and how to prevent it from happening again.
Kaspersky Logo