We trust businesses to handle our data responsibly. That means keeping it secure and taking reasonable action to prevent data breaches. However, sometimes these measures fail, and businesses leak our data.
So what are you, the consumer, supposed to do after a data breach that may have affected your information?
Read Up
First, do some reading. Depending on the nature and timing of the breach, the business whose data was compromised may send out specific information for you to peruse. There may also be reports of the breach in the press. It’s a good idea to read everything available to you to:
- Confirm the breach. Make sure it isn’t just a rumor. Confirm the breach actually happened, as well as when and how it happened.
- Identify stolen/compromised data. In most cases, only certain types of data will have been compromised. Responsible businesses should be able to explain to you which pieces of your personal information may have been seen or stolen.
- Follow instructions. Companies will sometimes send specific instructions or advisements to customers whose data was involved in the breach. It’s a good idea to follow these instructions in most instances.
Consider Talking to a Lawyer
In some cases, the best course of action is to talk to a consumer protection lawyer. If you’re concerned that your data was mishandled or if you suffered damages as a result of the data breach, a consumer protection lawyer can help you understand your rights and represent you in negotiations or legal actions.
An initial consultation with a consumer protection lawyer can help you understand the nature of the data breach and whether legal action is the right move. From there, you can decide how you would like to proceed.
Change Your Passwords
As soon as possible after being informed of the breach, change all your most important passwords, starting with the password associated with the business that experienced a data breach. This is especially important if you use the same password for many different sites (which is highly inadvisable from a security standpoint).
When choosing new passwords, make sure you choose strong ones. Strong passwords have many characters, as well as a mix of characters like uppercase letters, lowercase letters, numbers, and special symbols. Strong passwords also have no easily recognizable patterns, like birthdays or names associated with you.
Turn on MFA
Multifactor authentication, or MFA, is a setting available in most modern accounts that forces a user to identify themselves in multiple ways before they’re granted authorization. For example, after providing a password, you may also need to provide a special code sent to your phone or email address. This greatly increases your security, so enable it if it’s not already enabled.
Watch Your Credit Report
Pay close attention to your credit report in the weeks and months following the breach. If you notice any unusual or suspicious activity, report it right away. It could be a sign that your personally identifying information was stolen and is currently being misused.
Consider Freezing Your Credit
If you’re particularly concerned about risks to your credit score, consider freezing your credit. This will make it impossible for you to open new accounts or take out new loans, but it will also protect your credit from criminals and scammers.
Utilize Offered Support
Many companies that experience data breaches provide free services to victimized customers, such as credit monitoring. Consider taking advantage of these free supportive services to make your security and protection more robust.
Delete Old Accounts
You likely have dozens, if not hundreds, of old online accounts that you don’t use anymore. Each of these is a security risk, even if you don’t actively use it. Consider deleting all these old accounts so you don’t have to worry about them being compromised in the future. This is especially important for older accounts from small and defunct businesses, as these are much more likely to be involved in data breaches that go unnoticed.
Monitor for Any Suspicious Activity
Finally, keep an eye out for any suspicious activity related to your accounts and online presence across the board – and take action if you notice anything strange. For example, you may notice that your social media account is sending messages to your contacts without your initiation, or you may get an email notice that there was an unsuccessful attempt to log into your account elsewhere. These are signs that you need to tighten your personal security further.
Data breaches are devastating both for businesses and their customers. But if you do your due diligence in the aftermath of a data breach that affects you, you should be able to stave off the most serious potential consequences.