What Should You Do After a Data Breach?

Rarely a day passes by without another data breach hitting the Internet – if you have an account on any website, chances are that your digital identity has been stolen or at least there were attempts to steal it.

While we have covered how to prevent being impacted by data breaches in the future (we have even discussed how to secure MySQL!), we have not yet covered what you should do after a data breach. This blog post will explain what should you do in such a scenario. Keep in mind that this blog post will not cover everything, but it will be a good starting point.

What is a Data Breach?

If you are a frequent visitor of BreachDirectory (or any cyber security websites for that matter), chances are you already know what a data breach is, but if you do not, here’s a simple explanation: a data breach is a security incident where information is accessed and stolen without authorization. The data is then frequently stolen and it might later be used in identity theft attacks. To secure yourself against data breaches, run a search on BreachDirectory and let the data breach search engine check if any of your accounts are compromised. Then, if any of your accounts appear in any data breaches, make use of the My Account Appears in a Data Breach section. If none of your accounts appear in any of the data breaches, make use of the My Account Does Not Appear in any Data Breaches section.

My Account Appears in a Data Breach – What do I do?

In general, after you have figured out that your account is affected by any data breach, you should perform the following steps:

1. Identify the source and extent of the data breach.
2. Determine what data was stolen.
3. Take a closer look at the affected data: change affected passwords, perhaps switch email providers etc.
4. Take steps to better protect your assets in the future.

Identifying the Source and Extent of the Data Breach

In general, after you know that your account is affected by a data breach, you first want to identify the source and the extent of the data breach. This can be very easily accomplished by using tools provided by BreachDirectory: our search engine can easily let you know if your account appears in any data breaches that are in our system.

Determining what Data was Stolen

After you have identified the source and the extent of the data breach, your next step should be to determine what data was stolen. Again, this can be easily accomplished by using tools provided by BreachDirectory.

Changing Affected Data

After you know what data was stolen from what source, you should change all affected passwords. When you change your password, keep in mind that attackers frequently search for passwords that can be re-used to breach other information systems in the future.

It might also be a good idea to consider switching email providers – using a trustworthy email provider can be another way to stop a data breach.

Taking Steps to Better Protect Yourself and Your Assets

Finally, you should take further steps to better protect yourself and your assets. This can include reading cyber security blogs (BreachDirectory’s blog can be a great resource), seeking out information and simply applying the actions you think are necessary, visiting cyber security conferences, reading whitepapers etc.

What do I do If…?

1. Email addresses are stolen – if you know that your account is in a data breach and that data breach included the theft of email addresses, there is not that much things that you can do. However, if you use a lesser known email provider, consider switching the provider to a more secure one.
2. Passwords are stolen – if you know that your account is in a data breach and that data breach included the theft of passwords, change them immediately. Keep in mind that the more complex your password, the harder it is for attackers to guess – password managers can be very helpful for this purpose. Also consider using two-factor authentication – it can stop attackers even then, when they already know your password: the attackers should not be able to verify that they have access to something that is accessible only to you (your phone, YubiKey etc.)
3. IP addresses are stolen – if you know that your account is in a data breach and that data breach included the theft of IP addresses, consider changing your IP address or, alternatively, using a VPN or a proxy when you register for services.
4. Credit card details are stolen – if you know that your account is in a data breach and that data breach included the theft of credit card details, immediately notify the issuer of your credit card, then monitor your credit card statements, monitor your credit report and report any fraudulent transactions.
5. Other personal details are stolen – if you know that your account is in a data breach and that data breach included the theft of other personal details (personal details that are not covered in any of the above points), first figure out what data set was stolen, then take action appropriate for the sensitivity of the data set. For example, if the data breach included the theft of personal IDs or passport details, notify companies of the fact that your identity was stolen, consider filing a report with your local police department, freezing your assets etc.

After you have successfully secured your account, it is a good idea to continue monitoring the presence of the account in any other data breaches by using the services provided by BreachDirectory. Also consider using two-factor authentication: two-factor authentication only grants access to a website or an application after authorizing the user by something that he knows (for example, his password) and something that he has (for example, a phone or something else). Two-factor authentication is also sometimes called 2FA and 2FA can help you avoid becoming the victim of identity theft even if the cyber criminal knows the account details you use to log in to certain services.

Summary

The actions that you should take after you know that you are impacted by a data breach vary according to the data that was stolen in the data breach, but in general, you can protect yourself against data breaches by using unique passwords across all of the information systems that you use (reusing passwords across multiple information systems is the primary cause of identity theft) and being careful about who you provide what details to. If you know that you’re signing up for a service that you will not use for a long time, it is a good idea to register under a pseudonym (a pseudonym helps you to remain anonymous), register using an anonymous email address (for example by using the one provided by Mailinator), also consider using a VPN or a proxy service.