How to act in the event of a data breach?

Data breaches are an increasingly common issue these days. Large companies suffer hundreds of attacks daily and it is inevitable that their defenses momentarily fall, exposing user data. But this does not mean that the impact for us is the same since it depends on many other factors, such as the type of information leaked, for example.

In the following post, we will delve into the subject and explain how to act in various cases.

What does it mean - being victims of a data leak? 

Are you wondering what being a victim of a data leak means? 

There are more and more online services that users subscribe to, such as bank accounts, email, online stores where we register and enter our data, social networks, and many more. These organizations guard an enormous amount of personal data, and cybercriminals are constantly trying to get hold of it.

As a consequence, sometimes the defenses of these companies fall and the attackers gain access to all or part of this information, filtering it to publish on the internet or obtain an economic benefit by selling it on the black market or demanding money.

The organizations and institutions that handle your data have a large share of responsibility, not only in the way they handle your data but also in how they protect it from the multiple existing risks. 

Are you a victim of such an event? Don’t worry – here is how to act in the event of a data breach.

How to deal with a data breach?

If we are aware that a company or online service where we are registered has been the victim of an attack where the data of its users has been leaked, the first thing we should do is remain calm.

It may be old data, such as an address where we no longer live or a different email and password than the one we currently use. We must take the following steps to make sure everything is taken care of and act accordingly:

1. Find out what data has been compromised: 

When a leak is made public, it is common that the type of data that has been leaked is also described, either because the attackers have made it known or because the attacked company itself has made an official statement. At that time, we must try to find out which of our details may have been compromised. 

However, for security reasons, it is better that by default we consider any data that we have been able to share with the company to be compromised, from the user id, the password, and the email, to any other information, such as bank card data, telephone number or even our address.

We must remember that any user has the right to obtain all the information that an online service company has about us. It is a very useful practice to have control and visibility of how much information we are sharing. In addition, it is our right as users.

2. Protect our privacy: Depending on the compromised information, we must act in one way or another:

- Passwords: with them the attackers can access the affected account and all those in which we use the same password. With this data, for example, they could impersonate us on social networks or make online purchases at our expense.

What can we do to reduce the impact? If our password has been leaked, we must change and update it. In addition, we must do it both in the service that has suffered the attack and in others where we have used the same or a similar key.

- Email or phone number: This information is often used by attackers to perform personalized attacks based on social engineering; for example, an alleged phone call from our bank, requesting information about our bank card and providing the filtered information to give greater credibility. What can we do to reduce the impact?

For these cases, it is advisable to use alternative emails and temporary phone numbers to register, whenever possible. Thus, we will save unwanted advertising and the risks of this type of leak.

- Name, surnames, address, or personal identification documents: As with the previous point, this personal information can be used by attackers to impersonate our identity and carry out all kinds of illicit activities. For example, they could register services in our names, such as rentals, insurance, or services such as water or electricity, especially if account numbers or images of our ID have been leaked.

What can we do to reduce the impact? If this data is leaked, we may carry out practices every now and then, searching our first and last names on the internet to find suspicious activity or false profiles. Likewise, it is recommended to not use this kind of data unless it is vital.

- Bank details: Any cybercriminal could make purchases and transfers to other accounts with this information.

What can we do to reduce the impact? In these cases, we must inform our bank so they can assess the risks and take essential actions, such as canceling the bank credit or debit card and spotting possible dubious activities.

3. Report the incident: 

This is the last step, but not the least important. When reporting the incident, we ensure that it is recorded so that, in the future, a third party makes illegitimate use of this information, and the impact is much less.

We must collect all the evidence we can and go to the Federal Trade Commission so that they act accordingly. They will help us if the company where we had our information hosted has been negligent or in breach of contract by failing to adequately protect our privacy.

Finally, we must do a reflection exercise and consider what the worst possible scenario could be. This will help us gain perspective and be more aware of the information we share lightly without realizing the risks.

If you’re not sure what the internet already knows about you, search for your name on Nuwber. The site gathers data from all public resources, and you can assess if anything personal has already leaked onto the web.

The damage to our reputation, for example, caused by a leak from a phone store is not the same as from the leak of data from a dating application or sexual encounters.