What should you do if your data has been leaked in a data breach?

Olle Vastbinder
Jun 8, 2023
What should you do if your data has been leaked in a data breach?

Hardly anyone can claim that their private data has not been involved in a data breach. Sometimes it's just an email address or your name, but unfortunately, more sensitive data often ends up on the street. Think, for example, of your credit card information, address, medical data or copies of your ID cards and your social security number. But what should you do if your data has been involved in a data breach? We have listed it all for you in this blog.

Above all, the most important thing is to stay calm if your data has been leaked. You can no longer prevent it, so focus on limiting the potential damage and protecting your data as best you can.

How do I know if my data has been leaked?

Chances are your data has already been leaked at some point. In the past, countless large and small companies have had hacks or data breaches where a wide variety of data has been compromised. Want to check if your data has been exposed before? On the website Have I been Pwned you can check how much off your data has already been leaked.

What was leaked?

First of all, it is important to see who leaked your data. If you know where the leak is, you often know what data they have on you. Do you think they aren't aware of the data leak yet? Then start by reporting it to the company or organization where your data was leaked. They must take measures to plug the leak to prevent further damage. They must also inform all those involved and make a report to your country's privacy authorities. Do you think that organization isn't doing that properly, or do you not trust them? Then you can also report it to the privacy authorities yourself.

loodgieter
You don't have to be a specialist to protect your data after a data breach. A little common sense and contacting the right authorities already makes a big difference.

More often than not, you first hear about a data breach through the news. For smaller data breaches that don't make the news, you will usually get an email from the organization involved. If done right, both the email and the news report will mention what kind of data may have been exposed. Start by focusing on that data in order of importance. Especially with passwords and access to financial data, you should take action as soon as possible. For less important data, be especially vigilant for phishing and other scams.

 

What information is most important to check after a data breach?

 

My password has been leaked

If your password has been leaked, you should change it as soon as possible. This is true even if it is mentioned that only encrypted passwords have been captured. The type and quality of encryption can vary quite a bit. So take no chances and change everything.

Are you using the same password for multiple accounts? Change them immediately there as well. And while you're at it, make a unique password for each account. Then you won't have to change all the passwords again in the event of a new data breach. Want to remember those passwords easily? Then consider using a password manager.

 

My credit card or bank information has been leaked

Is your credit card number exposed? Contact your bank or credit card company immediately. They can freeze your credit card if necessary and, if needed, immediately request a new card for you. Also check your statements from the last few months to make sure there hasn't already been a strange charge.

stapel-creditcards
Your credit card and banking information can be very valuable. They are especially common in phishing attempts by email and phone.

Likewise, if your bank account number has been leaked, be extra vigilant for unknown charges. See a payment that doesn't look right? Report it to your bank immediately. Often you can get your money back fairly easily.

Also be extra alert for phishing attempts if payment information has been leaked. If you get an email that lists your bank account number, never assume that the sender is actually that sender. When in doubt, always contact the company or organization that sent the email through their own website. Then you can be sure that you are using the official contact information.

 

My identity card, passport, or Social Security Number has been leaked

A leaked copy of your ID card, passport or your Social Security Number can be used to conduct identity fraud. Always check with your municipality if you have to apply for a new ID card. This can often be at the expense of the organization responsible for the leak, so be sure to keep receipts safe.

Do you suspect that someone is already committing or trying to commit identity fraud with your data? If so, always report it to your government's identity fraud hotline if they have one, or inform your municipality or local police.

TIP: When providing copies of your ID to organizations requesting it, make sure to black out all irrelevant information, like your picture and social security number. And while you are at it, write the name of the organization you are providing it too on the copy. That way a leaked copy can be traced.

 

My personal address information has been leaked

Your address information can be used to scam you by regular mail. Especially if the criminals also have other personal information, it may appear that mail really does come from your own bank. Always be alert for unexpected correspondence from your own bank. When in doubt, never scan a QR code and/or type a URL into your browser. Contact the sender of the letter to verify that the letter is genuine.

 

My email address has been leaked

You are also more likely to be scammed if your email address has been leaked. Be extra vigilant if other personal information besides your email address has been leaked. This can make phishing emails seem much more realistic. When in doubt, delete mail and contact the sender!

 

My phone number has been leaked

For this, the same applies as for your address and phone information. With just your phone number, criminals can't do much. But if they have more data, they can target you. To bring up the bank again as an example: By using the personal information they have captured, they try to create trust. When someone knows so many personal things about you, it's sometimes very hard to realize that it's really not your bank calling you.

telefoon-phishing
Never, truly never, give sensitive data to someone calling you. And also never transfer money or give out login or PIN codes. Phone numbers and even voices can be fake. When in doubt, ask if you can call back.

These days it is even possible that the phone number you see in your display is from your own bank, so never rely on that! The solution is simple: when in doubt, hang up immediately. Never give out personal information over the phone. Your bank has those details anyway. They are calling you, let them prove for themselves that they are who they claim!

Never provide data to 'prove your identity'. A bank will never ask you for your login information or credentials.

My car's license plate number has been leaked

Your license plate number may not seem very sensitive. But still, it can be misused. If your address details are also out in the open, you can receive fake fines, for example. A license plate can also be used to identify the type of car. So then criminals know exactly which nice car you have in front of your door. If they then also know your address, it is an easy job for car thieves to steal targeted cars. And nowadays they steal not only whole cars, but also the expensive individual parts.

 
Data leaks

secure communication

 

Popular Post

Oops, I sent an important email to the wrong recipient. What now?
Is Microsoft 365 GDPR-compliant? Spoiler alert: no
Recall sent emails to protect data: block emails, files and recipients
5 data leakage examples and how easy they can happen
Why Pentesting is a must for banks and financial services

Similar posts