You check your email, and there it is — a company notifying you of a data breach. Your heart rate picks up as you click to open the email. You scan the contents — the who, what, where, when of the recently-discovered security incident. Maybe it's a website you use all the time or from a long-ago one-off purchase. Either way, hackers violated your privacy. They've stolen or exposed information like your email address and password. So what should you do to minimize the potential fallout and avoid becoming the victim of cybercrime?
Confirm before you click
First, any potential security incident can send you into a panic. Take a deep breath, and look closely before clicking any links. Is the "from" email address really from the company? Or is it actually from a different domain? Do you see more information about the security incident if you do a quick web search or go to the company's website? Sometimes, hackers send out fake breach notifications. When you're scared, you're more likely to act without thinking. A phishing link will lead you to a fake form to trick you into entering your login information or other personal details. So slow down and make sure the alert is legit first.Heed the company's advice
The organization notifying you of their data breach will most likely share details about the stolen data. Commonly hacked data includes email address, username, password, name, date of birth, credit card numbers, address, or an account number. In the case of government hacks, attackers may steal social security numbers, tax refund logins, and driver's licenses. In medical data breaches, they often steal medical history, healthcare records, and insurance information. In short, the type of information stolen can vary, so pay attention to the company's advice about the leaked information and what the appropriate action is. For example, the breached company may offer credit monitoring if hackers use the leaked data for financial fraud.Change passwords immediately
You should update your account password when a company says they stopped the attack and contained the damage. Leaked passwords are usually sold on the dark web or added to databases that hackers use to crack passwords. Changing a breached password ensures hackers can't log in to your account. If you were using the same password for other web accounts, those need to be changed immediately, too. A password manager can help create and store strong passwords, then enter your credentials when you return to a website to log in.Monitor the Dark Web
A password manager like LastPass can also help you keep an eye out for suspicious activity with your personal information on the Dark Web. With Dark Web alerts, LastPass continuously monitors a database of breached credentials. LastPass immediately notifies you of any matches for your email address. Then, you can act quickly to change passwords and update account security to keep hackers out.Add extra security with two-factor authentication
Two-factor authentication is an increasingly common and easy way to add more robust security to your online accounts. Standard options include using an app to generate codes or send push notifications to a verified device. Two-factor authentication adds an extra step to prove that the right person is logging in to an account and shuts down unauthorized access in real-time.Use a password manager
When it comes to cyber security, proactiveness is better than reactiveness. Taking steps to reduce your risk online can make a big difference in whether hackers will target you for an attack. Of course, you can't prevent other companies from having data breaches, but you do have control over your own security habits. Good habits include:- Using strong, unique passwords for every account.
- Turning on two-factor authentication wherever possible.
- Enabling Dark Web alerts.