What to Do About Data Leaks
You can take all the right steps to protect your data, only to have it leaked when a giant company’s servers get hacked. So what can you do?
It’s June and you know what that means!
Sure, summer cookouts, that’s true. But what else?
Yes, Father’s Day, of course. But we’re talking about something that lasts the entire month of June.
No, you already guessed summer cookouts! We’ll just tell you.
It’s Internet Safety Month! That’s why we’re bringing you articles about online safety all month long.
You may already know the basics of online safety. You’re careful not to respond to any suspicious emails. You never give anyone any personal information unless you’re absolutely certain who they are. You even help your elderly relatives avoid online scams.
But you can’t stop everything. For example, what if a company you’ve given personal info to has a data leak? What can you do?
Here’s what you can do.
Find out if your data has been leaked.
If a company isn’t quite as big, you may have to do some of your own research to figure out if they’ve had a data breach.
“Both morally and legally (in most places, although the United States suffers from an inconsistent patchwork of state laws in this regard) a company should alert the regulators and its users as soon as it becomes aware of a data breach,” explained privacy expert Doug Crawford of ProPrivacy.com (@weareproprivacy).
“Sadly, of course, it does not always happen. At the very least you can expect a company to contact its users once a data breach becomes public knowledge.
“If it hasn’t and you might be affected, then you should contact the company to find out more information. No reputable source will publish lost or stolen data, and for all sorts of practical and moral reasons, it is not a good idea to go hunting for it yourself on the dark web! So just change all potentially vulnerable passwords, sit tight, and hope for the best.”
Thankfully, there is at least one method to find out if your info is out there without having to trawl the dark web.
“A good place to start protecting yourself from data breaches is by finding out in which data breaches your personal information has been compromised,” advised Steve Weisman, lawyer, author, and identity theft expert who writes at Scamicide (@Scamicide). “You can do this by going to the website, HaveIBeenPwned.com.”
But even if you haven’t been officially “pwned” it’s not a guarantee that your data is safe.
“It is hard to find out if your info was affected,” warned Mihai Corbuleac, a security consultant at ComputerSupport (@csITSupport). “There are websites that collect information about hacked email addresses, but their databases are limited to what has been made public in known data breaches.”
Ultimately, if you think there’s a chance you’ve had your data leaked, you might as well act like it was.
What to do when your data has been leaked
Oh no! You’re data may have been exposed! Is it time to fake your own death and start a brand new identity on an island somewhere?
No. But it wouldn’t hurt to make some changes.
“The first thing you should do if an account of yours may have been leaked or hacked is to change your password—especially any passwords that you may use across different accounts,” urged Crawford.
“You should then contact the company to find out if you are likely to have been affected by the incident, and if so, how serious it is. What data exactly is believed to be compromised? It may also be a good idea to contact your lawyer.”
You’ll also want to be even more vigilant than you would be otherwise.
“With your email address commonly known by many scammers, you can expect to receive more and more phishing emails and more dangerous, specifically targeted spear-phishing emails that attempt to lure you into clicking on links containing malware or try to convince you to provide personal information that can be used to make you a victim of identity theft,” warned Weisman.
“Never click on links or provide personal information in response to an email or text message unless you are absolutely sure that the email or text message is legitimate.”
You’re a careful person. You don’t want to just react to leaks. You want to try to prepare for them or, if possible, avoid them entirely.
Unfortunately, there’s only so much you can do.
“There is not much you can do to prevent data breaches, especially as a service user,” acknowledged Corbuleac. “However, you should consider updating your passwords from time to time especially for those accounts that you use to send/receive payments, to invest (online trading services), etc.
“To simplify the process you could use a password manager to create and save unique passwords for each service you consider indispensable. Secondly, enable two-factor authentication, which is extremely useful in case your login information was compromised.”
Weisman offered some additional tips for making sure your passwords are up to snuff:
“One of the biggest lessons from the myriad of data breaches is to make sure that you use unique passwords for every online account that you have in order to avoid having a sensitive account, such as your online banking account, compromised because you use the same password as you do for another relatively meaningless account that had poor security which led to a data breach in which your password was stolen.
“Creating and remembering strong, unique passwords for each of your accounts is not as difficult as it may appear. You can start with a strong base password constructed from a phrase, such as ‘IDon’tLikePasswords.’ Add a few symbols like ‘!!!’ and then adapt it for each account you have so that you will have a secure and easy to remember password for each of your online accounts. Thus, your Amazon password could be ‘IDon’tLikePasswords!!!AMA.’
“We are only as safe as the weakest places that hold our information so, as much as possible, limit the personal information you provide. Your doctor does not need your Social Security number although many ask for it.”
There’s nothing fun about dealing with a data breach. We hope this advice makes it a little less painful to handle. To read more about protecting your information from scammers, check out these other posts and articles from OppLoans:
- How to Identify and Avoid Fake Tech Support Scams
- Expert Roundup: 13 Signs You’re Being Scammed
- Here’s How to Keep Yourself Safe From Mail Scams
- How to Avoid Getting Insta-Scammed on Instagram
|Mihai Corbuleac is an Information Security Consultant at ComputerSupport (@csITSupport), an IT services company providing IT support and information security services since 2006.|
|Douglas Crawford worked for almost six years as a digital privacy expert at ProPrivacy.com (@weareproprivacy). Douglas has been widely quoted on issues relating to cybersecurity and digital privacy in the both the UK national press (including The Independent and the Mail Online) and international technology publications such as Ars Technica.|
|Steve Weisman is a lawyer, college professor at Bentley University and author. He is one of the country’s leading experts in identity theft. His most recent book is “Identity Theft Alert.” He also writes the blog Scamicide.com (@Scamicide) where he provides daily updated information about the latest scams and identity theft schemes.|