Let’s kick things off with a quick question: what do eBay, Facebook, Adobe, LinkedIn, Microsoft, Alibaba, Twitter, Experian, Quora, Capital One, Dropbox, Uber, Zoom and Twitch all have in common? The answer is that they’ve all been involved in a data breach that exposed the personal details of their users. And there’s a very good chance that you have an account with at least one of them.
But don’t panic. Data breaches happen often — with Statista claiming more than six million data records were exposed in the first quarter of 2023 — and no company or service is ever totally immune to them. Of course, there are steps you should take to protect yourself from identity theft and data breaches. But, unless you never provide your details to a third-party, which simply isn’t practical for most of us, there is always a risk.
In fact, according to an F‑Secure report, 60% of people suffer a data breach every year. But the biggest concern is that of those 60%, half continue to use exposed passwords on other accounts — even after being notified of the breach.
Acting quickly following a data breach is what’s important, as it can prevent an inconvenient security breach turning into something far more serious, such as identity fraud. And following a few simple steps is all it takes to stop an inconvenience turning into a serious crime.
1. Change your password
There are various ways to be alerted of a data breach. You might see a story in the news. You could get notification of a compromised password via your phone. Alternatively, you can use a manual tool such as the F‑Secure identity theft checker to scan for breaches. Or, if you want the very best protection, sign up for automated 24/7 identity monitoring, such as that available in F‑Secure Total.
Regardless of how you find out about a breach of your data, you need to act. Change the password for the affected account, but also consider other accounts that may use the same or similar credentials. And change those, too.
Publicity from breach events will often lead to websites being overloaded with worried people trying to check their data, and/or the breached company’s security team may have restricted your account access while they assess the damage,
explained Fennel Aurora, Principal Product Manager at F‑Secure. When the breached service’s site is less overloaded, login and change your password to a new long unique password.
Also, ensure that your new password is not just strong, but also unique for every affected account, using a tool like F‑Secure’s strong password generator to create them.
2. Check your cards
Not all data breaches are equal: the least damaging may only include usernames; others will include both usernames and passwords; and some will feature payment and credit card details.
But, even if a data breach didn’t include your payment details, if you have bank or credit card credentials associated with a breached account, you must act quickly to ensure that scammers can’t use them.
Check your account on the breached service, and delete any stored bank cards,
suggested Aurora. In general, it is good practice to avoid storing card details with any online services. Even the most careful companies can be breached. You do not want your cards to be part of any eventual breach. And a password manager will help you easily fill out your card details on any service when needed for a specific purchase.
3. Cancel cards for exposed payment details
If you discover that your bank or card details have been included in a data breach, contact your bank immediately and follow their instructions, which may include cancelling your cards or setting up a fraud alert on the account.
If you are one of the lucky people to be notified as having your bank card detail leaked, you are going to have to call your bank and cancel your card,
explained Aurora. You will have to wait for a new card to arrive, which is likely going to be disruptive and annoying, especially if you don’t have an alternative card. This is exactly why it is good practice to never save your cards with online services.
And even if you get a notification that your card details have appeared in a breach, and you follow the above steps, you should still monitor transactions over the next few months for suspicious activity. And if you do spot any suspicious activity, contact your bank immediately, and file a police report.
4. Use a password manager
It’s easy for experts to preach about the importance of strong and unique passwords — and they really are important — but trying to remember just one secure password is hard enough, let alone 20 or more. This is why password managers are so useful.
Not only is using a password manager the single best thing most people can do to improve their cyber security, it is also likely to be much easier than whatever you are doing for your passwords and bank cards today,
said Aurora.
The benefit of a password manager is that you only need to remember one master
password, and your password manager does all the hard work for you. F‑Secure’s highly-rated ID Protection enables you to generate and manage strong passwords for all your online accounts, with data encrypted using TLS/SSL.