The first thing you need to do is confirm if your data was part of the breach. Sometimes companies will notify you directly via email, but these notifications can be delayed.

To confirm the breach:

1. Check Official Sources: Visit the company’s website or check news reports to see if they’ve acknowledged the breach. Most companies will issue statements when a breach occurs.
2. Use Breach-Checking Tools: Websites like Have I Been Pwned allow you to search for your email address or phone number to see if it’s been exposed. You can also sign up for alerts in case your data is compromised in the future."

Get a free data breach scan with our AI Privacy Assistant 🔐🤖

Once you’ve confirmed that your data was part of a breach, the next step is understanding what kind of information was exposed. The risks vary depending on the type of data, so it's important to take note of what was compromised:

• Email Addresses and Passwords: Attackers can use these to try logging in to other platforms where you may have reused passwords.
• Financial Information: If your credit card or banking details were exposed, fraudsters could make unauthorized purchases or withdrawals.
• Personally Identifiable Information (PII): Social Security numbers, addresses, or birthdates are often targeted for identity theft.
• Medical Records: If your health data was leaked, it could be exploited for insurance fraud or other criminal activities.

Action Step:

Determine what type of data was compromised to assess the risk level. This will guide the actions you need to take to protect yourself, such as changing passwords, monitoring financial accounts, or freezing your credit.

Need personalized advice? Ask Our AI Privacy Assistant for Help 🔐🤖

If your email, username, or password was compromised in a breach, the most urgent thing you can do is change your passwords. Follow these best practices to strengthen your security:

• Use Strong, Unique Passwords: Create passwords that are long and complex, mixing upper and lowercase letters, numbers, and symbols. Avoid easy-to-guess info like birthdays, names, or common phrases.
• Don’t Reuse Passwords: Each account should have its own unique password. This ensures that if one account is compromised, the others remain safe.
• Use a Password Manager: Tools like 1Password or LastPass can help you create strong passwords and store them securely. They also make it easier to update passwords across multiple sites after a breach.

Action Step:

Immediately update the passwords for any accounts affected by the breach. Also, update passwords for any other accounts where you might have used the same one.

If you need help with creating strong passwords or setting up a password manager, don't hesitate to ask our AI Privacy Assistant for guidance! 🔒🤖

Two-factor authentication (2FA) adds an extra layer of security to your accounts by requiring a second piece of information (usually a temporary code sent to your phone or email) in addition to your password. This helps prevent unauthorised access, even if your password was compromised.

Most major platforms—such as Google, Apple, Facebook, and banking apps—offer 2FA. Always enable this feature for your most important accounts, including email, banking, and social media.

Types of Two-Factor Authentication:

• SMS-Based 2FA: A verification code is sent to your phone via SMS. While this method adds a layer of protection, it’s still vulnerable to SIM-swapping attacks—a method where criminals can hijack your phone number by tricking the carrier.
• App-Based 2FA: Authentication apps like Google Authenticator or Authy generate time-based one-time codes. This method is more secure than SMS-based 2FA.
• Hardware Tokens: Devices like YubiKey offer the highest level of security by requiring a physical device to authenticate logins.

If you’re not using 2FA yet, start today—it’s one of the best defences against unauthorised access!

Action Step:

Enable 2FA on your most sensitive accounts and, where possible, use an app-based or hardware method over SMS.

If financial information was part of the breach, monitor your bank accounts, credit card statements, and any online payment services for unusual or unauthorized transactions. Many institutions allow you to set up notifications for any transactions over a certain amount, which can help you detect fraud more quickly.

Steps to Take:

• Set Up Alerts: Many banks offer transaction alerts via email or SMS. Enable these to receive real-time updates on your account activity.
• Review Statements: Regularly check your statements for any unfamiliar or suspicious charges.
• Dispute Unauthorized Transactions: If you spot any fraudulent activity, contact your bank or credit card company immediately to dispute the charges.

Action Step:

Keep a close eye on your financial accounts and report any suspicious activity immediately. Consider setting up transaction alerts to help catch unauthorized transactions early.

If your Social Security number or other personally identifiable information (PII) was exposed, consider freezing your credit to prevent cybercriminals from opening new accounts or taking out loans in your name. A credit freeze restricts access to your credit report, making it harder for thieves to use your information for fraudulent purposes.

In addition to a credit freeze, you can set up fraud alerts with the credit bureaus. A fraud alert notifies creditors to take extra steps to verify your identity before opening any new accounts. This additional layer of security can be useful if you’re concerned about identity theft but aren’t ready to fully freeze your credit.

When Should You Use These Free Protection Tools?

Both fraud alerts and credit freezes offer important protection against identity theft, but they serve slightly different purposes depending on your situation.

When to Use a Fraud Alert:

• You suspect fraud or identity theft, or your personal information has been exposed in a breach. A fraud alert will notify lenders to take extra steps to verify your identity before opening new credit accounts.
• You’ve lost important personal documents, like your wallet or identification, which may expose you to identity theft risks.
• You’re worried about potential breaches and want an added layer of security. Fraud alerts last for one year and are free to renew, offering ongoing protection with minimal disruption to your daily life.
• You need ongoing access to credit. Unlike credit freezes, fraud alerts do not block you from applying for new credit. This makes them ideal if you still need flexibility with your credit while staying protected from fraud.

When to Use a Credit Freeze:

• You’ve been a victim of identity theft. A freeze locks down your credit, preventing lenders from accessing your credit report and stopping thieves from opening new accounts in your name.
• You want maximum protection. Freezing your credit at all three major bureaus (Experian, Equifax, TransUnion) is the most effective way to stop unauthorized access to your credit report.
• You don’t plan to apply for new credit in the near future. Since a credit freeze prevents any new credit accounts from being opened, it’s best used when you don’t need immediate access to new lines of credit.
• You’re looking for long-term security. A credit freeze lasts until you decide to unfreeze it, providing ongoing protection with no time limit.

Both tools are free and offer powerful ways to protect your credit and personal information. While fraud alerts provide flexibility and ease of use, credit freezes offer stronger, long-term protection for those who need it. Understanding your personal risk and needs will help you decide which tool to use.

How to Freeze Your Credit and Set Up Fraud Alerts:

• You can freeze your credit for free by contacting the three major credit bureaus: Equifax, Experian, and TransUnion. You’ll need to freeze your credit with each bureau individually. If you need to apply for credit (e.g., a mortgage or car loan), you’ll have to temporarily lift the freeze.
• To set up fraud alerts, simply contact one of the three bureaus, and they will notify the other two. Fraud alerts last for one year, but you can also request an extended fraud alert if you are a victim of identity theft, which lasts for seven years.

A credit freeze is one of the most effective ways to protect your financial identity, while a fraud alert can be a great option if you need to allow access to your credit but still want an added layer of protection.

Action Step:

If sensitive PII was exposed, take the following steps:

• Freeze your credit with Equifax, Experian, and TransUnion to prevent identity theft.
• Set up a fraud alert for additional protection without fully freezing your credit.

In addition to freezing your credit, regularly monitor your credit report for signs of fraudulent activity. Regular monitoring helps you catch suspicious activity before it spirals into full-blown identity theft.

By law, you are entitled to one free credit report from each of the three major credit bureaus every year. Space out these requests throughout the year to keep an eye on your credit year-round.

Look out for accounts you don’t recognize, unexplained credit inquiries, and changes to your credit limits or balances

You can request these reports from AnnualCreditReport.com.

Some services, such as Experian, offer paid credit monitoring services that alert you to any changes in your credit report.

Also check out NerdWallet, as another great free option for monitoring your credit.

Action Step:

1. Request your Free Credit Reports: Take advantage of your free credit report entitlement by requesting reports from all three major bureaus (Equifax, Experian, TransUnion) through AnnualCreditReport.com.
2. Review for Suspicious Activity: Look for any unfamiliar accounts, inquiries, or unusual changes in your credit report. Pay special attention to new accounts or hard inquiries you didn’t authorize.
3. Dispute Fraudulent Information: If you notice anything suspicious, immediately file a dispute with the credit bureau and the creditor to correct any inaccuracies or prevent identity theft.
4. Set Up Alerts: Many credit monitoring services offer alerts when significant changes occur in your credit file. Consider using these services to keep a close eye on your credit throughout the year.

After a breach, be on high alert for phishing scams. Cybercriminals often use the chaos following a breach to send phishing emails that appear to come from legitimate companies, tricking you into providing more personal information or downloading malware.

Tips for Avoiding Phishing Scams:

• Verify the Sender: Be cautious of emails claiming to be from the breached company, especially those asking for personal information or urging immediate action.
• Don’t Click Links: Avoid clicking on links or downloading attachments from unsolicited emails. Instead, visit the company's official website directly by typing the URL into your browser.
• Check for Signs of Fraud: Look for spelling mistakes, suspicious email addresses, and urgent language—all common signs of phishing attempts.

Action Step:

Stay vigilant and double-check before clicking! Always verify the authenticity of emails by inspecting the sender's address, looking for unusual language or requests, and avoiding unsolicited links or attachments. When in doubt, manually type the company's official website into your browser rather than relying on embedded links

If you’re concerned that your data might be circulating on the dark web, consider using dark web monitoring services to scan for your information.

Many services, including credit monitoring agencies and security companies, offer dark web scans to check if your Social Security number, email address, or other sensitive data has been exposed.

💡If possible only share email address and phone number with these services. Why? Google <name of dark web scanning company> + "data breach". 😞Action Step:

Why Our Dark Web Monitoring Is Different

Most dark web monitoring services ask for a wealth of personal and financial information—think Social Security numbers, credit card details, or even home addresses. But sharing that kind of data can make you more vulnerable. Here’s how we approach things differently:

• Minimal Exposure: With our service, we only ask for your email or phone number—the bare minimum needed to keep you safe. By limiting what you share, you avoid risking exposure of sensitive details like your Social Security number or credit card information. Ironically, some of the biggest dark web monitoring services have faced their own data breaches. Why give them more information than necessary?
• Email and Phone as Key Identifiers: These are the most common data points used in breaches and are perfect for monitoring without compromising privacy. Since most of the data floating around the dark web revolves around emails and phone numbers, they provide the most effective coverage while maintaining your privacy.
• Proven Protection: By focusing on email and phone number monitoring, we detect the majority of potential threats, offering robust protection without asking for sensitive financial or personal data. You get peace of mind and comprehensive protection with less exposure.

In the event of a breach, affected companies typically offer remediation steps, which can include free credit monitoring services, identity theft protection, or advice on securing your accounts. Follow their instructions carefully and take advantage of any offered services.

💡While you should take advantage of all offered services, aim to only share your basic information (email and phone number) with them. Why? Google <name of identity theft protection company> + "data breach". 😞

In some cases, breached companies may provide compensation or settlement claims. Keep an eye out for class-action lawsuits or settlements related to the breach, as you may be eligible for financial compensation or identity theft protection services.

Action Step:

Follow the instructions from the breached company carefully and take full advantage of any services they offer, such as identity theft protection or credit monitoring.

Be sure to keep records of any communications and actions taken. In some cases, you might be eligible for compensation through class-action lawsuits or settlements

Dealing with identity theft can feel stressful, but taking the right steps immediately can make a huge difference in minimizing damage. Here’s how to act:

• Contact the Affected Institution: Notify any organizations (banks, credit card companies, etc.) where fraudulent activity has taken place. They may help you stop or reverse transactions and safeguard your accounts.
• File an Identity Theft Report: Report the theft to the Federal Trade Commission (FTC) at IdentityTheft.gov. They’ll help you create a recovery plan, including how to prevent further misuse of your identity.
• File a Police Report: In some cases, you might need to file a police report, especially if significant monetary loss is involved. Having this documentation can be essential for legal processes or disputing fraudulent transactions.

Action Step:

If you suspect identity theft, don't delay—file a report with the FTC immediately and follow the provided recovery plan to restore your identity.

Take the necessary steps to notify institutions and, if needed, involve law enforcement to protect your financial well-being.

While it’s impossible to prevent every data breach, there are steps you can take to protect yourself going forward:

• Keep Software Up to Date: Regularly update your devices and apps to protect against known vulnerabilities.
• Use a VPN: When browsing on public Wi-Fi, use a virtual private network (VPN) to protect your data from being intercepted by hackers.
• Educate Yourself on Cybersecurity: Stay informed about best practices for online security and privacy. Awareness is one of the best defenses against future breaches.

Action Step:

To safeguard your personal data going forward, adopt these key practices:

• Regularly update your software and apps to stay protected against known vulnerabilities.
• Use a VPN for secure internet browsing, especially on public Wi-Fi networks.
• Stay informed by educating yourself on cybersecurity best practices to be better prepared for emerging threats.