What You Should Do After Your Data Gets Leaked

Data leaks are becoming very common in the US as government agencies and organizations store users' information online. According to a report by the Identity Theft Resource Center (ITRC), the number of data breach incidents increased by 68% from 2020 to 2021.

Individuals with exposed confidential information due to a company's data breach often lose money to identity fraud. An example of a data leak is the 2017 Equifax data breach, which affected more than 147 million residents with settlement claims worth $525 million. Knowing what to do after a data breach incident will protect you from financial losses. 

How Do Data Leaks Occur?

In most cases, data leaks happen when fraudsters and hackers carry out organized cyberattacks to access a company or government agency system. However, some data leaks occur due to an organization's improper disposal of sensitive data. Personal information exposed after data leak incidents may include medical records, driver's licenses, email addresses and passwords, social security numbers (SSN), and financial details. 

Generally, companies affected by data breaches often email users about these incidents. While the company or agency works to resolve the issue, individuals can take further steps to protect their identity from getting into the wrong hands. Here are seven steps you should take once you receive an email informing you of a data leak incident. 

1. Confirm What Data Got Leaked

Receiving an email about a data leak is not enough proof that a breach occurred. Sometimes, hackers send emails about a data leak to access your confidential details. Scammers may also use fake breach emails to exploit emotional reactions to fraud, which forces many people to make the wrong moves. Once you get a data breach email, do not panic. Do not follow any link or call numbers provided in the message.

According to the Federal Trade Commission (FTC), each state in the US has laws mandating organizations to disclose data breaches. So, the best way to confirm a data leak incident is to check the company's main website. You can also reach out to the customer support team of the organization or agency involved. The company will also give you details of what personal information is exposed and how to handle the issue. 

2. Update Your Password With 2FA/MFA

Once you are sure that your data was compromised, you must update your password immediately. If you're lucky, you'll make the necessary changes to your username and password before anybody else does.

Change all of your passwords first. Selecting a password with a minimum of 12 characters and a mix of capital and lowercase letters, digits, and symbols is important. Do not include personal details like your birthdate or pet's name.

You can strengthen your account security using multi-factor authentication (MFA) or two-factor authentication (2FA). This additional security precaution needs a one-time-use pin in addition to your password and username to access an account. Without this one-time pin, often sent to your unique phone number, hackers will be unable to access your account even if they have the username and password.

3. Use Reverse Phone/Email Lookup Tools

In some cases, scammers may also have access to phone numbers and use them to get your 2FA/MFA pins. They do this using a technique known as Caller ID Spoofing to mask their true identities. This allows them to convince individuals to reveal their passwords, usernames, or two-factor authentication details. 

You can download a reverse phone lookup app to help you detect the true identity of callers. There are also reverse email lookup services that provide information on the identity of email senders. Once you discover the identity of scam callers requesting confidential information, use call blocking tools to stop them from making further calls. 

4. Protect Yourself From Financial Fraud

Data leaks often result in identity theft or credit card fraud, which is increasing in the US. According to the FTC's Consumer Sentinel Network 2021 Data Book, more than 1.4 million citizens reported identity theft cases. Therefore, you should install a few fraud protection measures following a data breach to protect your accounts.

In general, be mindful of your bank's emails and phone calls. If you have any problem with your creditors or banks, call the main hotline on the back of your credit card or bank statement. Also, ensure that you are visiting the appropriate website when you Google your bank (for example, by typing in your bank's name). Fraudsters have been known to create fake pages that closely resemble legitimate ones.

5. Establish a Fraud Alert 

Once you confirm a data leak and there is a real risk of financial loss, it is best to set up a fraud alert. With this in place, lenders must confirm your identity before approving any credit. Setting up a fraud alert makes it difficult for criminals to register new accounts or secure financing in your name.

You can establish a fraud alert by contacting one of the three main credit bureaus, Experian, Equifax, or TransUnion. Generally, you can only set up a fraud alert using one credit bureau, while the receiving agency will notify the remaining two. Note that fraud alerts are only active for one year. You may qualify for an extended fraud alert if you report an identity theft case to local authorities.

6. Consider a Credit Freeze

Placing a credit freeze on your credit report is another way to secure your funds after confidential data leaks to the public. Once you freeze your credit, it will be impossible for individuals or companies to investigate your credit history. 

Although this cannot affect your credit score, you will not be able to get mortgages, car loans, or credit facilities until you disable the freeze. Unlike a fraud alert, you can only set up a credit freeze by contacting all the credit bureaus independently. For many, the best course of action is to have your credit indefinitely frozen and only unblock it when you need to make a credit application.

7. Monitor Your Financial Activities

Generally, an agency or organization affected by a data breach incident does its best to secure customers' data. However, you should always monitor your financial activities even after the company declares that it is no longer vulnerable to data leaks. To avoid financial fraud, here are some activities to look out for: 

• Unusual transactions on your bank statements and internet accounts. This includes unauthorized charges to your debit or credit card or strange transfers from your checking account.
• Unfamiliar credit requests, new accounts opened in your name, and increased debt. The Fair Credit Reporting Act (FCRA) allows you to get a free credit report from each bureau every 12 months. Ensure you use only AnnualCreditReport.com, authorized by FCRA, to get your free report.
• Emails, texts, calls, or notes that seem odd. Be on the lookout for odd activities, such as unsuccessful login attempts or debt collection calls. Unfortunately, it's sometimes already too late when we discover these warning indicators.

Report Frauds Related to Leaked Data

Once identity fraudsters obtain your details, they can steal money from your bank account, make unauthorized purchases on your credit cards, start new utility bills, or even use your healthcare coverage to pay for medical care. In addition, anyone with your information can submit a tax refund application and receive your return. A thief can even provide your identity to the authorities following an arrest.

Common signs that fraudsters are stealing from you using the information gotten from a data leak include:

• Unexpected bank withdrawals.
• You receive calls from debt collectors regarding unpaid obligations.
• You discover strange charges or accounts on your credit report.
• You are billed for medical treatments you didn't receive.
• Your valid medical claim is denied by your health insurance since your records indicate that your benefits cap has been reached.
• You receive a notification from the IRS for filing more than one tax return.

When you notice these signs, the first step is to contact your local police department. Afterward, report identity thefts to the FTC by calling 1-877-ID-THEFT (877-438-4338) or filing a report online. It is possible to recover some losses when you report the case to the FTC's IdentityTheft.gov.