In this article:
In this article:
Hackers have stolen billions of pieces of personal information through data breaches. Here’s how to protect your identity and finances after a breach.
In this article:
In this article:
Data breaches are one of the biggest threats to your identity and finances. Unfortunately, in 2024, it’s almost guaranteed that at least some of your personal data has been leaked in a data breach.
In the past year alone, more than 166 million people had their personal information leaked in a data breach [*] from companies like Twitter, Uber, Experian, WhatsApp, student loan servicer Nelnet, and more.
But what’s worse is that the latest data from 2022 shows that [*]:
Only 50% of people change their passwords after finding out they were leaked in a data breach.
It can feel overwhelming to try and keep up with the latest data breaches and maintain the security of your personal information and online accounts. But with a few steps, you can ensure that you’re doing everything you can to avoid identity theft, fraud, and online account takeover.
Here’s what to do as soon as you find out you’ve been the victim of a data breach.
You need to act quickly as soon as you discover that your personal data was leaked in a data breach. Here are 12 steps you can take to secure your accounts and minimize the damage:
Data breaches are often in the news. But the first place you’re most likely to hear that you’ve been affected is in an email from the impacted company.
State law mandates that companies need to disclose data breaches. Unfortunately, some hackers use these emails as an opportunity to steal your information even if there hasn’t been a leak.
Fake breach emails — known as “phishing emails” — use our fear and emotional response to hacks to get us to act irrationally. A hacker will send an email claiming to be an impacted company and ask you to either:
If you get a breach email, don’t click any links or respond to the message as someone could be trying to scam you online.
Before you take action, confirm the breach by visiting the organization's website or searching the web.
If the breach is real, you’ll find news alerts online and a data breach notification on the website or your account page.
Next, find out what information was stolen. This helps you to understand what types of identity theft you're at risk of and how you can mitigate the damage that hackers can do.
For example, a cybercriminal can do much more damage with your Social Security number than an unused account username.
Companies will often notify you of what information was breached in an email, account notification, or FAQ. But what can criminals do with each piece of your data?
Here are the most common data targets hackers go after and what they can do with them:
Once you know what personally identifiable information (PII) is vulnerable, it’s time to protect yourself.
📚 Related: How Do Data Breaches Happen? What Can You Do About Them? →
Once you know your data has been compromised, you need to secure your accounts and limit the damage hackers can do. If you’re lucky, you’ll update your information before anyone is able to access your accounts.
Here’s how to update your passwords to make them more secure:
To keep track of your new, more secure passwords, consider a password manager. This is a secure tool that records your strong passwords automatically so you don’t have to worry about forgetting them.
Aura’s included password manager can also warn you if an account has been compromised or if you’re using a weak password that could easily be cracked.
Next, set up two-factor or multi-factor authentication (2FA/MFA) on any account that allows it.
This is an extra security measure that requires a one-time-use code in addition to your username and password to log into an account. Many people use text messages (SMS) to receive their 2FA code, but this can be compromised by hackers.
Instead, try using an authenticator app like Google Authenticator or Okta.
Identity thieves are almost always financially motivated — and the information they steal from a data breach can often give them access to your credit or even your bank account.
A credit freeze blocks anyone from accessing your credit report. This means that scammers won’t be able to open new accounts or take out loans in your name (and ruin your credit score).
To freeze your credit, you’ll need to contact each of the three major credit bureaus individually — Experian, Equifax, and TransUnion. They’ll ask for proof of your identity and then give you a PIN to be used to freeze or unfreeze your credit.
Here’s how to contact each of the credit bureaus:
A fraud alert requires credit companies to identify you before verifying a credit approval. This can also make it harder for criminals to open new accounts or take out loans in your name. However a fraud alert is only a suggestion — not a requirement. Some lenders will ignore the alert or use verification methods that scammers can easily bypass.
If you’d like to use a fraud alert, you only need to contact one of the credit bureaus. By federal law, they’re required to notify the other two of your alert.
Pro tip: Aura lets you lock your Experian credit file with a single click so you can easily keep your credit safe from hackers.
If your personal information is used by criminals, one of the best things you can do is file an identity theft report with the FTC at IdentityTheft.gov.
An official FTC report acts as proof of the crime and can be used when disputing fraudulent transactions or clearing your name of other crimes the identity thieves may have committed.
Depending on the type of breach you’ve suffered, there may be additional steps you should take to protect yourself.
Healthcare breaches come from hospitals, health insurance or other providers. These leaks can lead to medical fraud or even blackmail.
Here are a few extra steps to take after a healthcare data breach:
If a government agency is responsible for the data breach, you might need to take additional steps. This includes breaches from federal, state, or other government agencies, including the military. (Government data breaches can lead to military or veteran fraud).
In most cases, the impacted agency should reach out with guidance of what to do. But be cautious of any communication claiming to be from the government, especially emails and texts.
Another relatively common type of identity theft is tax fraud. This is where a thief uses your data to claim a tax refund in your name. If you receive a letter from the IRS informing you that someone else has filed a tax return in your name, follow the instructions provided in the letter.
If the breach has come through a financial account — like a credit card company or bank — take extra precautions to protect your data.
These steps are important to take on your own, but some additional help may also be available.
📚 Related: What Is a Data Breach? (And How To Protect Your Data) →
Many companies offer free services as part of their breach responses. These can include credit report monitoring or other ways of protecting your sensitive data.
These offers aren’t a guarantee against identity theft or financial harm. And you should still protect yourself from the breach in the other ways we’ve listed.
Also, take any offer of support with a grain of salt. Companies ultimately need to minimize the damage — and cost — of a data breach. And sometimes accepting their help can limit your options for seeking other damages.
For example, Equifax offered free credit monitoring after a 2017 data breach leaked data on 143 million US citizens. But some attorneys cautioned that the terms of service included in this "help" could limit you from joining class-action lawsuits against the company in the future [*].
Either way, save any communication you receive from the company, like emails or letters. This documentation may be necessary later on as you work to protect your information.
📚 Related: How To Tell If An Email Is From a Scammer [With Examples] →
Once your sensitive information has been leaked in a data breach, it can lead to other forms of fraud and identity theft. Just because a company says the leak has been resolved, doesn’t mean your data is safe.
After a breach, be especially mindful of:
Unfortunately, when we finally see the warning signs of identity theft, it’s often too late.
That’s why Aura takes care of almost all of these issues for you. With Aura, you get near-real-time credit and identity monitoring, fraud alerts, protection from malware and phishing attacks, and even a $1 million insurance policy for eligible damages resulting from identity theft.
Once your sensitive information has been leaked, it can spread quickly from Dark Web forums to the public internet where it’s accessible to all.
Companies called data brokers (also known as “people finder sites”) collect and sell this data to telemarketers and even scammers. Removing your personal information from data brokers not only makes you safer, but can also reduce the amount of spam and scam calls and texts you receive.
The bad news is that there are hundreds of data brokers in the United States — and manually removing your information from each of them would take weeks or months (and potentially end up with even more of your information being available).
Instead, an automatic data broker removal service (like what’s included with Aura) can do the work for you. Aura scans data broker lists for your contact information and sends removal requests. If your information is re-added, we’ll send another request to ensure you’re safe and secure.
Try Aura free for 14 days and get access to our full suite of tools — including automatic data broker removal.
A data breach can be a good opportunity to clean up your cyber hygiene — the tools and habits you use to stay safe online.
Here are some areas of your digital life you should consider “cleaning up:”
📚 Related: What To Do If Your Personal Information Has Been Compromised →
Some of the most critical tasks for cybersecurity protection are difficult or nearly impossible for humans to do. We can’t spend all day scanning our credit statements, Dark Web archives, and up-to-date breach information.
That’s why millions of Americans use an identity and credit monitoring service like Aura. Even if you have no idea what to do if your identity is stolen, Aura has your back.
Aura protects the entire family, including children, who are particularly susceptible to identity theft.
It also secures your devices and Wi-Fi network from malware and phishing attacks so you can continue to browse, shop, and use social media while staying safe.
But what if you suspect a cybercriminal has already taken advantage of your data?
📚 Related: Aura vs. LifeLock: What's the best identity theft protection for 2022? →
2022 was another banner year for massive data breaches and cyber attacks, with more than 4,100 publicly disclosed data breaches leaking over 22 billion records [*].
If you use any of these services, your sensitive information could be at risk:
These are just some of the most recent data breaches.
Remember, you can see what data has been leaked by hackers using Aura’s Dark Web Scanner.
If you’ve discovered you’re a victim of identity theft or your data has been leaked after a security breach, what do you do?
Unfortunately, hackers can move quickly, and even the fastest response to a personal data breach can be too late. Here’s what to do if you believe a criminal has stolen your identity:
While you can’t take back exposed data, you can protect your data from future breaches. Here’s how:
The first and simplest recommendation is to reduce the amount of data you share online. This includes social media.
Decide carefully before creating new accounts. Consider deleting accounts you don’t use and removing extra account details. These can be forgotten about during a data breach. For example, if you have a credit card on file with a company or website you don’t use very often, remove it.
One of the best ways to protect yourself in the event of a breach is to make data hard to transfer. Don’t give hackers a skeleton key to your digital life by using the same email address, log-in, and password for every account.
Instead, use a unique password on each site and consider using different email accounts. For example, you could create one email address for newsletters and social media and another email for financial accounts.
Every Aura plan includes a feature called email masking, which hides your personal email and reduces your exposure in the case of a data breach. Instead, when you sign up for a new service, Aura creates an alias for your email account. All emails are still forwarded to your inbox, but you don’t have to worry about receiving additional spam or scam emails.
The final way you can protect your data from third-party breaches is to set up safeguards that thwart even a thief with your data. For example:
It feels like there’s very little we can do during a breach. We’ve entrusted our data to a third party, but that organization has betrayed that trust with poor data security and open vulnerabilities.
And for those who haven’t been victims of a breach, the question is not if a breach will reveal information, but rather when it will happen.
So stay vigilant. Protect your accounts with unique passwords. And most importantly, use every security measure at your disposal to keep your personal and financial information safe and secure.