top of page
  • Writer's pictureESET Expert

What to do if you receive a data breach notice

Receiving a breach notification doesn’t mean you’re doomed – here’s what you should consider doing in the hours and days after learning that your personal data has been exposed.

Data breaches occur when an unauthorized third party accesses an organization’s private information. Often, they involve the theft of customers’ and/or employees’ personal data. There are strict rules in Europe known as the GDPR, which was designed to force organizations to improve the security and handling of this data. As well as opening the door to multimillion-dollar fines, the law also mandates notification of any breach within 72 hours of discovery.

The result has been to improve the transparency of data breach incidents among customers and the public. Records reveal that they’re continuing to grow in number, despite the best efforts of EU regulators. In the US, the number of breaches in just the first three quarters of 2021 exceeded that for the whole of 2020, pointing to a record-breaking year. In the UK, nearly two-thirds of medium and large businesses admitted suffering a breach over the past year. Across the EU, there were over 280,000 personal breach incidents between May 2018 and January 2021.

However, receiving a breach notification letter or email doesn’t mean you’re doomed. What you do in the succeeding hours and days can have a major impact on whether the initial incident leads to identity fraud or not.

Here are a few key things you should do following a breach notification:

Stay calm and read the notification carefully

A knee-jerk reaction might end up making things unnecessarily worse. So don’t immediately close down your online accounts and/or cancel all your cards. Instead, take a deep breath, and pay attention to what happened. Read through the details of the incident until they make sense, and you understand what was stolen and the implications of this theft. It’s also worth keeping the letter/email in case you need to prove in the future that the breach was no fault of your own.

Make sure the notification is actually legitimate

Sometimes fraudulent phishing emails and texts are designed in order to trick you into clicking through on a malicious link or divulging more personal information. One way to grab your attention is by claiming your data has been involved in a breach. These messages are getting harder to differentiate from the real thing. That’s why you should contact the organization directly, using its official website or social media accounts. Their team will be able to explain if you have been impacted and what should happen next. If it’s a scam, report it and/or delete the message.

Be on guard for follow-on fraud

The cybercrime underground is a well-oiled machine. The hackers responsible for breaching your data in the first place are likely to then sell it on specialized criminal sites, hidden on the dark web. Fraudsters buy this up and then try to target you with phishing messages designed to elicit further info, like logins and card details, which they can monetize. That’s why you must be on the lookout for any official-looking correspondence following a data breach. It may be disguised to appear as if sent from the breached company itself, or another source. Tell-tale signs of phishing emails are grammatical and spelling mistakes, sender email addresses different from the company, and the creation of a sense of urgency, in order to trick you into acting without thinking first.

Change your password(s)

Even if your logins haven’t been compromised in the breach, it may be a good idea to change them anyway, for peace of mind. And also change the passwords on any other accounts you use the same logins for. This is because hackers have access to automated software which can try large numbers of stolen logins on multiple sites across the web until they get lucky. In the longer term, consider switching on multi-factor authentication on your online accounts, and/or using a password manager, to store and recall strong and unique passwords for each site.

Check your banking and other online accounts

If the notification warns that logins have been stolen, and you use those same logins for other accounts, then change them immediately. It’s also worth checking banking accounts for any suspicious activity. Sometimes, if fraudsters get access to enough personal information, they can trick staff working in banks, mobile operators and other organizations into resetting details or providing new passwords.

Cancel or freeze your cards

It goes without saying that if you’ve been notified of a serious breach of financial information, you should inform your bank immediately, cancel or freeze your cards and change any passwords. If details such as Social Security or identity numbers have been stolen in a breach, fraudsters may use it to try to take out lines of credit in your name, before running up a huge debt and then disappearing. That could impact your credit rating for months and take many hours to resolve. A good way to head off this risk is to ask credit rating firms to put a security freeze on their credit files. That means no lender can view your reports—and therefore can’t open any new accounts in your name.

Proactively search for your breached details

If the information provided by the breached organization is too vague, you might want to do some digging yourself to see if your information has been exposed. Sites such as Have I Been Pwned offer this kind of service free of charge. Be also sure to give this article a read to learn how to check if your password has been stolen in a known breach.

Seek redress

If the breach has caused you to suffer emotional or financial distress, you’ll want to seek some form of compensation. Contact the organization responsible and outline the situation. It may be worth also contacting the national privacy regulator to see what rights you have, and/or a legal expert.

Breaches are becoming so common today that there’s a danger we become desensitized to them. That will only play even more into the hands of fraudsters and cybercriminals. By staying alert and understanding your risk exposure, there’s a good chance that you’ll be able to manage the impact of an incident without creating too much disruption to your digital world.



bottom of page