What to do if you’ve been notified that your personal information has been exposed in a data breach or is on the dark web

A data breach can be a frightening experience. If it’s the first time you’ve ever been notified that your personally identifiable information (PII) has been exposed, it’s important to take immediate action to protect yourself from potential identity theft or other harm. Here’s a step-by-step guide on what to do:

1. Assess the Damage

  • Review the breach notification: Companies are required by law to inform you about the breach and provide details on what data was exposed. Understand exactly what information was exposed. This could include your name, address, Social Security number, credit card details, login credentials or other sensitive data.
  • PII on the dark web: The dark web is a portion of the internet that is not indexed by search engines like Google. It’s often accessed through specialized browsers like Tor, which helps to mask users’ identities, and it used for both legitimate and illicit activities. You can subscribe to services that can continually monitor the dark web and notify you if your PII is found, but unfortunately there’s no way to remove such information.

2. Consider Freezing Your Credit

  • Contact a credit bureau: Reach out to Equifax, Experian, and TransUnion to place a security freeze on your credit report. This will help prevent new accounts from being opened in your name.

3. Monitor Your Accounts

  • Review your bank and credit card statements: Look for any unauthorized transactions or charges.
  • Check your credit report: Regularly monitor your credit report for signs of identity theft, such as new accounts or inquiries you didn’t authorize. See AnnualCreditReport.com for more information.

4. Secure Your Accounts:

  • Update passwords for affected accounts: If your passwords were compromised, change them immediately. Use secure, unique passwords for each account.
  • Enable two-factor authentication: Add an extra layer of security to your online accounts by using two-factor authentication (2FA), which requires a code sent to your phone or email in addition to your password.

5. Stay Informed

  • Consider credit monitoring or identity theft protection services: The company where your data was exposed may offer to pay for credit monitoring service for a year or two. Companies that offer such service often try to upsell additional paid services such as identity theft protection assistance and/or insurance.

6. Expect phishing attempts in the wake of data breaches

How phishing attempts work:

  • Leveraging Fear: Scammers may send emails or texts claiming to be from the affected company, offering assistance or updates about the breach. These messages often contain a sense of urgency, urging recipients to click on links or provide personal information.
  • Exploiting Stolen Data: If the breach involved the exposure of personal details, scammers may use this information to personalize their phishing attempts, making them seem more legitimate.
  • Offering False Security Measures: Phishing messages may offer “security solutions” or “identity theft protection services” that are actually scams designed to steal additional information.
  • Impersonation Scams: Scammers with information about you may contact you and claim that they are a representative with a governmental agency, financial institution, security department of a well-known company, or even friends or family. To “prove” their legitimacy they will likely tell you information about yourself – such as your social security number or birthdate – in hopes that they will gain your trust.

How to spot phishing attempts:

  • Verify the Sender: Be cautious of emails or texts from unfamiliar senders, even if they appear to be from a legitimate company. Check the sender’s email address carefully for any typos or inconsistencies.
  • Watch for Suspicious Links: Avoid clicking on links in unsolicited emails or texts. Instead, type the URL directly into your web browser to ensure it’s legitimate.
  • Be Wary of Urgent Messages: Scammers often create a sense of urgency to pressure victims into making quick decisions. If you receive a message demanding immediate action, take a step back and verify the information before responding.
  • Never Provide Personal Information: Never share your personal information, such as passwords, Social Security numbers, or credit card details, in response to unsolicited requests.

What’s a legitimate form of notification?

  • Most scams come as an email, text message or phone call. Scammers can use electronic methods inexpensively and fool many people quickly. Phone numbers, websites and email addresses used by the scammers can be changed quickly if needed.
  • A letter in the postal mail is most likely legitimate. The time, effort and expense to send a letter in the mail is most often done by legitimate companies. Letters in the mail usually contain information that can be verified because it does not change from what’s on paper. If it did contain fraudulent information, it would likely be shut down by the time you receive and read the letter receive in the mail.

By following these steps, you can help minimize the damage caused by a data breach and protect yourself from potential identity theft or scams. Remember, remain calm but staying vigilant and taking proactive measures can make a significant difference in your security. Data breaches are a fact of life in today’s interconnected world.

National Public Data Breach Exposes 2.9 Billion Records: How to Check if Your Information Was Exposed

Data Breach graphic

A significant data breach including 2.9 billion records from the company National Public Data has compromised the personal information of many millions of Americans. National Public Data normally sells data to companies for the purpose of background checks, criminal records and more. But it appears that much, if not all of the data they’ve obtained over the years has been leaked. The breach includes sensitive data such as names, addresses, Social Security numbers and birthdates – information that identity thieves and scammers can use to their benefit.

How to Check If You Were Affected:

To determine if your personal information was part of the breach, here are a few trustworthy websites where you can enter some information to check if your data has been exposed:

These websites will require you to provide a portion of your information, and return any remaining data that matches the search inquiry.

What to Do if Your Information Was Exposed:

If your information was exposed in the breach, take the following steps:

  1. Freeze Your Credit: Contact the three major credit bureaus (Equifax, Experian, and TransUnion) to place a credit freeze on your account. This will prevent unauthorized individuals from opening new accounts in your name.
  2. Monitor Your Accounts: Regularly check your bank statements, credit card bills, and other financial records for any suspicious activity.
  3. Report Identity Theft: If you believe your identity has been stolen, file a police report and contact the Federal Trade Commission (FTC) to report the incident.

Staying Informed:

As more details about the data breach emerge, it’s important to stay informed about the situation. Keep an eye on news reports, official government announcements, and updates from the affected companies.

Remember: While this breach is a significant event, there are steps you can take to protect yourself and minimize the potential damage. By following the advice above and staying vigilant, you can help safeguard your personal information.