A data breach can be a frightening experience. If it’s the first time you’ve ever been notified that your personally identifiable information (PII) has been exposed, it’s important to take immediate action to protect yourself from potential identity theft or other harm. Here’s a step-by-step guide on what to do:

1. Assess the Damage

• Review the breach notification: Companies are required by law to inform you about the breach and provide details on what data was exposed. Understand exactly what information was exposed. This could include your name, address, Social Security number, credit card details, login credentials or other sensitive data.
• PII on the dark web: The dark web is a portion of the internet that is not indexed by search engines like Google. It’s often accessed through specialized browsers like Tor, which helps to mask users’ identities, and it used for both legitimate and illicit activities. You can subscribe to services that can continually monitor the dark web and notify you if your PII is found, but unfortunately there’s no way to remove such information.

2. Consider Freezing Your Credit

• Contact a credit bureau: Reach out to Equifax, Experian, and TransUnion to place a security freeze on your credit report. This will help prevent new accounts from being opened in your name.

3. Monitor Your Accounts

• Review your bank and credit card statements: Look for any unauthorized transactions or charges.
• Check your credit report: Regularly monitor your credit report for signs of identity theft, such as new accounts or inquiries you didn’t authorize. See AnnualCreditReport.com for more information.

4. Secure Your Accounts:

• Update passwords for affected accounts: If your passwords were compromised, change them immediately. Use secure, unique passwords for each account.
• Enable two-factor authentication: Add an extra layer of security to your online accounts by using two-factor authentication (2FA), which requires a code sent to your phone or email in addition to your password.

5. Stay Informed

• Consider credit monitoring or identity theft protection services: The company where your data was exposed may offer to pay for credit monitoring service for a year or two. Companies that offer such service often try to upsell additional paid services such as identity theft protection assistance and/or insurance.

6. Expect phishing attempts in the wake of data breaches

How phishing attempts work:

• Leveraging Fear: Scammers may send emails or texts claiming to be from the affected company, offering assistance or updates about the breach. These messages often contain a sense of urgency, urging recipients to click on links or provide personal information.
• Exploiting Stolen Data: If the breach involved the exposure of personal details, scammers may use this information to personalize their phishing attempts, making them seem more legitimate.
• Offering False Security Measures: Phishing messages may offer “security solutions” or “identity theft protection services” that are actually scams designed to steal additional information.
• Impersonation Scams: Scammers with information about you may contact you and claim that they are a representative with a governmental agency, financial institution, security department of a well-known company, or even friends or family. To “prove” their legitimacy they will likely tell you information about yourself – such as your social security number or birthdate – in hopes that they will gain your trust.

How to spot phishing attempts:

• Verify the Sender: Be cautious of emails or texts from unfamiliar senders, even if they appear to be from a legitimate company. Check the sender’s email address carefully for any typos or inconsistencies.
• Watch for Suspicious Links: Avoid clicking on links in unsolicited emails or texts. Instead, type the URL directly into your web browser to ensure it’s legitimate.
• Be Wary of Urgent Messages: Scammers often create a sense of urgency to pressure victims into making quick decisions. If you receive a message demanding immediate action, take a step back and verify the information before responding.
• Never Provide Personal Information: Never share your personal information, such as passwords, Social Security numbers, or credit card details, in response to unsolicited requests.

What’s a legitimate form of notification?

• Most scams come as an email, text message or phone call. Scammers can use electronic methods inexpensively and fool many people quickly. Phone numbers, websites and email addresses used by the scammers can be changed quickly if needed.
• A letter in the postal mail is most likely legitimate. The time, effort and expense to send a letter in the mail is most often done by legitimate companies. Letters in the mail usually contain information that can be verified because it does not change from what’s on paper. If it did contain fraudulent information, it would likely be shut down by the time you receive and read the letter receive in the mail.

By following these steps, you can help minimize the damage caused by a data breach and protect yourself from potential identity theft or scams. Remember, remain calm but staying vigilant and taking proactive measures can make a significant difference in your security. Data breaches are a fact of life in today’s interconnected world.

Your email account is one of the most important online accounts to keep secure and un-hackable. There are two main reasons why checking recent login activity to your email account is a good idea:

1. Spotting Unauthorized Access: Your email account likely contains sensitive information, personal documents, and access to other online accounts. By checking the login activity, you can see if someone else has accessed or attempted to access your account from an unrecognized location or device. This could be a sign that your account has been compromised through phishing, malware, or a weak password.
2. Troubleshooting Login Issues: Sometimes, legitimate login attempts from new devices or locations can cause problems. Reviewing your recent activity can help you identify if there were any login attempts around the time you experienced issues accessing your account. This can help you narrow down the cause of the problem.

In short, checking your recent login activity is a proactive way to protect your email security and ensure that only you are accessing your account.

How to check your login activity for major email accounts

Here’s how to check recent login activity on the major email providers:

Gmail:

1. Open Gmail on your computer.
2. Look for the “Last account activity Details” link in the bottom right corner of the window and click on it.

Yahoo Mail:

1. Log in to your Yahoo Mail account.
2. Click on your profile icon in the top right corner.
3. Select “Account info” from the menu.
4. Find the “Recent activity” section and click on it.

Outlook.com / Microsoft:

1. Log in to your Outlook.com or Microsoft account.
2. Click on your profile picture in the top right corner.
3. Select “View account and profile.”
4. Under “Security info,” click on “Recent activity.”

Important notes:

• The information displayed typically includes the location (city and country) of the login and the type of device used. However the location may be incorrect if using a VPN or mobile network.
• If you see any suspicious activity, it’s recommended to change your password immediately. Also consider adding two-step verification to make it harder for hackers to access your account even if they know your password, and adding it before hackers do.
• Email provided by Internet Service Providers AT&T and Charter/Spectrum do not offer the ability to check your recent activity or setup two-step verification. That’s one reason why we recommend switching away from using email provided by your Internet Service Provider.

Contact us if you need help with securing your email or other online accounts.