Data breaches are becoming common. Social media networks, shopping websites, video game platforms, hotel chains, airlines, restaurants as well as food delivery, and financial institutions have been the target. And they will most certainly again be. What do you do when an app or website or service that you regularly use has suffered a data breach?
A data breach is a successful attempt by hackers to gain access to the internal systems of an organisation and access sensitive data such as user information illegally. That puts your data with the service that has been attacked at risk of unauthorised collection too. There is no way you can stop a data breach from happening. That is the job of security professionals. But you can take corrective steps to ensure you do not suffer further damage, particularly financial losses.
There are five types of breach. Entertainment services data breach, financial data breach, healthcare data breach, government data breach, and education data breach.
Find out if you are affected
The first step you need to take if you hear about a data breach at any of the services you have used is to get official confirmation. The affected service or website may send you an email detailing what has happened and what you can do to safeguard your identity. But before that, you may want to reach out to them, perhaps via social media, to confirm the extent of the breach. It will give you a head start, if at all, in protecting your accounts if user names and passwords have been accessed, for instance.
Change passwords and enable two-factor authentication
This is a must-do even if the service that has been hit by a data breach claims that no passwords have been accessed by hackers. Enable two-factor authentication, or 2FA, as an additional protective measure. Even if your password and log in details end up with a hacker, they will hit a dead-end if you have this enabled.
Update your banking information and get new cards issued
If the data breach has hit your bank or financial institution you have a relationship with, perhaps for loans or credit cards, you must generate a new password for your online banking identity. Enable, if available, the option to generate an authentication OTP, or one-time password, before you are allowed to log in to your banking accounts. Most banks do enable this by default, but you can also see if this option is available, if it is not enabled already.
Also Read: Why do data breaches happen?
If any service that you use and has your credit or debit card details is hit by a data breach, reach out to your bank and get these cards blocked. The bank will issue you replacement cards, with new numbers and identifiers, within a couple of days. Blocking the cards potentially after a data breach will prevent misuse. Examples of such services include subscription-based services including OTT streaming, music streaming, or shopping websites where you may leave your card information stored.
Alternatively, keep an eye on your credit scores with credit information companies operating in India. These include Cibil and Experian. If anyone has tried to get a loan or a new credit card issued with your identification, it may show up in these logs under recent activity.
If your government-issued ID is part of a data breach, you can at the most try to connect with the issuing authority to understand if your specific ID number was part of the data that has been breached. Secondly, you may request to cancel the existing ID and issuing a new one. But that is easier said than done—you would likely have tax returns, bank accounts, mobile numbers, and more linked with this ID.
If there is a healthcare data breach, you can try to secure your online accounts with your hospital and insurance companies, for instance, with 2FA layers. That will prevent unauthorised access to your medical history.