Most of us have received one of those dreaded emails. The subject line may sound bland, almost harmless: “Notice of data security incident,” or “We're committed to your security.” But as you read it, you realize something serious has happened—your personal information is in the wrong hands. What should you do?
Last year, more than 290 million people had their personal information exposed, according to a recent report by the Identity Theft Resource Center, a California-based nonprofit. Yet only 48% of those who knew their information had been hacked chose to change their passwords. Sixteen percent did nothing at all. At Asurion, we help people learn more about their tech every day, including how to protect your personal information both online and off. Here's our guide to everything you need to know to prevent a data breach.
What is a data breach?
A data security breach occurs when someone gains unauthorized access and exposes your confidential, protected, or personal details without your knowledge or permission. Anyone can be a victim—a company, an individual, a government. The stolen data may include:
- Social Security numbers.
- Personal health information.
- Driver's licenses.
- Bank account or credit card numbers.
- Passwords or emails.
- Trade secrets.
- Intellectual property
Why do data breaches keep happening?
There have been hundreds of data breaches over the past decades, exposing millions of people's information, and they've affected prominent companies such as Equifax®, Capital One®, and Illuminate Education®, the creator of a leading student data tracking software. Already in 2024, we've experienced the "mother of all breaches", a leak that exposed 26 billion records from commonly used sites like Venmo, Snapchat, and LinkedIn.
Potential vulnerabilities include:
- Weakness in technology. As new tech comes to market, the gap between innovation and security seems to get larger each year, leaving opportunities for hackers to pounce.
- Human error. Even when tech is secure, there's still human error. Some people will always have poor digital security habits—and even make seemingly simple mistakes with catastrophic consequences—all of which put others at risk.
How do data breaches happen?
A data breach can be accidental (an employee unknowingly releases your personal information online) or for malicious purposes (cyber criminals steal private data from a company). Here are some common types of information loss:
- Payment card fraud. Criminals place skimming devices on a credit or debit card reader, like you might find at a gas pump terminal or an ATM, to steal personal and financial information.
- Insider attacks. A trusted individual or company insider steals data, sells it, or uses it to start a new company.
- Lost or stolen devices. Laptops, files, office computers, and other physical properties get lost or stolen by the wrong person.
- Point-of-sale (POS) intrusions. Commonly used at restaurants and small businesses, POS terminals and payment systems are vulnerable to malware attacks with the goal of stealing payment card information.
- Web app attacks. Threat actors steal names, addresses, and other personal information when you sign up for a web application.
- Unintended disclosure. Sensitive data is exposed due to mistakes or negligence.
What your information can be used for in a data breach
Once cybercriminals have your personal information, they can wreak havoc in your life by:
- Stealing your identity.
- Opening and using new credit cards under your name.
- Taking money out of your banking and investment accounts.
- Creating financial losses
- Applying for government benefits.
- Accessing medical care with your health insurance.
- Filing a tax return under your name, then taking the refund for themselves.
What to do if your data has been breached
If you discover that you've been involved in a breach, follow these security measures, stat.
Read the email or letter warning you about the data breach
You know that email notification you received? Take the time to read it—all of it. Per breach notification laws, U.S. companies are required to tell customers if their information has been breached, and their email will outline the details of the breach, including when it occurred and what personal data was included.
Pay close attention to what kinds of info was stolen—email addresses, usernames, passwords, bank account or credit card information, Social Security numbers.
Contact your financial institution
If your credit card or bank information has been exposed, contact the company immediately to let them know about the breach. They can monitor your statements for unusual charges or fraud and issue you a new card number if needed. (In the future, consider using Apple Pay® or Google Pay™, which are safer than a physical card. Here's why.)
Change your password
The best passwords are at least 12 characters, involving a random combination of upper- and lower-case letters, numbers, and symbols. Don't use personal information (like family birth dates or street address). And don't reuse the same password. If a hacker cracks one of your login credentials, all they have to do is test that same password on your bank or credit card account to gain access to your information—and money. For more tips, here's our guide to creating strong passwords as well as our recommendations for the best password managers.
Use two-factor authentication
This method requires you to take an extra step to protect unsecured devices—typically entering a code—to confirm your identity when you log in to any password-protected account. So even if someone has your email password, they can't sign in to your account.
To learn more, read our guide to what two-factor authentication is and how to set it up.
Request free credit monitoring
Due to the COVID-19 pandemic, the three credit agencies—Equifax, Experian®, and TransUnion®—are currently offering free weekly online credit reports.
How to protect yourself from data breaches
There's no foolproof way to avoid a data breach. But if you follow these preventive measures, you've got a much better chance of keeping your private information away from those who are trying to steal it for personal gain:
- Create strong passwords for all of your logins. Weak passwords and a poor hiding spot are a common culprit. Use a password manager to help you keep track of them, and never reuse passwords.
- Delete old accounts you no longer need.
- Don't open suspicious emails—delete them instead.
- Use secure websites (start with our guide to keeping your credit card information safe online).
- Give out your Social Security number only when absolutely necessary.
- Pay attention to your bank statements. If you see odd charges, even small ones, it could be a sign your data has been compromised.
- Install updates on your devices, apps, and operating systems as soon as they're available.