Your IP: Unknown · Your Status: Unprotected Protected

Blog How-To

What to do if your data was leaked

Aug 04, 2019 · 4 min read

What to do if your data was leaked

Massive data breaches hit news headlines every day. Even companies that handle very sensitive data like your credit card details are vulnerable. Unfortunately, their cybersecurity is out of your control. However, if the worst does happen and your sensitive data leaks, this is what you should do next to minimize the damage.

Find out what information leaked

First things first: what type of information leaked and where did it end up? Was it your login details and passwords? Were they hashed or stored in plain text? Did any other personal information leak like your date of birth, your home address, phone number, or even answers to your security questions? Did the company store your payment details, your social security numbers, or even your passport number?

Find out how the breach happened. Was it first noticed by in-house developers before anyone else had seen it? Or did it go as far as being stolen and sold on the dark web? You can find answers by contacting the company, on the news, or by doing a simple search.

Depending on the type of data that got leaked and how it was leaked, take the following steps:

If it’s login details and passwords

If it was your email, username, password, date of birth, address, or similar information that got leaked, then take the following precautionary steps:

  1. Change your password immediately. And change it to a strong one. Make sure it’s not a word taken from vocabulary and includes lower and upper case, digits and characters. You can use a password generator for this or our strong password tips.
  2. Check the Nordpass page to see whether your password have been affected by any breaches. In fact, you can use this tool regularly as it can sometimes take weeks or even years for companies to admit their mistakes.
  3. Change passwords on other accounts if you used the same password on multiple platforms (which you should never do).
  4. Set up 2-factor-authentication. This means that even if someone got a hold of your password, they wouldn’t be able to get into your account. They will also need a second password or PIN. This is usually sent to your mobile device so that hackers would need physical access to that too.
  5. Learn to recognize phishing and similar social engineering attacks. Hackers or scammers might not have enough information to break into your accounts, but they can use your date of birth or your address to scam you or services you use. They might try to use this data to convince you that they are from a legitimate company and to get other sensitive information out of you. Don’t fall into their trap!

If it’s healthcare data

  1. Notify your health insurer that your health data has leaked and someone might try to use it. Ask them to be vigilant and double-check their records before issuing any payments.
  2. Check your medical records and monitor health-related payments in case someone has already tried to make a claim under your name.

If it’s your driver’s license

  1. Notify your Department of Motor Vehicles (or a similar authority depending on your country of residence) that your driver’s license number has leaked.
  2. Place a fraud alert with the DMV to be notified if someone does try to use your driver's license for any services.

If it’s your payment details

  1. Contact your bank and freeze your card. This will ensure that no one will be able to access your credit reports without your permission. You can also close your account and ask the bank to issue you a new card.
  2. Check your recent credit card statements for any suspicious activity.
  3. Contact the credit bureau and set up a fraud alert. They will notify you if someone tries to use your card to open new accounts or take out loans.
  4. Get a credit report to see if any false accounts or credit cards have already been opened or taken in your name
  5. Learn to recognize phishing attacks. Hackers might use your payment details to fool you into thinking that they are emailing or calling from a legitimate company. It’s easy to fall for it as you’d think that only companies you trust have these details. Don’t give away any other information or click on suspicious links.

If it’s your ID, passport or social security numbers

What to do after a data breach?

  1. Issue a fraud alert. You can do so at the National Credit Reporting Agency (CRA) or a similar organization depending on your country of residence.
  2. Prove your identity before anyone else did. You can submit an affidavit and provide proof that you are who you say you are. Go to The Federal Trade Commission’s ID Theft Affidavit or your local equivalent of such authority.
  3. Order credit reports as they may also indicate if someone has tried to use your identity for any illegal activity.
  4. Review your Social Security statement and look for any suspicious charges.
  5. File your taxes on time or earlier than usual before someone else does for you!

Last piece of advice

You have now done everything you could to protect your data and be notified if anyone uses your information for any scams. However, it doesn’t end here. Recovering from a data breach might be a long and difficult process. You must stay alert and continue checking your records for any suspicious activity. Also, don’t forget to take any help offered by the affected company.

To learn more about cybersecurity, subscribe to our monthly blog newsletter below!


Emily Green
Emily Green successVerified author

Emily Green is a content writer who loves to investigate the latest internet privacy and security news. She thrives on looking for solutions to problems and sharing her knowledge with NordVPN readers and customers.


Subscribe to NordVPN blog