After My Data Was Breached, Here\’s How I Protected My Accounts

If you feel like you\’re hearing about a major data breach every week, that\’s because you are. In 2023, there were more than 3,200 data breaches. In the summer of 2024, data breaches at AT&T and National Public Data made national headlines and put billions of people\’s data at risk — including my own. Here\’s how I protected myself after recent breaches.

Learn about a data breach

Whether or not a company notifies users that their data has been exposed depends on a number of factors, including the type of data compromised, state and federal laws, the number of people whose data was exposed, and more.

Even when companies are legally required to notify users, they may choose to delay. According to a report from PBS, this is exactly what happened with AT&T\’s 2022 data leak, which exposed more than 100 million records.

It\’s difficult to stay updated on the many data breaches that occur. I recommend reading company emails, texts, and push notifications. When you become aware of a breach, continue to follow the story and read company updates, as the company may continue to release information about the breach and what data was exposed. The more you know about the breach, the more effectively you\’ll be able to respond.

Change Passwords

The first thing I did after learning that my data was exposed was change my password. Even though the company didn\’t say that passwords were exposed, I didn\’t want to take any chances.

Even if you\’re not sure your password was exposed, it\’s still advisable to change the password on the affected account. If you\’ve reused this password across multiple accounts, I\’d recommend changing each password so that you have a unique password for each account you use.

If creating strong passwords for all of your accounts is a hassle, I suggest using one of these password managers.

Use identity theft protection

On two occasions, companies gave me access to Experian for identity theft protection after my data was exposed in a data breach. Even if your data is exposed, companies are not legally obligated to pay for the identity theft protection service.

Services offered by the identity theft protection company include credit monitoring, dark web scanning and scrubbing, credit lock, and fraud resolution. If you don’t want to pay for identity theft protection, you should use the free dark web monitoring tool Have I Been Pwned?. You can also freeze your credit for free by contacting Equifax, Experian, or TransUnion.

Turn on MFA

MFA stands for Multi-Factor Authentication. By turning it on, you’re giving yourself another layer of protection from bad guys trying to log into your accounts. Even if someone gained access to my username and password, if they tried to log in to most of my accounts, they wouldn’t be able to do so because of MFA. MFA can use a variety of methods to verify your identity.

You can also find magic links in apps that provide unique, one-time access to an account.

Check your financial accounts

If sensitive data has been stolen from a financial account, you should check to see if your account has been affected. That being said, even if data has been stolen from a non-financial account, it’s still important to make sure your financial accounts haven’t been logged in and your cards haven’t been fraudulently charged.

Remember that leaked data from one account can be used to access data from another. Also, if cybercriminals have access to an account linked to a bank account, they may be able to make charges.

If they have done so, flag the charges as fraudulent and change the account passwords.

Beware of phishing scams

Phishing scams always increase after major data breaches. A cybercriminal only needs to know your email address associated with the hacked company to perform a perfect phishing attack.

Let’s say you are a PayPal user whose data was exposed in the 2022 hack. If a cybercriminal has your email address and knows you are a PayPal customer, he or she can create an email mimicking yours, claiming you must change your password due to a recent security breach.

As a worried customer, you click on the link provided and see something like the PayPal login page. You type in your old and new passwords and think you have secured your login information; in reality, you have given the hackers the keys to the castle.