At this point, it’s safe to assume that everyone’s been affected by one megabreach or another. But when the next Equifax debacle happens, know that there’s plenty you can do to help dampen the fallout.
When a big company that has your personal information—like passwords or credit card numbers—gets hacked, it means, in a way, that you got hacked too. At the very least, it means some of your most sensitive information out there in the ether, just waiting for a hacker or identity thief to make your life miserable.
The most frustrating part of these breaches, whether they affect 70 million people like the 2014 Target hack, 143 million, like the recent Equifax bungle, 500 million, like a Yahoo hack disclosed last year, or three billion people, like … yet another Yahoo attack, is that there’s nothing you can do to prevent them, other than becoming an internet hermit, so that no one has your info in the first place.
As nice as that sounds, it’s also totally impractical. But don’t give up hope! While there’s only so much you can do, the options available to you can make a big difference.
First, confirm if you’ve been directly impacted. For the biggest breaches, like Equifax, companies will often set up a dedicated website that crosschecks your info against impacted accounts. (Unlike Equifax, they usually don’t screw it up to an alarming degree.)
You should also check out a site called HaveIBeenPwned, and yes that’s the real name. Security researcher Troy Hunt has made it his mission to collect info from as many breaches as possible; so far it’s logged nearly five trillion accounts.
HaveIBeenPwned shows you not just if you’ve been impacted, but the specific type of information that may have been exposed. That way you’ll know if it’s time to change your password, or cancel your credit cards, or both.
Speaking of which: If your info was caught up in a breach, change your passwords not just for whichever company or service leaked them, but anywhere else you might reuse it. And speaking of that: Don’t reuse passwords. Get a password manager instead.
If the breach potentially includes extra-sensitive information, like credit card or Social Security numbers, companies sometimes offer free credit monitoring for a year, maybe more. Go ahead and sign up for that; it’ll help you act fast in the event that someone uses your info to try to open a credit account in your name. Just remember that the threat doesn’t fade after the free monitoring does, especially in the most dramatic cases. Pilfered data can float around the dark web for years. And Social Security numbers aren’t like passwords; they’re really hard to change. So keep a close eye on your bank accounts, basically… forever.
In fact, the most galling part of all of this is that you should probably be doing that sort of monitoring anyway; large companies are notoriously slow to fully disclose breaches. Uber even paid off hackers to hide a 57 million user breach for a full year.
Breaches are frustrating and scary, but also so common these days that it’s easy to just throw up your hands. But it’s worth a little vigilance to help stave off the serious headaches that having your identity stolen, or accounts taken over, would cause.