It can happen to the best of us: responding to a legitimate-looking form, or identity data getting leaked publicly. Whether you’ve been phished, hacked, or just struck it unlucky – the result is the same: your identity is now in the hands of some unsavoury characters.
While advice about preventing identity theft is easy to find (and definitely what you should be doing first), what can you do if the worst actually happens? These damage control strategies can help.
Finding out more
If it’s at all feasible, learning which forms of data have been involved in the breach can be useful in how you respond. For example, a POS breach will usually involve your credit card details, whereas a leak from a social media site might reveal personal information instead.
However, note that for the majority of publicly-posted data breaches, details are often impossible to obtain. By the time they reach circulation, many breaches are simply long lists of email addresses and passwords obtained from many different sites. Additionally, the person leaking the addresses often knows little of the origin, and may not even be the original hacker.
Therefore, finding out the source of the breach is an ideal place to start, but you shouldn’t rely on knowing the breach source when responding to a data breach that involves your information.
Covering your bases
Financial data, like credit cards and bank account details, are usually the first type of information to be exploited after a breach. Thanks to online shopping, they can be used more or less instantly from the time they’re stolen.
If your phishers had access to your financial details or internet banking login, call your bank(s) first and put a halt to those accounts. Needless to say, if you’re using the same password across multiple accounts – now’s also the time to address that: see our guide to password managers for a better way to remember passwords in the future!
Speaking of passwords: if you’ve been breached in any way, it’s important to change your password on all major services (email account, social media, internet banking, government services) as quickly as possible. Your email address is often the only layer of security for many online services, so keep it under locks.
Beyond the immediate threat of stopping unauthorised financial transactions, theft of your personal identifying information – e.g: your driver’s license, social security, or logins to important accounts such as Facebook – can present a more long-term threat. Armed with these, scammers can establish new accounts in your name, even if you’ve cancelled your original cards.
If these details have been involved, unfortunately, you’ll need to apply to change those numbers and passwords as soon as possible. Yes, it will be a painful process to deal with government agencies and road authorities, but it will save you a great deal of grief in the long run.
Long term strategy
Once you’ve covered the most immediate threats, you should also report the phishing or breach to the relevant authorities, as well as any sites that might be involved. For instance, if you have responded to a phishing email that pretended to be from your bank or a government authority, give them a heads up.
Additionally, you should also report the scam to your regional and Federal Police – while they might not be able to help your situation, keeping authorities clued in to new targeted scams can help put a stop to further phishing campaigns.
In the weeks and months following the breach, keep monitoring your financial activity. Scammers can wait many weeks or months before trying out your account, so be ready to spot any suspicious activity during this ‘cooling off’ period.
Once you’ve responded to the threat, reduce the chance of it happening again. Sign up for our Email Watchdog Service for up-to-date alerts if your email address appears in public data leaks.