What to do about a personal data leak or breach – Before and After
This recent news roundup mentioned that the state of California has leaked and mishandled data on thousands of gun owners. This has come up before. Data leaks and breaches always seem frustrating and sad. While I would love to see strict penalties for poor security and mishandling that lead to data leaks and exposure, this also got me thinking – what _can_ we do to prepare for or prevent a personal data leak?
The Prepared site has excellent articles and forum posts on general digital security and preparedness. But what about data breaches specifically? Here are some intro steps from a bit of light research:
What to do before and after a data breach:
- Use encrypted text messages. Install Signal – the most secure, open source, encrypted text messaging app. Keep your data private. You can use Signal for all texts on your phone – it will simply use encryption with anyone else who also has Signal, but still send regular text messages to those who do not. Then you can invite them to improve their texting too.
- Use a password manager. Don’t store your sensitive information inside emails etc.
- Don’t give out your Social Security Number (SSN). Or other very sensitive info. This may depend on geography. In North America there are usually only two places that need to know about your SSN: Your employer (so you can get paid), and your bank. That is it. Many other places try to ask and get this information. Tell them no. Often you may find them sheepishly admit the information was “optional”, and they will back down.
- Sign up your email address at https://haveibeenpwned.com/ . This is an interesting website that monitors data breaches and will email you if it finds that your email address has been included in a data leak. A good way to at least be aware that your information may have been exposed.
- Get a backup credit card and/or bank account. If you have the ability, having one main credit card but also a backup card can help to ensure you still have a way to operate or pay your bills if your main card is stolen or compromised. Likewise – opening two different bank accounts at different _types_ of institutions with different risk profiles – e.g. one large national bank and one local credit union. Storing some funds in each can help to make sure you still have access to some of your money.
- Keep some cash on hand. So you can keep operating even if everything goes down.
- Freeze and set a PIN on your credit file. Equifax, Experian, and TransUnion will let you set a PIN – like a password – that must be used to unfreeze your credit account. This should prevent or make it more difficult for anyone to take out a loan in your name or otherwise access your credit. If you want to take out a loan or apply for credit yourself, you can simply call them with the PIN to unfreeze, and then re-freeze your account.
- Get and read your own credit report every six months. This can be a painful process, but the three firms above should let you get a free copy of your own credit report. Emphasis on free: they are not allowed to charge for it. However, they often make this intentionally difficult and confusing by adding many “upgrade” tiers and options, and changing the name to things like “consumer disclosure report” instead. Checking your report e.g. every six months can help you to spot if anyone used or tried to use your credit account.
- Consider credit- or identity-protection. I am wary of these services and have never tried them. I am not sure how much they actually help in the event anything happens. Would love to hear from anyone who has had good or bad experiences with identity protection.
- Call the company or organization and confirm whether your data was included in the breach or leak.
- Find out what type of data was affected. If your credit card info was leaked, you probably want to call your credit card company to cancel and replace the card.
- See if the company now offers help, or offers free identity protection after the fact. They may be able to help you get back to normal.
- Change the password on any accounts that were affected.
What other ideas or actions can you think of?
- Forum post “Getting Weekly Credit Reports”. Thanks to community member Supersonic for posting.