3rd party data breach
When a company you use gets hacked, your data may have been exposed to cybercriminals or even the world if the information was accidentally published online.
Cybercriminals may use your data to access that account or target you in future cyber crimes. For example, if they obtain your email address and password, they might try logging into your other accounts or send you phishing emails to trick you into enabling a cybercrime.
Use this guide if you've been notified that a service, app, company, or website you use has been hacked.
Help Us Improve: Share your experience by filling out this Impact form. This will help us better protect future victims.
Approaches to Dealing with a Service Provider Breach
1. Check If It's Real: If you receive a message from the company (email, call, or text), make sure you're not being tricked by a cybercriminal. Go directly to the company's website and look for evidence of a breach, like a banner on the homepage or news section. You can also contact the company directly, but don't use any links provided in the message—they may be fake.
2. Find the Provider’s Guidance: The hacked company will provide specific guidance on what to do next. This will cover what happened, steps you should take, and the support the company can offer. This information will be on the company's website or linked from it.
3. Change the Exposed Username & Password: Regardless of whether these details have been hacked, it's always a good idea to change your login details. Enable two-factor authentication if available. If you use these login details elsewhere, change those too.
4. Understand What Data Has Been Accessed: Once you know what data has been exposed, consider the wider impact. If you use the same username and password on other sites, change them ASAP. Be aware that you may receive malicious emails to that address. If more private information has been exposed (like messages, sexuality, or activities), think through the next steps.
5. Contact the Provider: It might be worth contacting the provider directly to get more details about your specific account. They may be able to share more information one-on-one than in public announcements. Be aware their customer support team might be very busy.
6. Keep Up to Date with the News: It often takes time for a company to understand the extent of a breach. Even after knowing data was accessed, it can take days or weeks to investigate how the hacker got in and what they did. Companies may release more details as they learn more from their investigation, so stay updated with the news.
7. Monitor Your Security: With your data in the hands of criminals, you need to be vigilant about your online security. Be cautious of calls, text messages, and emails. Check the security settings of your devices and online accounts, and investigate anything suspicious. Use sites like Secure Our World or FBI SOS! to improve your security.
8. Take Advantage of Free Security Offerings: Many organizations that are hacked offer free security tools to help customers deal with the impact of their data being known to cybercriminals. This might include free credit score checks, security software, or access to expert advice. This information will be listed on the provider’s website alongside the breach notification.
How to Minimize the Damage of a Service Provider Breach in the Future
1. Have Unique Passwords for Each Account: While this takes extra effort, a password manager can make it easier. Ensure that your email and online bank account have secure, separate passwords.
2. Check If You Have Been Pwned: The haveibeenpwned.com website, run by cybersecurity experts, is a great tool to check if your information has been hacked in known breaches. Enter your email address, and it tells you which breaches it's linked to and what information hackers gained. Make sure none of your current login details match those in past breaches.
3. Be Good at Security: Use sites like Secure Our World or FBI SOS! to improve your security. The more secure you are, the more likely cybercriminals will move on to an easier target.
4. Take Advantage of Service Providers’ Free Security Settings: Every device and online account has a security or privacy section. Unfortunately, not all security settings are on by default, but it's easy to review and switch them on. two-factor authentication and account recovery information are key.
5. Select Secure Providers: When choosing an app or online account, think about security. Check what security measures they have, their history of being hacked, or if they use compliance standards like the NIST Cybersecurity Framework.
Support our Blog
If our blog helped you resolve your cyber issue, we kindly ask you to consider making a "pay it forward" contribution. Your support enables us to continue providing updated cyber solutions for you and others.
