Eight steps to take when you’re a data breach victim

on 30 Oct 2020 | by Simon Chadwick

Getting caught in a data breach isn't a fun time. You might well be worried about who has your information and what they might do with it. Here, we look at eight steps you can take to protect yourself as best as possible:

1: Try to assess what data has been lost

When you’re caught in a data breach, the organisation responsible should inform you of exactly what data has been lost. If they don’t, you have a right to contact them to find out. Knowing exactly how much data has been lost can give you a good idea of what might happen next, and allow you to take pre-emptive action to protect yourself.

2: Contact your bank

If you think financial information such as your debit or credit card details have been stolen, call your bank and ask for a new card. Many banking apps also allow you to freeze your card immediately. Tell the bank your data has been breached and ask them to monitor your account for unusual transactions. You can also check your account regularly to watch out for any purchases you didn’t make.


3: Check your credit score

Fraudsters may try to take out loans or open bank accounts in your name with stolen data. Watching your credit reports will keep you aware of any such activity. If you report it quickly, the banks will usually close the accounts without any fuss. Also, when bank accounts are opened, the bank usually posts the online activation code and bank card to your address. If you receive any such letter, don’t ignore it or assume that it’s junk – take it to the bank immediately. If a loan is taken out and the lender disputes your report of fraud do not repay any of it, even if you begin to receive warning letters from the lender. Some people panic and think that they need to repay the loan until they can prove it was fraud and then get their money back. Not only are you unlikely to get your money back, but repaying even a partial amount of a loan is often seeing as an admission that the loan indeed is yours and you will likely end up having to repay all of it.


4: Register with Cifas

If somebody does open a bank account or anything else in your name, it’s worth registering with the protective agency Cifas. In many cases this will happen automatically once you report the fraud to your bank, but you can check your credit report to make sure. Cifas will add extra levels of checks to your account to ensure any future applications made in your name are legitimate. This has the unfortunate effect of making it slightly more long-winded when you do want to open an account or take out a loan, but it’s worth it to ensure you stop being a target of the scammers. It is also possible to freeze your credit entirely if you don’t intend to use it in the near future.



5: Watch out for phishing emails and phone calls

Phishing is the term used to describe emails and phone calls which pose as legitimate organisations to steal your details. They may claim to be from your bank or phone provider saying you need to update your details or so forth. If you’ve been in a data breach which includes your email or phone number, there’s a heightened possibility you may become a target. Be on your guard for anything that doesn’t look right, or a relatively minor data breach may turn into a major one when you accidentally supply a fraudster with your banking information. If you ever receive an email or get a phone call asking for such information, don’t give it. Also, don’t download attachments from emails unless it’s definitely legitimate.


6: Change stolen passwords

If the data breach has (or might have) included a password for one of your online accounts, change it. If you use that same password for any other online accounts (which really you should never do), change those as well. Also, don’t change it to a password you already use or have used in the past. If criminals can access your online accounts then they could steal further data from you, as well as more sensitive information. Use two-factor authentication on your important accounts like email and online banking.



7: Be vigilant with your data

Once your data is lost, it’s pretty much impossible to retrieve it. However, you can be careful about who you supply it to in the future. It’s become second-nature in our society to fill in online forms or social media quizzes with no real thought of where that data goes. In truth, much of it is being harvested by people who don’t care about your privacy or security, and who won’t or can’t adequately protect it. While no organisation is totally secure against data breaches, some are more reliable than others. Most organisations provide data protection policies for you to read, and you can look at their history to see if they’ve suffered a data breach recently. There’s no certain way of knowing your data will be fully secure, but you can at least not give it to people who are likely to misuse it.


8: Consider claiming compensation for your data breach

Data breaches can be serious, and you deserve justice if you’ve been affected. Organisations may try to act like it’s not a big deal, but don’t let them off the hook that easily. If they lost your data then they should have to pay for that. In the most serious cases people can win thousands of pounds in compensation. Claiming for your data breach means not only that you may personally benefit, but also that organisations which lose data will be more likely to take data protection seriously in the future, which is beneficial for all of us. If you think you have a claim, you can use our handy self-assessment tool below to see if it is worth taking further.



23/10/2021 05:00:51