Going about your daily routine, you get an email that reads “Your information may have been compromised in a data breach.” Now what?
With more than 10,000 security breaches reported since 2005, there are more than just email addresses and passwords at stake. Stolen info includes Social Security numbers, medical records, financial information and even fingerprints—something that you can’t change.
So let’s revisit that question: What do you do next after a security breach? Gopal Padinjaruveetil, chief information security officer for AAA, outlines the steps:
1. Confirm your data is in the breach records
If it’s a small security breach, you may get an email or text telling you your information has been affected. If it’s a major security breach, you may hear about it on the news.
“Once [companies] know there’s been a breach and it’s been confirmed, they’re supposed to let the consumers know, by law, that the data has been breached,” he says.
If you have identity theft protection, you can get immediate help confirming your data is in the breach—and determining how to move forward.
2. Find out what information was stolen
Once you’ve confirmed your data has been compromised, you need to know exactly what was stolen—because some data requires more action than others. Here’s how to tell: Think of the actions you need to take as a decision map. For example, information with a low level of sensitivity requires no further action because it’s already public information. But information with a high level of sensitivity requires immediate action because its theft can lead to serious consequences.