So Your Personal Data Has Been Compromised. Now What?

Share with your network!

Latest update: November 16, 2016


As of July 31, 2016, IBM X-Force data indicated that 200 million government records had been compromised in 2016 — a total that surpassed the combined totals from 2013 through 2015. Pair that with the increasingly frequent healthcare and retailer breaches, and it becomes clear that an alarming number of individuals are facing the annoyances of life after a personal data compromise and a potential (or actual) identity theft situation. Many are likely asking themselves: Now what?

Wombat_PersonalData2015When larger organizations face a breach of their customers’ or employees’ data, they often offer free credit monitoring services to affected individuals. If you are given this opportunity, you should absolutely take advantage of it. It's a great way to keep track of your personally identifiable information (PII). 

But what if you don’t receive this offer from an organization? Or what if your PII breach is on a smaller scale — say, for example, you fell for a phishing email or a voice phishing (vishing) call? Or maybe you lost your mobile phone or wallet, even for a short time? What then?

Our advice to data breach victims (and non-victims, for that matter) is this: Become your own cybersecurity advocate.


Wombat named a Leader in computer-based security awareness training for the third year in a row.


Stay Proactive With These DIY Cybersecurity Tips

It’s important to be proactive about minimizing the impact of a PII security breach, whether yours is one of many compromised records or you are the victim of a limited-scope data breach. With the latter, if you have the motive and the means to enroll in a credit monitoring service on your own dime, it could be well worth the peace of mind to know that someone is looking out for you. Regardless, the following do-it-yourself activities will help you mitigate some of the damage caused by a breach — as well as prevent future damage.

Change Affected Passwords

If you’ve been alerted to an account breach — or you suspect you’ve fallen for a phishing email that prompted you to reveal credentials for a login-protected site like webmail, online banking, or social media — change your password posthaste. And if you happen to use that same password on other sites (shame, shame), be sure to update those logins as well. Hackers will often cross-check stolen passwords on multiple sites in hopes of getting a hit.

Alert Appropriate Account Reps

For cases in which you personally discover or suspect a data security breach, contact the help lines for affected accounts right away. Be sure to use trusted customer service channels (e.g., phone numbers from your credit cards or billing statements).

Be Extra Diligent About Unsolicited Emails, Texts, and Phone Calls

In many cases, it’s not just account numbers that hackers and scammers scoop up. They often grab names, email addresses, and phone numbers to use in follow-up attacks. (The phishing emails that appeared shortly on the heels of the 2014 JP Morgan Chase breach are great examples of this.)

In these attacks, fraudsters will put together multiple pieces of information they have about individuals to make their messages and calls seem more legitimate and more believable. It’s important to be on high alert once you know your data is already in the hands of the bad guys.

Check Your Mail

With all the ado about cybersecurity attacks, it can be easy to become complacent about snail mail. But consider the prior point about email addresses and phone numbers and you’ll see that the leap to a mail-based attack isn’t hard to make.

If scammers obtain your name, address, and other identifying information, it can be easy for them to send compelling and seemingly genuine letters, bills, payment notices, and other mailers. It’s critical that you verify the validity of unsolicited mail that asks for any type of remittance.