With cyber-attacks becoming a common daily occurrence, you need to know what to do in the event of your personal data being exposed in a data breach. In a report released by Risk Based Security, it was revealed that 4,145 publicly disclosed data breaches resulted in the exposure of over 22 billion records during 2021.

As a consumer, there’s not much you can do when a company that has your personal information suffers a data breach. However, there are steps that you can take to ensure you don’t become a victim of cybercrime due to the breach.

If you believe your data may have been exposed in a breach, the first step is to remain calm. Sometimes a company will contact you to let you know if your information was involved in a breach, but other times you may have to take the matter into your own hands. You can visit a website called “have I been pwned?” to check if your email address or phone number appears anywhere on the web where it shouldn’t be.  

Once you know what information has been compromised, you need to start securing the account that was breached, as well as any other accounts that may contain the same information. If your password was breached, immediately change it on the affected site and anywhere else it is used. The easiest way to do this is by using a password manager. You just need to set up your account with one long, strong, and complex password, and the program will do the rest. It allows you to create and store unique and complex passwords for each account you have, without you having to remember all the different passwords. LastPass is a reputable password manager that provides a free version for password storage. The premium version also allows for dark web monitoring to alert you to any breaches quicker than the affected company.  

Once your account is secured with a healthy password, enable multi-factor authentication (MFA). Most sites, including financial sites and social media sites, allow MFA as an additional layer of security. MFA works by requiring an extra security measure in addition to your password, usually a code sent to your phone number or email address, to allow you to access your account. If your email address or phone number was breached, it is recommended that you utilise an authentication app, such as Google Authenticator for Android or iOS.

If you do unfortunately become a victim of identity theft, it is imperative that you report the fraud as soon as you possibly can. Report the fraud to SAPS, and the company or financial institution where the fraud occurred. You can contact the Southern African Fraud Prevention Service (SAFPS) by sending an SMS saying “Protectid” to 43366. This SMS will be free of charge and the SAFPS will contact you and assist you in registering for a Protective Registration or Victim of Impersonation listing. You need to make sure that you close your existing bank accounts as well as any other accounts that may have been opened by the fraudsters and get new accounts with new PINs. Contact a credit reporting agency, such as TransUnion and notify them that your identity has been stolen. They will block any further credit applications made in your name.

Finally, go through all your active accounts across the web and delete or disable any accounts that are not being used. Having too many active accounts online only increases the risk of your information being exposed.

Once you believe your accounts are secured, keep an avid eye on them, including those with banks, social media platforms, and retailers. It may be a good idea to periodically visit “have I been pwned?” to see that your information is where it’s supposed to be.