Take These Steps If Notified of a Data Breach in Your Business

There were more data breaches in 2023 than ever before. Organizations publicly reported 3,205 incidents in which data was compromised, impacting some 353 million people. The previous record was 1,860 in 2021. Almost all of the 2023 compromises were data breaches involving the unauthorized removal of sensitive information such as Social Security numbers and financial account information. Two of the compromises were data leaks, in which information was gathered from online sources. The 2023 compromises also included 25 data exposures with no indication that the information was accessed or removed.

The odds are high that you will be the victim of a data breach at some point. Typically, you will learn about it when you receive notice from the organization that suffered the attack. When you receive such a notice, you should act quickly to protect yourself from fraud.

  • Protect your accounts.

    • Immediately change the passwords on all your financial accounts, as well as any accounts that were directly affected by the breach. Use a strong, unique password for each account. Make each password as long as possible, with a mix of letters, numbers, and special characters. Sign up for two-factor authentication if it is available.

  • Stay alert.

    • You should always be on the alert for potential scams but use extra caution if you are notified of a breach. Be skeptical of unusual communications, particularly if they are threatening or demand immediate action. Armed with your information, criminals can create highly targeted phishing, vishing (voice phishing) and smishing (text phishing) attacks.

  • Monitor your credit report and financial accounts.

    • Check your credit report for unusual activity, such as accounts or addresses you do not recognize. Some credit reporting agencies and financial institutions allow you to set up alerts of new activity.

  • If warranted, freeze your credit reports.

    • If you detect fraudulent activity, it may be prudent to freeze your credit reports. This will prevent fraudsters from applying for credit in your name. However, it also prevents you from applying for credit until you “thaw” the reports.

One final note: You should not use the same passwords for personal and business credentials. Nevertheless, if there is a chance a business password has been compromised, you should immediately notify your IT Department.

BlogJack CohlmiaData Breach, Data Management, Cybersecurity