You’ve probably heard about them on the news at some point or another. Something along the lines of, “Data breach at healthcare company! Thousands of users’ personal data possibly compromised!” Maybe you were even a client of that healthcare company, and you weren’t sure if you had been affected. Or perhaps you were just notified by your security software that a website you have an account on experienced a data breach, and you should change your password right away. But is that enough?
However you find out about it, having your passwords compromised can be a frightening experience. Wealths of your personal information could be at stake. Even if you’re the most careful internet user in town, no one can be completely safe from data breaches. Many users’ personal data — including their passwords — could have been stolen by cybercriminals.
Don’t panic. There are ways to protect yourself after your passwords are compromised. Here are three steps you can take:
Ideally, you’re already using a password manager that keeps unique passwords for all of your accounts. With these tools, you can create new ones without worrying about remembering them. But password managers usually cost money, so you might have to do it the old-fashioned way: by manually going in and changing your credentials.
The first account you should touch is the one that was potentially compromised. If someone has your password, they may start trying to break into other websites with it. If you share that password with other accounts, you’ll want to change those, too.
Finally, you’ll want to get new passwords for all of your critically important websites, such as:
- Banking websites.
- Social media platforms.
- Email accounts.
- Any website that has your financial information linked to it.
- Other financial institutions — including investment services, credit monitoring, or insurance firms.
Once these accounts are secure with strong, unique passwords, you can take the next step.
A major risk of having your password stolen is the possibility that your credit or debit card information could be exposed. It’s good to check your statements even if you don’t have compromised passwords, but stay extra vigilant for unauthorized charges or changes to your accounts. If you spot anything unusual, notify the associated bank right away.
One little quirk about debit cards: While you normally wouldn’t be protected if someone stole your debit card, you’re not legally liable if someone makes unwanted purchases with just your debit card information, so long as you report the purchase within 60 days of receiving your statement. This is federal law.
Someone who has access to your passwords might use that information to find out more about you. They can then use that data to try to open new credit accounts in your name. Therefore, it’s a good idea to set up alerts at one of the three primary credit bureaus (If you set one alert, they will notify the other two): Equifax, Experian, or TransUnion. This way, if someone attempts to open a new account, you’ll be contacted, and the process can’t go further without your explicit authorization.
While data breaches are common and having your passwords stolen is sometimes unavoidable, no matter what you do, you can minimize or even eliminate any potential damage caused by a compromised account. Take comfort in knowing that you can decide how far a cybercriminal can go with an exposed password, and you’re the one in control.