What should you do if your data has been breached?

5th September 2019

Unless you are one of the lucky ones, you will have probably received an email from a subscription, bank or airline telling you that your personal data has been breached.

So, what steps must you take to protect other accounts that you have and to ensure that your identity is safe?

Firstly, you must secure all your online accounts by changing all your passwords to something strong and unique and enable two-factor-authentication. You should also check your email settings to see if your email accounts have been set to forward to another address; this would indicate that your email account had been compromised and would allow the malicious user to continue to have access to your emails even if you change your password. Therefore still allowing them to reset passwords on accounts that are linked to that email address.

Secondly, submit a subject access request (SAR) in line with your GDPR rights as an individual so that you can gain visibility of exactly what data they hold about you (to be certain), but it will also confirm if they have shared your data with any third parties. If your data has been sold to a third party, you can contact them and request the Right to be Forgotten; this will limit the exposure of your data.

You can also take a look at the breached company’s privacy policy as this will highlight what technical and organisational controls, they have in place to safeguard your data.

Thirdly you can set up a Google Alert with the email address and username that has been leaked. Anytime that information appears somewhere online; you will receive an alert, providing you with visibility of where your data could potentially be shared.

Under the GDPR, your personal data must be secured, that means that unprotected inboxes, documents and files must not contain any sensitive or personal information as these repositories are susceptible to a data leak or breach. Ensuring that only the right people have access to this data is crucial to the security of a business.

As a business owner trying to locate and identify where this personal data sits within the organisation can be an extremely arduous task, searching for information that you don’t know exists can be almost impossible. RiskView identifies all sensitive personal information and provides the location of each document, providing you with the information you need to protect the data. If you don’t know where the data is, you cannot protect it.


View More Articles