Quick Links
Data breaches can be incredibly distressing, depending on the scale and type of data involved. A breach can leak personal data such as your email address, credit card details, social security number (SSN), driver’s license, or health information. Irrespective of the type of data involved, its scale, or its severity, a data breach can leave you confused about what to do next.
A data breach can occur digitally or physically, as the result of anything from device theft to phishing attacks. Whatever the cause, if you’re caught in a data breach, you’re going to want to know what to do next.
Who’s at Risk of a Data Breach?
Everyone is at risk of data breaches, including individuals, businesses, institutions, organizations, and governments. According to Statista, more thansix million data records were exposedin data breaches in Q1 2023 alone. IBM also reports that the average cost of a data breach has risen to$4.45 million.
If you’ve just lost your smartphone, tablet, or laptop (personal or company-issued) or received a data breach notice, the following tips can help you minimize the risk of further damage.
1. Verify the Breach
To do so, check the news or contact your service provider via their trusted channels. Whatever you do, don’t panic, and avoid clicking links in unverified data breach notices; they could be traps.
If a data breach is confirmed, read the notice to the end, then proceed to the next steps. Otherwise, ignore it. If your phone is stolen, consider an affordable replacement such as theMoto G (2023 edition), orSamsung Galaxy A54 5G.
2. Go Offline and Warn Your Team
Timing is of the essence when dealing with a data breach. Going offline ASAP might help to contain the spread of a cyberattack. Quickly contact your employer and notify your IT department or incident response team so they can take steps to protect themselves. Start a log documenting the attack and the mitigation measures you’ve taken so far.
3. Assess the Damage
Assessing the level and extent of the data breach will help you estimate the scale of the attack and its likely impact. Take note of when the breach was discovered, how it happened, the types of data extracted, and the number of people affected, among others. This is an important step, even if you only lost a personal phone.
4. Assess the Risk of Harm
5. Report to Relevant Authorities
For organizations, high-risk data breaches should be reported according to local regulations within the stipulated timeframe. TheFTC Data Breach Response Guideis helpful for businesses in the US. The GDPR mandates organizations in the EU to notify a Data Protection Authority (DPA) within 72 hours of a high-risk breach.
6. Inform Your Carrier
If your phone or tablet was stolen, quickly inform your network carrier. Some carriers can help you to block your SIM card or disable your phone’s IMEI to prevent impersonation and fraud. Alternatively, you may track or wipe your lost device usingGoogle Find My(for Android devices),Samsung Smart Things(for Samsung devices), orApple Find My(for Apple devices).
7. Notify Affected Users
8. Alert Your Contacts
If your phone or tablet was lost or stolen, quickly find an alternative way to access and alert your contacts. A phone thief may easily impersonate you and dupe your contacts. They can also take over your social media accounts to pitch fraudulent businesses or to post offensive content. You can access your contacts viaGoogle ContactsoriCloud Contacts.
9. Inform Your Bank or Financial Institution
If you use a banking app and set your device as a trusted device, someone could use it in an attempt to access your online banking. A thief or hacker may also be able to make payments using your phone if they’re able to access Google Pay or Apple Pay. Quickly contact your bank to block your card or do it yourself online.
