What To Do If Your Personal Information Has Been Compromised

Has Your Personal Information Been Compromised? Do This  

White House staffers are used to working with people in the spotlight. But in March 2023, the spotlight turned on them when they became victims of a massive data breach — exposing the health records and personal information of thousands of lawmakers, their staffs, and their families [*].

Unfortunately, data breaches are becoming more and more commonplace. According to the Identity Theft Resource Center [*]:

There were 1,862 publicly reported data breaches in 2022 — leading to personal info from 422 million individuals being leaked to the Dark Web.

Today, it’s safe to assume that almost everyone’s personal information has been compromised or leaked online. But just how bad is it? And how do you know if you’re at risk? 

In this guide, we’ll cover what can happen if your personal information has been compromised, how to find out if you’re a victim, and what to do to safeguard your identity, online accounts, and finances.

{{show-toc}}

What Can Happen If Your Personal Data Is Leaked Online? How Bad Is It?

Personally identifiable information (PII) has become an extremely valuable currency to hackers and scammers. With even a minimal amount of your PII, scammers can impersonate you, take over your bank accounts, or apply for loans and government assistance in your name. 

Because of the value of PII, the goal of any data breach is to collect as much personal and financial information as possible to either use for scams or sell on the Dark Web. 

This could include names, addresses, phone numbers, email addresses, passwords, Social Security numbers (SSN), medical records and data, and credit card and financial account information.

This year, household name brands such as Dole, KFC, DISH, and Procter & Gamble all suffered data breaches within one month. With stolen or compromised PII, scammers can:

• Steal your identity. With just your name, address, and phone number, identity thieves can impersonate you and break into your bank or other financial accounts, take over your social media pages, apply for government benefits and loans in your name — or worse.
• Ruin your credit by taking out debts in your name. Leaked data can often be enough to allow scammers to open new accounts, wrack up debts with low-security lenders (such as payday loan companies), or take out loans — all under your name.
• Target you with phishing scams. Scammers use leaked information to target victims with elaborate phishing emails, texts, calls, and social media messages. They may trick you into sending them more sensitive information or financial data, such as your bank statements or credit card numbers. 
• Hack your online accounts. Leaked passwords can give hackers access to your bank, email, or social media accounts. From there, they can steal money, scam your friends and family, or send phishing emails to your coworkers on your behalf.
• Blackmail or extort you. Deploying ransomware on your computer can lock down your communications and files until you send scammers money. Fraudsters may also threaten to leak even more stolen information if you don’t pay up.

How To Check If You’re the Victim of a Data Breach 

Most people don’t realize their personal information has been compromised until they either get a notification from a breached company — or they get scammed. To proactively protect yourself from identity theft, hacking, and fraud, it’s important to know if your data has been compromised. 

Here are three ways to find out if you’ve been the victim of a data breach: 

1. Check for leaked passwords by using Aura’s free Dark Web scanner. Aura uses your email address to scan recent and known data breaches to see if your credentials have been compromised. 
2. Double-check using HaveIBeenPwned. This is another free data breach scanner that has limited capacity to check if your phone number was leaked in larger breaches. 
3. Sign up for 24/7 Dark Web monitoring. Free Dark Web scanners only scratch the surface of what personal information has been leaked online. A 24/7 Dark Web monitoring service goes deeper and can check for more leaked information, including passwords, Social Security numbers (SSNs), passport numbers, driver’s license numbers, medical information, and more. Sign up for a free 14-day trial of Aura and find out what personal information of yours has been leaked to the Dark Web.

Was Your Personal Information Compromised? Here’s What To Do

1. Verify that your information has been leaked
2. Change your passwords, and enable 2FA
3. Freeze your credit with all three credit bureaus
4. Request a free credit report, and check for fraud
5. File an official report with the FTC
6. Contact your bank and any other impacted company
7. Monitor your credit for suspicious activity
8. Consider signing up for identity theft protection

If you think or know that your personal information was compromised, it’s critical to act quickly. Follow these eight steps to stop the scammer and repair your identity.  

1. Verify that your information has been leaked

Data breaches happen almost daily — making it nearly impossible to keep up with them.

Unfortunately, scammers take advantage of this uncertainty and send out fake Dark Web alerts containing malicious links — or request payment for “removing” your SSN, date of birth, or driver’s license number from a breach [*]. 

How to tell if a data breach notification is legitimate:

• Search for the company’s official data breach disclosure. If a company has been hacked, it will make an official announcement on its website (or the breach will be covered by a reputable news source). 
• Double-check that you’ve been affected by using a Dark Web scanner. Use a reputable Dark Web scanner (like Aura’s free tool) to check if your email or passwords have been compromised. 
• Carefully consider any free support offered by the company. Many companies offer free credit monitoring and other services after a data breach. However, accepting these offers can sometimes limit your options for joining class-action lawsuits in the future or seeking further compensation.

2. Change your passwords, and secure your online accounts with 2FA

Since many people don’t use unique passwords for each account, a single leaked password could give scammers access to multiple accounts. As soon as you find out that an account has been compromised, change your password immediately and enable additional security measures such as two-factor authentication (2FA). 

How to secure your online accounts after a data breach:

• Use unique passphrases for every account. Many cybersecurity researchers now recommend using a memorable passphrase rather than an overly complex password —  for example, “Th3l0rd0fTh3RinG$.” And remember: Don’t repeat passwords (or variations) across multiple accounts. 
• Store your credentials in a secure password manager. Every Aura plan includes a password manager that securely stores and retrieves your passwords whenever you need them. Aura can even warn you if your passwords have been compromised in a leak. 
• Secure your account with 2FA. With 2FA enabled, your accounts require a second authentication method along with your password — for example, a code sent to your phone, or biometrics like your fingerprint or facial scan.

3. Freeze your credit with all three credit bureaus

A credit freeze prevents anyone from accessing your credit file and is one of the best methods to stop scammers from opening new credit accounts or taking out loans in your name. 

To freeze your credit, you’ll need to contact each of the three major credit reporting agencies — Experian, Equifax, and TransUnion. Each will ask you to prove your identity and will then provide you with a PIN that you can use to freeze your account (and later “thaw” it if you need to apply for new credit). 

Here’s how to freeze your credit with all three major credit bureaus:

4. Request a free credit report, and check for fraud

Checking your credit reports can help you identify signs that you’ve been the victim of identity theft — such as incorrect information or new accounts that you don’t recognize. Every U.S. citizen is entitled to a free credit report each week from all three credit reporting bureaus at AnnualCreditReport.com. 

Here’s what you should look for on your credit reports:

• Accounts or charges you don’t recognize – such as those from stores or companies from which you don’t make purchases. 
• Hard inquiries you didn’t request — such as lenders checking your credit for loan or mortgage approvals.
• Lines of credit you don’t remember opening – including utilities such as cable or phone.
• Incorrect balance details or missing payments.
• Errors in your personal information — such as your name, address, and other contact details.
• Account status issues — such as open accounts that should be closed, or if another person’s name has been added to an account. 

When requesting your credit reports, you’ll need to share your name, SSN, and date of birth. You may also need to provide current and previous addresses as well as information about your account. 

💡 Related: How Long Does It Take To Repair Credit? →

5. File an official report with the FTC and local law enforcement

An official identity theft report from the Federal Trade Commission (FTC) is an essential part of recovering from fraud, identity theft, or a data breach. Fill out the online form at IdentityTheft.gov to receive your FTC identity theft affidavit along with a personalized recovery plan.

Depending on your situation, you may also want to file a police report including the same information. Both FTC and police reports are essential when disputing fraudulent charges with financial institutions, credit card companies, and other vendors.

6. Contact your bank and any other impacted company

Reach out to the fraud department at any company where you know your identity or personal information was fraudulently used. Explain that you’ve been the victim of identity theft — and that any debts or accounts opened in your name need to be removed and wiped from your credit history. 

You’ll most likely need to share copies of your FTC and police reports in order to prove your innocence. Once the company agrees, ask them to send a letter stating that they’ve removed the charges and that you are not liable for those purchases.

You may also need to contact government agencies where your identity was fraudulently used. For example: 

• The Internal Revenue Service (IRS) for tax-related fraud, such as a stolen or fraudulent tax return. 
• Your state’s Department of Motor Vehicles (DMV) for a stolen driver’s license. 
• The Social Security Administration (SSA) if someone claimed unemployment in your name (or other benefits). 
• Medicare or your healthcare insurance provider for medical identity theft.

💡 Related: What To Do If Your Identity Is Stolen →

7. Monitor your credit and online accounts for suspicious activity

If scammers have stolen your identity, they’ll most likely target your online bank or other financial accounts. Regularly checking your bank and credit card statements can help you spot early signs of financial fraud after your personal information has been compromised. 

For added protection, consider a credit monitoring service that sends transaction alerts. Aura monitors your bank, credit score and reports, and investment accounts for suspicious activity or signs of fraud. If anything is discovered, you’ll receive a notification in near real-time — and can get help quickly from Aura’s U.S-based customer support representatives. 

💡 Related: What To Do If Your Email is Found on the Dark Web  →

8. Consider signing up for identity theft protection

Over 42 million Americans were victims of identity theft and fraud in 2022, with more than $52 billion in losses and fraudulent charges [*]. If your personal information has been compromised, you could become a vulnerable target. 

Identity theft protection services like Aura monitor your most sensitive personal information and financial accounts for signs of fraud, and alert you if anything suspicious is found. 

Aura also protects your data from being stolen in the first place with advanced digital security tools like antivirus software, a secure password manager, a virtual private network (VPN), Safe Browsing tools, parental controls, and more. 

And if the worst should happen, you’re covered by Aura’s team of 24/7 White Glove Fraud Resolution Specialists, as well as a $1 million insurance policy for eligible losses due to identity theft. 

Here’s what real customers from a third-party review site said about using Aura [*]:

• They held my hand through the entire identity recovery process: “When my identity was stolen I felt violated, scared, and unprotected. [...] I called [Aura] and was put in touch with a member of their White Glove team. They explained what we needed to do together. They didn’t say here’s a number and this is what you do. Anyone who goes through this needs the kind of protection and kindness that [Aura] provides.”
• Fast alerts that saved me money: “Aura caught several fraud attempts early on and were able to mitigate the damage almost immediately. I will not be without this service. It is a very wise investment!”
• Customer service went above and beyond: “[Aura’s] service is over and beyond what I expected. With one phone call, [the Aura representative], called each creditor and checked my credit reports and offered great follow-up advice. If you want peace of mind, you need Aura.”

How To Protect Your Private Information From Scammers

• Keep your personal information private on social media. Criminals regularly check public social media profiles for sensitive information that they can use to scam you — such as your address, phone number, or favorite hobbies. Keep your social media accounts private and don’t accept requests from people you don’t know. 
• Limit the information people can find about you online. As much as possible, you should remove your personal information from the internet. This includes content you’ve posted online as well as anything that strangers can find in a simple Google search of your name.
• Remove your details from data broker sites. Data brokers, such as TruthFinder or BeenVerified, collect and sell your personal information to marketers and others. You can request to remove your contact details, personal history, and demographic information from every broker individually, but it’s a long and highly manual process. Consider using Aura to automatically scan for and remove your personal information from data broker lists.
• Secure your online accounts. Social media is only one avenue for impersonation and attack. Your email accounts, online banking, and even retail loyalty accounts can all be inroads for identity theft. Besides using strong passwords and 2FA, update apps regularly to ensure that you’re using the latest versions, install anti-malware on all your devices, and use a VPN whenever you’re surfing the web on your home Wi-Fi network — and especially on networks away from home, such as at airports, hotels, and coffee shops.
• Use a Dark Web monitoring service. Scammers actively buy and sell data on the Dark Web that they’ve sourced through social media and company data leaks. You can stay aware of what information or accounts have been compromised by using Aura’s free Dark Web scanner.

💡 Related: What Is a Data Breach? (And How To Protect Your Data) →

Should You Sign Up for Identity Theft Protection If Your Data Was Leaked?

Recovering from a data breach can be a time-consuming and stressful process. And unfortunately, as soon as your information is circulating on the Dark Web, it’s almost impossible to completely remove it. 

So it makes sense to sign up for an ID theft provider that can monitor all of your accounts for you and warn you if you’re at risk of hackings or identity theft. 

💡 Related: Is Kroll Identity Monitoring Legit? What You Need To Know →

The Bottom Line: Compromised Data Can Lead to Identity Theft

Personal data is being stolen every day – including yours. 

While it’s important that you take the steps necessary to keep your identity and finances safe, you don’t have to do it all on your own. 

Aura’s award-winning intelligent safety solution monitors all of your most sensitive information and accounts for you — and can alert you if hackers or scammers are targeting you. And if the worst should happen, you’ll get peace of mind knowing you have access to 24/7 help from Aura’s Fraud Resolution Specialists along with $1 million in insurance coverage for every member on your Aura plan.