Data Breach Check – Have I Been Pwned?
A data breach, or data leak, is a security infringement in which information is taken or accessed by an unauthorized third party. Data breaches are seriously damaging to both the companies and the consumers. Not only are they expensive to recover from, but in some cases, the information stolen can damage lives. Therefore, using tools like the data breach checker are essential in order to stay on top of your data security.
Data breaches occur most often with big companies that keep a lot of sensitive user information on file. Even if a company has high-quality information security, hackers are capable of cracking through layers of protection to expose large amounts of information. Names, phone numbers, email addresses, birthdays, Social Security numbers, online account logins, credit card numbers, bank account numbers, and more are all able to be exposed in data breaches.
Sometimes data breaches affect personal computers, although the term typically refers to non-personal attacks. Malware, viruses, and broken links are all tactics used by hackers to steal your information.
Am I at risk for being a victim of a data breach?
Unfortunately, yes; all users are at risk for being the victim of a data breach. Ideally, if you kept yourself off of social media, revealed nothing on the Internet, and kept your sensitive data files under lock and key, you could live without fear of a data leak. However, this is not the case in reality.
Even if you take every security precaution to protect your online accounts — which you still should do — you’re not in the clear. Some technologically-savvy users can glean information about you from your IP address, including your general location. The What Is My IP website homepage shows you your own IP, but you'll have to take additional steps to hide it from others, such as using a VPN. Furthermore, financial institutions, medical facilities, tax documents, and job applications all require that you submit not only your name, date of birth, and private contact information, but also your Social Security number.
There’s no way to exist in the United States without giving your Social Security number out to at least a few places. Every application, portal, or person you submit to should be incredibly secure. Even so, it’s out there, and data breaches can happen anywhere.
But be encouraged: there are security measures that you can take to better protect yourself and your personal information. Though nothing is guaranteed, following these tips helps limit your chances of becoming victim to a data breach.
Three ways to protect against a data breach
Limit who has your private information
As mentioned above, there are many reputable sources that require you to submit a Social Security number, driver’s license information, or payment card. That means this can be difficult.
However, be aware that a company may ask for information and still not require that you submit it all. Many medical offices request your Social Security number, but do not require it. Always ask the company or person you’re giving it to if the information is absolutely necessary.
You can also be selective in which credit cards you apply for. Most credit checks require your Social Security number, which is valid. But refrain from applying for individual store cards, for example, unless you frequent that shop often. This distributes your information, and if history is any indication, chain stores like Target or Best Buy are at greater risk for security incidents that expose your information than your bank is.
Be smart about using your information online and offline
Data theft happens even within reliable institutions. But you can save yourself from unnecessary risk by making sure every company you give it to is legitimate. Don’t enter personal data onto unsecured online forms.
Always make sure a website is HTTPS protected, meaning you can see the secure lock symbol in the upper left corner of the address bar. If a website says “not secure” or shows an open lock, absolutely do not input your information.
Don’t use weak passwords or the same password across accounts
Only use each password once. Admittedly, this can’t stop a data breach from happening. But in data leaks that only expose your account username and password, it prevents more information loss.
If you use the same username and password for your Target account as you do for your S&T Bank login, a data breach on Target’s website will also put your bank accounts at risk. It's tempting to create one strong password and use it across different accounts, but this is dangerous. Try using a password manager to create and manage unique passwords across all of your online accounts.
This is especially important in the face of a password leak. It's estimated that approximately a hundred passwords are stolen every second, which is an alarming number. Strong passwords won't save you from a password leak; however, unique passwords will. Using different passwords on each of your accounts will prevent a hacker to getting into multiple accounts with the data from a single password leak.
However, as important as using different passwords is, it's equally important to create strong passwords to keep your individual accounts secure. If you have separate logins with weak passwords, someone who has your basic identifying information could still successfully hack into other accounts. Keep everything separate and secure; don't let a smaller data breach create a domino effect.
Has my data been breached?
If you're wondering if your information has been breached, the best thing to do is check in the Data Breach Check Tool above. Enter your email and allow the data breach checker to check for data leaks. Even if you don't think you're at risk for a breach, it's better to check and know with certainty.
Notorious data breaches
As mentioned above, data leaks happen to companies big and small. Unfortunately, with big company breaches, the customers hurt the most. These are 5 of the worst big-company data breaches in the last decade.
- Yahoo, in August 2013, had over three billion accounts exposed in a data breach. They successfully stole user account information, though users’ financial information remained uncompromised.
- LinkedIn, in June 2021, found data from 700 million of its users posted on the dark web. A hacker was able to steal data from the site, including email addresses, phone numbers, social media handles, and geolocation data. It affected over 90% of the company’s user base.
- Facebook, in April 2019, had two datasets from the Facebook app exposed, affecting 533 million users. Hackers exposed users’ account names, Facebook IDs, and phone numbers on the dark web.
- Target, in November 2013, saw hackers gain access to their computer operating system. This exposed the full names, phone numbers, email addresses, payment card numbers, and credit card codes of 41 million customers.
- Equifax, in September 2017, suffered a data leak that exposed the personal information of 147 million users. This breach was one of the worst for users. Names, home addresses, phone numbers, birthdays, Social Security numbers, and driver’s license numbers were all stolen.
If your information was associated with any of the above companies during the years of the breaches, performing a data leak check is essential. Use the data leak checker above to scan for your information on the web.
What to do if your data was compromised
Quick action is essential if you believe you've experienced a data breach.
Review the data exposed in the breach. Was it account usernames and passwords? Did it include credit card information? The next steps vary depending on the exposed information.
For all accounts exposed or potentially exposed in the data breach, make sure you change all account passwords. If the same username/password combo were used on other accounts, change those passwords as well.
Use passwords that have a combination of uppercase and lowercase letters, numbers, and symbols; passwords with all four elements are the strongest. Use a password generator if you have difficulty creating strong, random passwords. Never use the same username/password combo across different platforms.
Furthermore, set up two-factor authentication if possible. You want to know if anyone tries to access your accounts, but hopefully, they won't be able to once you've updated your login information.
If your credit card, bank account information, or Social Security number was leaked, contact one or more of the major credit bureaus to report a fraud alert. You can also freeze your credit. This keeps criminals from using the breached information to open a credit card in your name and putting you on the hook for the charges. While it also could inconvenience you, if you freeze your credit, you'll have the opportunity to temporarily unfreeze it before making a big purchase or taking a loan yourself.
After a data breach, the most important thing is to be cautious. Watch out for phishing or spam emails and monitor your credit reports and bank accounts for strange charges or withdrawals. Not all breached information makes it into circulation; it's possible you won't experience any issues, but better to be safe than sorry.
How can I check on my personal information?
There are a couple of different ways for you to check on your personal information; once again, it depends on the information you're concerned about. Using the above data breach tool is a great step, as it can locate stolen information and provide notice.
Another good option is using an overall alert program, like Norton's LifeLock. Norton’s premium LifeLock gives you alerts if they find your Social Security number, medical or driver’s license numbers, bank account information, credit card numbers, or insurance policies associated with someone that isn’t you or located on the dark web.
Though neither Norton nor WhatIsMyIP.com can save your personal information from being stolen, they can alert you if your information is being illegitimately used. Whether exposed in malware attacks, social engineering attacks, or data breaches, having the knowledge supersedes having nothing.
WhatIsMyIP.com has provided this data breach check tool courtesy of Have I Been Pownd at haveibeenpwned.com.
Frequently asked questions
What should I do if I identify a data breach?
If you identify a data breach within your company, immediately contact your IT department or manager to resolve the leak as quickly as possible. Make sure to contact all those affected by the breach once you assess the damage. Moving forward, work to improve your data security system to prevent future breaches if at all possible.
Can I check if my data has been breached?
Yes, you can check if your data has been breached using the data breach check tool above.
What is the most common source of data breaches?
The most common source of data breaches is hacking. Once hackers get into a server, they gain access to all the information inside, including users' login data, emails, phone numbers, and other personal information.