What to do if you are the victim of a data breach

What to do if you are the victim of a data breach

It seems that every day there’s another story about a data breach, with innocent people the world over having their personal information released online – so would you know what to do if you were a victim?


It seems that every day there’s another story about a data breach, with innocent people the world over having their personal information released online – so would you know what to do if you were a victim?

This is the time of year where you need to be more aware and tech-savvy than ever as opportunists are ready to take any chance they get but if you are unlucky enough to be a victim of a data breach or a hack, what should you do next?

Determine what was stolen

When it comes to a data breach your data falls into three different categories;

Least sensitive – your name and address, which alone won’t cause much of a problem, after all the same information was printed in good old telephone books.

More sensitive – e-mail addresses, date of birth and credit/debit card numbers, which can result in spam and fraudulent charges.

Most sensitive – credit/debit card security codes and online banking passwords, which could result in large-scale theft.

Call the relevant people

If your payment information has been compromised, call your bank immediately to limit your liability for fraud. They will not only flag the fraud risk on your account, which will alert them to any suspicious activity but they’ll also cancel your cards, making the fraudster’s information useless.

Contact the credit report agencies to prevent any future fraud.  Alert the three main agencies; Call Credit, Experian and Equifax who will add a fraud alert to your account which will ensure credit isn’t fraudulently taken out in your name.

Alerting the credit agencies will also prevent any future attacks, relating to this incident, from affecting your credit ratings.

If you are sure you have been the victim of fraud then contact Action Fraud on 0300 123 2040 or visit the Action Fraud website.

Change your passwords

As soon as you discover your information has been compromised it is essential to change your password. If you are like millions of other people in the UK it’s unlikely you use a different password for every different account you have, so it might be worth changing all accounts which use that password just in case. But learn your lesson and keep them completely separate moving forward.

If you don’t think you’re going to remember separate passwords for all your different accounts, it’s worth investing in a password manager.

Chase it up

Make sure you complain to the company involved in the data breach, not least so they are aware – in some cases, they only know there’s a problem when someone tells them about it.

It’s also important that they know the distress caused as well as any financial losses incurred – all which can be reclaimed as part of a compensation settlement.

You should also put in a formal complaint to the Information Commissions Office (ICO) who will be able to confirm that the Data Protection Act was breached.

If you cannot agree on a settlement and the ICO back your claim then you should consider taking the company responsible for the data breach to a small claims court.

Be vigilant

Following any kind of data breach, or a suspected one, you should always remain vigilant because an attack is not always imminent. Sometimes hackers can keep hold of the data and strike when people least expect.

Regular checks of your bank account and credit score will flag up any potential problems but if you do spot anything suspicious contact your bank and Action Fraud immediately.

  • Recent Articles
Author Details
Founder & CEO at Hedgehog Security

Peter has been in the Information Security world since 1999 and in IT in general since 1996. His work history contains a unique blended balance between the development of exceptional technical capabilities and business knowledge. Peter is a proud father of twins and enjoys GT endurance racing on the weekends.

We would like to keep you informed about our services. Please tick the options below to receive occasional updates via

  • penetration testing steps
    Peter talks to FindMyUkCasino
  • Malware
    SB Tech Breach

    Last week saw SB Tech Breached by the hacking group Maze. It seems that every week the group are announcing more victims.  GameOn asked our CEO Peter Bassill, to give us some insight into the attack. The GameOn article is here.

  • Privacy
    Howto VPn

    In our “How to securely” series we asked our followers what tools they would like a simple guide on to help them stay secure online. There seemed to be a lot of confusion as to what a VPN is and why you should or should not use one. So we asked Peter to help.

  • WhatsApp
    How To Whatsapp Safely

    WhatsApp is among the fastest-growing instant messengers out there, and almost a social network in its own way. But if you are using it, there are some steps you should take to protect your security and privacy.

  • Morrisons Breach Update

    The UK’s highest court ruled that Morrisons can not be liable for a criminal act of a person seeking to harm their business. On April 1st, 2020, a panel of five justices unanimously ruled that Morrisons was not “vicariously liable”.

  • Remote Working Considerations

    With the current pandemic situation, we all need to be taking remote working considerations. While adjusting the work paradym, it is vital to keep a mind’s eye on the security and safety of the businesses information assets

  • Securing Zoom
    How To: Securing Zoom

    In this guide we are looking at how to go about securing zoom. Since the onset of the global pandemic, we have seen surge in “zoom bombing”. This is where people with malicious intent look for in-progress zoom meetings to join and cause trouble.

  • Software Security
    Dell EMC iDRAC memory corruption Vulnerability

    A critical vulnerabiltiy has been identified in Dell EMC iDRAC7, iDRAC8 and iDRAC9. Some unknown processing is affected by this issue. Manipulation with an unknown input can lead to stack based memory corruption.

  • Hiscox Sues for Failing to Disclose Data Breach

    On March 27th, Hiscox Insurance Company Inc. filed a complaint against law firm Warden Grier for concealing a data breach that occurred back in 2016.

  • Software Security
    Privilege escalation on Nginx Controller up to 3.1.x Controller API

    A critical vulnerability has been identified in Nginx Controller up to 3.1.x (web server,) affecting an unknown code block of the component Controller API.

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Scroll to Top