So you gave personal info to a company caught in a data breach. Now what?

Cybersecurity experts say it's a matter of when, not if, you will be faced with a notice of compromised data

Image | Cybersecurity Your Money 20171123

Caption: A woman uses her smartphone as apps are shown on an iPad in Mississauga, Ont., on Nov. 13, 2017. One cybersecurity expert says getting caught up in a data breach is a matter of when, not if. (Nathan Denette/The Canadian Press)

Hacks, ransomware attacks and data breaches seem to be in the news more and more often — and many people are getting alerts that their information has been compromised in the process.
Just this week, Petro-Points members learned an unauthorized party had obtained their basic contact information, such as mailing and email addresses, phone numbers and dates of birth. Petro-Canada sent an email to its customers to watch out for unusual emails and messages as a result.
In February, a ransomware attack on Indigo compromised the data of current and former employees. And late last year, thousands of people in Ontario were warned their personal information may have been compromised in a breach of the province's vaccine management system.
Getting one of those ominous emails or letters alerting you to a problem can leave you feeling powerless. But cybersecurity experts say there are helpful steps you can take to protect yourself in the wake of a data breach — and to prepare for the next time it happens.
"It's not if you're going to be breached, it's when you'll be breached," said Cat Coode, a data and privacy strategist who founded Binary Tattoo, a cybersecurity firm based in Waterloo, Ont.

How to check if your data has been breached

Even if you haven't been alerted to a data breach, you can still take action.
Try entering your email address at HaveIBeenPwned.com(external link), a free service that checks to see if your information has been breached, and exactly what has been put at risk.
You can also sign up for notifications about future breaches involving your email address.
WATCH | Insider says privacy issues put bank customers at potential risk:

Media Video | The National : Insider says privacy issues put Manulife bank customers at potential risk

Caption: An insider says there were major privacy issues within Manulife's Canadian banking division that potentially put thousands of customers at risk and that executives downplayed the urgency of fixing the problem.

Open Full Embed in New Tab (external link)Loading external pages may require significantly more data usage.

Yep, I'm affected. What now?

If the breach involves your credit card number, call the company and let them know. It might be wise to ask your credit card company if you should change your number or cancel your card and get a new one altogether. You should also call credit reporting agencies — in Canada they are TransUnion(external link) and Equifax(external link) — alert them to the problem and check for any suspicious activity that might be affecting your credit score.
The company that suffered the data breach might also offer you free credit monitoring. If they do, take them up on it — and insist on getting it for your children if they were affected, Coode said. While they may not have credit scores yet, their birth dates and other personal information could be used to apply for credit cards.
Keep an eye on your credit card statements for any unusual activity, too.
If you think you're the victim of identity fraud, you can also request a fraud alert or credit freeze be placed on your accounts, according to Carolyn Boris, a vice-president with Chubb Personal Risk Services.
You could even contact your insurance agent or broker to ask whether your policies provide any coverage for identity theft or related expenses, she said in an email.

What about passwords?

Change the passwords of any affected accounts. It's also key to make sure all of your passwords are different — and yes, cybersecurity experts are well aware of how difficult that can make life.
"It's very easy and common to use the same password, or maybe you have a small list of passwords. But this is exactly what the bad guys prey upon," Ian L. Paterson, CEO of Plurilock Security, said from Victoria.
"Whenever a password gets breached from a hack or a data breach, it's very common for the bad guys to use bots to test that password and see where else that password can be used."
Both experts suggest using a secure password manager to keep track of your passwords. If you don't want to do that, it's better to write down cryptic hints for each password than the passwords themselves, Coode said.
And when picking your passwords, think beyond the obvious. Chubb released a report on personal cyber risk late last year that showed about half of people in Canada and the United States still include the name of a pet, or another identifiable name or date in their passwords.
Coode suggested basing your passwords on your favourite book series instead.

What else can I do?

Make sure you are running the updated version of all applications and programs on all your devices, as well as ensuring your operating systems are up to date. Software companies often release patches and security fixes, Paterson said.
And wherever you can turn on two-factor authentication (2FA) or multi-factor authentication (MFA), do it.
"It's that annoying text message you get with the six-digit code you have to punch in," Paterson said. "It is frustrating, it slows you down, but it does wonders to protect your security."
Chubb's report(external link) showed more than 50 per cent of Americans and Canadians are now using 2FA.
Lastly, when you're paying for stuff online, use services like PayPal whenever possible rather than punching in your credit card information, Coode said. It prevents your credit card number from getting spread around widely.
The experts offered common-sense advice that most of us have heard before. But if you follow it, it can go a great distance to protect you, Paterson said.
"The bad guys, they want to go after the easy targets," he said. "As a consumer, you need to be more secure than the next guy. And the bad guys are going to go after that other guy."