Data Breach Guidance
You may find out you are involved in a data breach through a notification from:
✅ An affected organisation
✅ A password manager
✅ A service such as Have I Been Pwned
Data Breaches may contain personally identifiable information such as:
⚠️ Names
⚠️ Home or mobile phone numbers
⚠️ Email addresses
⚠️ Physical addresses, geo-location data, and IP addresses
⚠️ Passwords and security hints
⚠️ Financial data
Information in each breach varies, however, it is important to note that even if a password was encrypted, once involved:
❌ Consider it insecure
❌ Update that password everywhere it was used
❌ Never use it again
Things to consider:
✅ Guidance for business owners responding to a data breach
✅ Guidance for victims of a data breach
✅ Check if your details have appeared in any other public data breaches, there are a number of online tools that you can use, such as Have I Been Pwned. Don't forget to register for future notifications
✅ Consider registering with Cifas, to reduce the risk of becoming a victim of identity fraud
✅ Activate 2-step verification to prevent unlawful account activity
✅ Keep tabs on financial accounts by setting up alerts to notify you of any suspicious activity that might affect your credit score
⚠️ If you are involved in a data breach, you will highly likely be subject to scam attempts. If you receive:
⚠️ Suspicious email, forward to report@phishing.gov.uk
⚠️ Suspicious text message - forward to 7726
⚠️ Suspicious call - text the word CALL and the suspicious number to 7726
⚠️ If you think someone is trying to trick you into handing over money or personal details, stop, hang up, and call 159 to speak directly with your bank
Should you be involved in fraud or cyber crime linked to an account suspected of a data breach:
✅ Use the government reporting service to inform the correct person
✅ If you think you are a victim of a sextortion scam, report it to your local police force by calling 101