Data Breach Guidance
​​You may find out you are involved in a data breach through a notification from:
-
An affected organisation
-
A password manager
-
A service such as Have I Been Pwned
​​
Data Breaches may contain personally identifiable information such as:
-
Names
-
Home or mobile phone numbers
-
Email addresses
-
Physical addresses, geo-location data, and IP addresses
-
Passwords and security hints
-
Financial data
​
Information in each data breach varies, however, it is important to note that even if a password was encrypted, once involved in a data breach, it should be considered insecure, and you should update that password everywhere it was used, and never use it again.
​​​
​Guidance for business owners responding to a data breach is here.
​
Guidance for individuals subject to a data breach is here.
​
​
Should fraud or cyber crime be linked to an account suspected to have resulted from the data breach?
-
Use the government reporting service to inform the correct authority.
​​​
​
-
If you are involved in a data breach, you will highly likely be subject to scam attempts. If you receive a message or phone call that doesn't feel right, report it.
-
Suspicious email, forward to report@phishing.gov.uk, which is the NCSC's Suspicious Email Reporting Service.
-
Suspicious text message - forward to 7726.
-
Suspicious call - text the word CALL and the suspicious number to 7726.
-
If you think someone is trying to trick you into handing over money or personal details, stop, hang up, and call 159 to speak directly with your bank.
​
If you think you are a victim of a sextortion scam, report it to your local police force by calling 101.
​​