Just got news that my electricity company had a data breach and some of my personal info has been stolen. This includes government id and bank details…
What can I do to protect myself from harm?
Just got news that my electricity company had a data breach and some of my personal info has been stolen. This includes government id and bank details…
What can I do to protect myself from harm?
If you are not already, start using a password manager. BitWarden, or VaultWarden if you want to self-host. Reset all of your passwords, starting with email addresses that are used to access other accounts, then financial accounts, government service accounts, healthcare accounts, etc.
Reset the PIN numbers on your bank/credit cards, starting with whichever you use most frequently.
Freeze your credit. Check your credit reports and make sure there aren’t any new accounts you don’t recognize.
Consider getting a new phone number.
Consider getting a new email address (with a provider that at minimum provides encryption at rest).
Keep the official notice of the theft of your identity somewhere safe. You may need it to help prove that any new accounts created with your information are not legitimate.
If you do find out that someone is illegally using your identity, check with your relevant government office. In the US you can apply for a new SSN if there’s evidence that someone is actively impersonating you, though of course changing it creates a host of follow-on problems for you.
Identity information is a commodity item on the Internet, with both legal and illegal information traders. If you’re concerned about exposure, you might want to pay for a data removal service like EasyOptOuts or Delete Me. These services are not scams, they are effective for what they do, but they only work with legally registered data brokers. Having them submit deletion requests for your data will mostly remove it from OSInt sources and people search services. They can’t actually delete your information from any sources that are trading it illegally or take it off the “dark web”, and can’t protect you from someone opening new credit accounts or impersonating you for job applications.
The effectiveness of this is limited, and it costs money, which is why it’s low on this list.
Depending on what you do for work, consider letting your manager know. If your personal details could be used to access your employer’s information system for some malicious purpose, giving them notice might help them avoid trouble and might save you from taking the blame for some illegal activity. I would mostly recommend this if you work for some government agency, healthcare organization, or financial institution where malicious access could harm other people.