What is the first step after a data breach? How to protect your accounts

Ticketmaster, Advance Auto Parts, Santander Bank, ATT, Bank of America, file transfer service MOVEit, Trello and Discord. Those are just some of the major companies targeted in data breaches so far this year.

I’m giving away a $1,000 gift card to your favorite airline.

Try my free tech newsletter to enter!

It’s easy to ignore news of a data breach, I know. There are just so many that it all turns into white noise. The Change Healthcare hack alone exposed one-third of Americans. That’s either you or someone you love dearly.

So, what do you do if your data is exposed? Your No. 1 goal is to protect yourself from future scams.

Do these things right away

• Make a list of your data that was exposed. Keep a document, Post-it, a note on your phone, or whatever works for you. Be suspicious of anyone who references it in an email or phone call to prove they’re legit. Say your home address was leaked and someone contacts you about an issue with your mortgage. Yep, it’s probably a scam.
• Watch your money. Update your PIN and banking login credentials. Even if they weren’t involved directly in the breach, hackers can use your personal info to access it. Keep an eye on your bank and credit card statements.
• Freeze your credit. This will keep scammers from opening a credit card or loan in your name. Like setting up a fraud alert, you'll need to contact each of the three credit bureaus. It takes a little work, but it’s a solid defense against criminals trying to ruin your financial future.

Crooks love to play the long game

They’ll wait until your guard is down and target you months after the initial breach.

This is part of the reason so many people fall for phishing scams. The crooks are going into text, call and email exchanges with a lot of ammo.

• Be wary of any email requests. Even if a request is legit, it’s OK to take your time to figure it out. If it’s the first you’re hearing of something (like wiring your boss a bunch of money), it’s not urgent. Better safe than sorry.

• Watch out for health-care-related requests. If you receive an explanation of benefits or a bill for services you didn't receive, contact your health care provider and insurance company right away. Someone else may have gotten those services using your name.

• If you get an out-of-the-blue message from an old friend, be extremely cautious. Hackers love to use your info to pose as friends or family. These often start with an innocent-seeming text. Ignore texts from strangers who pretend to have the wrong number and want to chat, too.

What about when passwords are revealed?

On July 4, Hackers posted a file named RockYou2024.txt to a dark web forum. The file includes a mind-numbing 9,948,575,739 passwords. And there’s a very good chance it puts you at risk. The RockYou2024 leak is made up of passwords from both old and new data breaches.

It’s one thing when criminals have your name, phone number and financial details. Having access to your passwords is a whole different ball game.

The tactic is called credential stuffing

This is when crooks take your leaked passwords and try to break into as many services, sites, accounts and apps as they can. They’re hoping you got lazy at least once and reused that password somewhere else.

Any system that isn't protected against brute-force attacks is at risk, and this goes beyond smartphones and computers. Even internet-connected cameras and industrial equipment are on the hackable list.

What are your next steps?

Visit Cybernews' Leaked Password Checker to see if your passwords were exposed. HaveIBeenPwned is another option. Enter your email address into either one, and I’ll bet you’ll find yourself on the list.

Now the hard part: Reset the passwords for every single account associated with those leaked passwords.

Your browser can help

Your browser’s password manager can alert you if your passwords have been involved in a breach. Here’s how to view or enable this feature in three popular browsers:

• Google Chrome: Password alerts are enabled by default. If you think you might’ve missed one, head to Google’s Password Manager and run a Password Checkup.

• Microsoft Edge: You’ll need to turn on Edge’s Password Monitor. To do this, go to Settings and more (the three-dot menu at the top right of your browser window) > Settings > Profiles > Passwords. Then, toggle on the switch for Show alerts when passwords are found in an online leak.

• Apple Safari: Password monitoring is on by default for browsers running on MacOS 14 or iOS 14 and later. To check for alerts on your iPhone or Mac, and to update any compromised passwords, go to Settings > Passwords > Security Recommendations > Change Password on Website.

Oh, and this is important to remember: Any random two-factor authentication (2FA) codes you receive via email or text that you didn’t ask for could mean someone is trying to access your accounts.

Share this tip with someone you care about. Protecting others from scams starts with knowledge.

Learn about all the latest technology on the Kim Komando Show, the nation's largest weekend radio talk show. Kim takes calls and dispenses advice on today's digital lifestyle, from smartphones and tablets to online privacy and data hacks. For her daily tips, free newsletters and more, visit her website.