How do I know if my data has been breached?

We’re increasingly living our lives online, and as technologies like the metaverse become increasingly widespread and accessible, this trend is only going to continue.

However, living our lives online means there’s more data about us online than ever before. And this data is an attractive target for cybercriminals. According to the United States’ organisation Privacy Rights Clearinghouse, over four billion records were stolen or accidentally leaked during the 2010s.

We have already seen several large-scale data breaches this decade, so that number is likely to be surpassed quickly. Given the scale of cybercrime seen during the COVID-19 pandemic, we might even have already beaten it. For example, Facebook, for one, is a frequent target of cybercriminals. Given the number of active global users the social networking platform has, it would only take two or three data breaches to beat the last decade’s four billion.

What do cybercriminals do with stolen data?

It depends on what they steal.

Even if something that seems innocuous – like your email address – falls into the wrong hands, that could lead to phishing or password spraying attempts to compromise your online security.

When criminals steal sensitive data like your home address and payment card details, you could fall victim to identity theft or full-on financial fraud.

A data breach is often only the first step in a far wider-reaching cybercrime incident.

How can I check if my data has been breached?

If a data breach is “likely to result in a high risk” to your rights and freedoms, the Information Commissioner’s Office (ICO) guidance to businesses is that they should tell you about it.

Learn more about when a business or another organisation should notify you of a data breach.

However, businesses don’t always have to tell you if there has been a breach involving your details. This means your data is potentially circulating the dark web and in the hands of fraudsters without you knowing about it. Thankfully, there are a couple of easy ways to discover if this has happened.

  1. Have I Been Pwned? This website allows you to enter your email address, which it then cross-references with its database of over 10 billion credentials found in past data breaches. You can also use Have I Been Pwned? to check if your passwords have ever been compromised in a data breach.
  2. Check your web browser’s settings. If you use your browser to create and save passwords, it’ll often warn you if your credentials have been compromised, enabling you to take action. Google is also rolling out a new feature that will automatically update passwords when specific credentials are involved in a breach.

What should I do if my data has been involved in a breach?

In this scenario, you need to take steps to protect your privacy and security.

As a minimum, you should change the password of the affected account. For added security, you should use two-factor authentication (2FA) if it is available and avoid using the same password for multiple online accounts.

Some companies, including Microsoft, now even offer password-less sign-in. Such a feature means you need to manually verify each sign-in attempt using an Authenticator app on your smartphone. While not having a password might not sound secure, it’s the best way to protect your online accounts. As a result, many more businesses and platforms are likely to move to this approach in the coming years.

For accounts where you still need to create a password, you should use a password manager – or built-in browser features – to create and securely store hard to crack passwords.

Outside of protecting your digital privacy, you should also:

  • Use things like credit monitoring tools to ensure there haven’t been attempts to commit identity theft
  • Keep an eye on your bank and credit card accounts, and enable any additional security features where they’re available to prevent anyone from using these fraudulently

If your data has been breached, you may be entitled to compensation

If a data breach puts your privacy and sensitive data at risk, you may be entitled to compensation.

Contact us for a free, no-obligation review of your potential data breach claim.


Get in Touch

Fill in the form below to tell us your details, and we’ll get started.