What to do after 5 types of data breaches?


Learn what to do after 5 types of data breaches. Find out how to help protect yourself against possible identity theft.

You’ve just heard the news there’s another data breach — and this time your personal information may have been exposed. You might start to panic, trying to find out if you’re one of the victims. Has your information been leaked? What can you do to protect yourself?

If your personal information has been compromised in a data breach1, you could be at an increased risk of identity theft. That’s why it’s important to learn what to do after a data breach.

The steps you should take after a data breach often depends on the category of the breached organization and the type of information revealed. For instance, a healthcare data breach may reveal more sensitive health information and compromise your medical care, while a financial data breach may have more to do with your credit, bank accounts, and other financial-related data.

It’s important to be aware of these five types of data breaches, and how you can help protect yourself against the different types of threats that could follow.

Steps to take after a healthcare data breach

A healthcare data breach occurs when the information you’ve provided to your healthcare organization, doctors, or insurance companies has been exposed or accessed by an unauthorized person.

The question is - How does this happen? Cybercriminals may infiltrate the computer network in your doctor’s office, hospital, medical lab, healthcare insurer, or any of your medical providers. In some cases, your information could be stolen by medical staff — or unintentionally exposed through poor data security.

If your healthcare information has been leaked or stolen, criminals could use that data to commit various forms of fraud in a medical emergency or for other medical care. This could not only affect your healthcare coverage, but also compromise your safety if there’s misinformation on file when you need medical treatment.

Following a healthcare data breach, here are the things you should do to help protect yourself.

1. Get confirmation of the breach and whether your information was exposed.

The first thing you should do is check if the breach occurred. If you’ve received an email saying there’s been a breach, that isn’t enough — it could be from scammers posing as the potentially breached company in an effort to get your personal information.

Don’t respond to potentially fake emails. Go directly to the company’s secure website or call the company to confirm the breach.

You also will need to find out if your individual information was compromised.

2. Find out what type of data was stolen.

Make sure to find out what types of data were stolen.

Why does this matter? If the only data exposed was your credit card information, you can call your card issuer to cancel and replace your credit card. But if your Aadhaar card number iwas stolen along with other personally identifiable information (PII) such as date of birth,, login Ids, biometric identifiers etc - then that exposed data is more sensitive.

Now, what is the risk factor? Such information could enable the thief to assume your identity to see a doctor, visit an emergency room, or use that data in other ways.

This is known as medical identity theft. If your healthcare data then becomes mixed up with your imposter’s, then this crime could threaten your health when you seek treatment.

In the case of healthcare data breaches, identity thieves often want information that will help them impersonate you to receive medical treatment, prescription medications, or anything else covered by your insurance. This information could include:

  • Medicare or insurance policy numbers
  • Aadhaar card number and other personally identifiable information, such as date of birth.
  • Medical treatment and prescription history
  • Billing information, including bank and credit card account numbers

3. Consider accepting the breached healthcare company’s offers to help.

Recovering from identity theft can be costly and time-consuming. If the breached company offers to help repair the damage and protect your personal information for a certain amount of time, consider accepting the offer.

4. Change and strengthen your online logins, passwords and security Q&As.

Immediately change your online login information, passwords, and security questions-and-answers for the breached accounts — along with any other accounts that have similar login information and passwords.

Implementing two-factor authentication can help if someone has your password who shouldn’t. That’s because two-factor authentication adds an additional layer of protection after you enter your login credentials. For instance, you might be sent a security code to your smartphone. You enter the security code online to access your account.

If you want more help with this, password managers can be an additional layer of protection.

Keep in mind if you start receiving notices of password changes to your current accounts or find yourself locked out of your accounts, it could be a sign that one or more cybercriminals have attempted to access your accounts. It’s a good idea to act quickly to investigate the problem.

5. Contact the right people and take additional action.

If sensitive personal information like your Aadhaar card or number was stolen, you could become a victim of identity theft or fraud.

Trying to stay ahead of identity thieves by keeping up with your medical records and healthcare providers is important. Here are a few things you can do:

  • Ask your doctor’s office for copies of your medical records to see if your identity has been used fraudulently. This might show if inaccurate health and medical information is present in your records, indicating that someone posed as you and saw your doctor. More broadly, be sure to check the benefit statements from your healthcare insurance provider. The statements would show evidence of health care fraud, indicating doctor visits and care that aren’t yours, as well as dates and other details.
  • Ask your health care providers for a list of anyone with whom they’ve shared your protected health information. Medical providers are required under government of India Act to provide this accounting record free of charge once every 12 months upon request.
  • Contact any medical facilities that have asked you for payment for services you didn’t receive and alert them that you may have been a victim of identity theft or mistaken identity. You could ask them what service was provided and prove you didn’t receive it.
  • Check-in with your health insurance company and  savings account  to make sure thieves aren’t trying to use your benefits.
  • Check the spending on your credit card to make sure thieves aren’t using your credit cards, racking up charges, and damaging your credit history. This could involve cancelling your current accounts and opening new ones with unique, strong passwords. You also can place a fraud alert or security freeze on your credit accounts to help prevent thieves from using your information later on.

After checking your health insurance and credit card, you may find you’re the victim of identity theft. If so, it’s smart to file an Identity Theft Report with the Government of India.

If your health insurance information has been stolen, you’ll need to call your insurance provider and take necessary action.

Also, you should file a police report in your local jurisdiction.

6. Stay alert; monitor your accounts closely.

Staying alert and watching for signs of new account activity is important. For example, you may receive a variety of signals that someone is using your PII to receive healthcare services in your name. This could include:

  • Bills and collections calls for medical services you didn’t receive. 
  • Unfamiliar collection details on your credit reports. 
  • Notices from your health insurance company that you’ve reached your plan limit.
  • Denial of coverage because of misinformation.

Consider collecting current copies of your medical records — and those of your family members — from all of your doctors, healthcare providers, and insurers. If any information on your records is incorrect, it’s important to fix it.

Also, don’t throw away any bills or notes from healthcare providers you don’t recognize. They could signal and prove that your healthcare benefits are still being used fraudulently.

In addition to monitoring any changes to your medical and insurance accounts, keeping tabs on your financial and credit accounts is important. Identity thieves may have enough sensitive information to use your existing accounts or create new ones in your name.

Steps to take after a financial data breach

A financial data breach occurs when a company exposes financial information like your credit card or bank card account information.

If a cybercriminal uses your personally identifiable information (PII) such as your Aadhaar card or the number for financial gain, you’re a victim of financial identity theft.

Using a combination of your name and other personal information, the fraudster may fill out applications for loans, credit cards, or bank accounts or withdraw money from your accounts. Possible crimes might encompass credit card fraud, bank fraud, computer fraud, wire fraud, mail fraud, and employment fraud.

Victims of a financial data breach can take steps to help protect themselves against financial fraud and identity theft, and help prevent fraudsters from successfully using exposed personal information.

1. Get confirmation of the breach and whether your information was exposed.

Your first step? Contacting the source of the leak. Confirm there was a breach at the company and find out if your information or online account was accessed.

Here’s an example. The Juspay Data Breach attempt is one of the biggest data leak in recent times – where the data of 10 Cr cardholders was leaked on the dark web.2

The suspected leaked database included – the user’s card brand, card expiry date, last four digits of the card, card ISIS, masked card number, card fingerprint, ,customer ID, merchant account ID etc.

When such a financial data breach is announced, consider being proactive and contacting the breached organization directly to see if your data was included in the accessed information.

It’s important to act quickly to seek this information. One reason why? If you don’t, you might receive false information from scammers pretending to be the breached financial company and trying to get more of your information.

To help be informed, it’s a good idea to directly contact the breached company.

2. Find out what type of data was stolen.

Find out what information was exposed. It’s easy to replace a credit or debit card, if that’s the only data that was leaked. But if your Aadhaar card number and other sensitive data like your bank account information and passwords have been stolen, all that data could make it easier for thieves to use your identity to commit fraud in your name.

Any financial breach in which a large amount of sensitive information is exposed could increase the risk of identity theft for months or years to come.

3. Accept the breached company’s offers to help.

Whether it’s a bank, credit card company, or other financial services company, a breached company might offer ways to help protect you against identity theft. Consider taking it. If your personally identifiable information and/or Aadhaar card number were exposed, monitoring your credit and finances will be important.

In some cases, victims will be offered free credit monitoring and identity theft protection services.

4. Change and strengthen your online logins, passwords and security Q&As.

It’s important to change passwords and any other information the hackers may have for access to your accounts or to use in identity theft. Taking steps to prevent their use of this information can help limit future exposure.

5. Contact the right people and take additional action.

Contact your bank and credit card account companies immediately.

If someone has unauthorized access to your bank account, you’ll want to close that account and open a new one with a new account number. You’ll also want to work with the bank to resolve any fraudulent transactions.

If someone has stolen your credit card number, contact the issuer to alert them to any fraudulent charges. Ask them to close the account and issue you a new card.

Contact at least one of the three major credit bureaus in India — Equifax, Experian, and TransUnion — is important in the event of a financial data breach.

Cyber thieves may have gathered enough sensitive information to use your current credit cards and open new ones. It’s a good idea to take immediate action to make sure fraudulent use of your credit and finances stops before it gets too widespread.

Here’s how to contact the credit bureaus.

  • Equifax
    Diamond District,
    Domlur Flyover,
    Domlur, Bengaluru,
  • Experian Services India Pvt Ltd. 
    5th Floor, East Wing,
    Tower 3, Equinox Business Park,
    LBS Marg, Kurla (West),
    Mumbai – 400070,
    T: +91 (0) 22 68186760
  • Transunion
    One world centre,
    Tower 2a, 19th Floor,
    Senapati Bapat Marg,
    Elphinestone Road,
    Mumbai- 400013
    Fax: +91 22 66384666

6. Stay alert and monitor your accounts.

If you spot suspicious or unfamiliar transactions on a bank or credit card account, you could be the victim of financial identity theft.

Here’s an action you can take. Ask the credit bureaus to place a fraud alert on your credit file. A fraud alert lasts for 90 days. Or, if your Aadhaar card number and other more sensitive data is included in the information stolen, you could place an extended fraud alert.

You also can put a freeze on your credit reports and watch for any activity that isn’t yours. A credit freeze works by blocking new lines of credit from being opened by blocking anyone (including you) from obtaining new credit using your information until you lift the freeze.

After checking your credit reports, if you do find you’re the victim of identity theft, you should file an Identity Theft Report .

Also, it’s a good idea to file a police report in your local jurisdiction.

Steps to take after a government data breach

A government data breach occurs when confidential information is stolen or unintentionally exposed or leaked from government agencies. This includes the military.

Government data breaches can be especially harmful if the information compromised includes more sensitive information like your Aadhaar card number and birthdate.

Fraudsters may use your personal information in interactions with the government. One example is tax-related identity theft or tax refund fraud, also known as stolen identity refund fraud.

This type of fraud occurs when a thief uses your Aadhaar card number and other personal information to file an income tax return in an attempt to claim your tax refund. This amounts to stealing money from the income tax department and could delay any tax refund due to you.

If you’re the victim of a government data breach, there are steps you can take to help protect yourself.

1. Confirm there was a breach and whether your information was exposed.

Contacting the breached agency is the first step. Confirm that there was a breach, and whether your information is involved.

2. Find out what type of data was stolen.

Check what type of information was exposed. Government agency breaches might expose information that includes personally identifiable information such as Aadhaar card number, taxpayers’ payment information, and voters’ information.

One example of a government breach: In October 2020, the data from Prime Minister Narendra Modi’s personal website was allegedly leaked on the dark web. The breach exposed the Personally Identifiable Information (PII) of 5 Lac users.3

3. Accept the breached entity’s offers to help.

If the government agency offers help, consider taking it. If your PII and Aadhaar card number were exposed, monitoring your credit, finances and identity will be important.

4. Change and strengthen your online logins, passwords and security Q&As.

It’s important to change passwords and any other information the cybercriminals may be able to use to gain access to your accounts or use your identity. Implementing two-factor authentication can help block access to your accounts, even if they have your login credentials.

5. Contact the right people and take additional action.

If sensitive data like your Aadhaar card number and other personally identifiable information were exposed, you may need to contact several government agencies. These may include the Indian Revenue Service (IRS), Income Tax Central UIDAI and the local jurisdiction.

6. Stay alert. Monitor your accounts closely.

Once thieves have your sensitive data, they may be able to access existing accounts and create new ones. Monitor all of your accounts closely and look for suspicious activity.

Steps to take after an educational data breach

Breaches at educational institutions have been increasing. Universities are often targeted because they collect a lot of sensitive data on students and their parents, faculty, and staff to fulfill the many obligations of applications, financial aid, attendance, and employment.

A recent example was the data breach at Unacademy, India’s largest education platform – that exposed the personal data of 11 million users.4

Cybercriminals may target students to steal their identities, because students likely possess cleaner credit and finance histories.

Also, students may be vulnerable to hackers and malware if an institution doesn’t have robust, up-to-date security systems in place.

Given these considerations, there are several steps university staff, faculty, students, and their families should consider in the event of an educational data breach.

1. Get confirmation of the breach and whether your information was exposed.

The first thing faculty, staff, and students should do is contact the school to confirm there has been a breach and to see if their information was exposed.

2. Find out what type of data was stolen.

Victims should ask what kind of data was exposed to determine the level of data sensitivity and the extent of data stolen. Why is this important? If a Aadhaar card number and other personally identifiable information have been exposed along with financial information, the student will have to report not only to their college, but also to entities like their banks and credit bureaus.

Because educational institutions collect a lot of personal information, identity thieves may access a lot of data to commit cybercrimes. Universities may collect names, birth dates, addresses, driver’s license numbers, Aadhaar card numbers, bank accounts, credit card accounts, and university ID numbers.

3. Accept the breached institution’s offers to help.

If a school offers to help with credit monitoring and other clean-up costs, consider taking them up on it. Taking measures to repair the damage caused by identity thieves — and help with future protection — can be costly and time-consuming.

In some cases, a third party like an educational software developer may offer services like free credit monitoring services in the event of a data breach connected to one of their products.

Students who were victims of this data breach had their names disclosed, and some of those victims also had their email addresses and birth dates leaked. While these disclosures may not seem as sensitive or widespread as others, this information can still be valuable. Here are a few examples of what thieves can do.

  • Gain access to those students’ email accounts and other accounts. 
  • Gain access to students’ devices through those accounts.
  • Use this knowledge maliciously to target students with spam, phishing emails, and malware.

4. Change and strengthen your online logins, passwords, and security Q&As.

Change your passwords immediately. This can help prevent thieves from accessing your current accounts.

Next step? Check to see if new accounts have been opened. Given the many accounts, students and staff may have at educational institutions, this could take time and effort — but it’s important. When hackers obtain certain pieces of information and gain access to one account, this access may enable them to infiltrate or open other accounts.

Keep in mind, even if the data compromised in one breach isn’t your Aadhaar card number or other more sensitive information, cybercriminals could combine this information with sensitive data they access from other breaches.

That’s one reason why it’s a good idea to change your passwords and login credentials and monitor your accounts frequently.

5. Contact the right people and take additional action.

In addition to contacting the university directly to find out what happened and what steps they’re taking to help, victims will have to reach out to several other entities. Why? If personally identifiable information like their Aadhaar number has been stolen, along with other personal data, identity thieves can use this to create several other frauds.

Here’s a list of organizations you should consider contacting.

  • Credit bureaus and financial companies.
  • The Indian Revenue Service (IRS), in case of identity thieves, try to collect tax reimbursements in your name.
  • State and local law enforcement agencies, if cyber criminals committed crimes in your name.

6. Stay alert. Monitor your accounts closely.

Cybercriminals sometimes store your information to use months, or even years, after a breach. This might give you a false sense of security that you won’t become a victim of identity theft.
Cybercriminals may pool your information to gain access to even more of your accounts. They also can sell your data on the dark web for others to use now or later.

Because your sensitive information is out there, it’s smart to monitor your accounts closely and keep tabs on any new accounts or financial transactions that have been made in your name. This is another reason to consider accepting free help such as credit monitoring when it’s offered. But keep in mind, many offers will only monitor your accounts for a limited time.

Steps to take after an entertainment data breach

An entertainment data breach occurs when your personal information has been compromised at companies like video game developers or concert and sporting event ticketing services. How does it happen? A leak from inside the company — either intentionally or mistakenly, poor data security, a faulty program, malware, or other scams by hackers.

Do you or your kids play the popular video game Roblox? If so, you might be familiar with the May 2020 data breach where hackers gained access to gamers’ accounts, changed their passwords, removed two-factor authentication and even sold their items.5

Video games like Roblox, which boasted 100 million players in 2020, have become huge targets for hackers due to the size of their data pool and the age of gamers — mostly kids.

The Roblox video game has been a target for malware and fake apps. In the 2020 incident, hackers were able to redirect access tokens — and use phishing links. This scam, known as token hijacking, is popular because hackers don’t need your password. They may realize players are being more cautious about entering passwords and downloading suspicious links, so getting your tokens has become their new go-to method of infiltration.

1. Confirm the breach and whether your information was compromised.

Take action quickly. Be proactive and contact the breached company. Confirming whether your data is part of the information exposed can determine your next step.

2. Find out what type of data was stolen.

It’s important to find out the sensitivity of the data stolen. That information will guide your next steps. Here’s an example.

Knowing what data was exposed could mean the difference between monitoring your accounts for any unauthorized activity or taking additional actions like placing a credit freeze on your accounts.

3. Accept the breached company’s offer(s) to help.

Find out how the breached company is offering to help. For instance, it may offer credit monitoring or identity theft protection services. Consider whether the services are right for you.

You’ll have to decide whether the services are adequate or whether you should take additional steps to help protect yourself against identity theft.

Consider this additional example, a 2020 Webkinz World data breach – where a hacker leaked the usernames and passwords of nearly 23 million players.

Which raises the question: What if the breached company doesn’t offer much to help protect your information after a data breach? You should monitor your credit, consider identity theft protection, and other appropriate steps.

4. Change and strengthen your login credentials, passwords, and security Q&As.

Changing your passwords and ensuring they are strong can help protect your accounts. That includes strengthening your login credentials, passwords, and security questions-and-answers. In the case of the Roblox breach, for instance, implementing two-factor authentication could have helped protect victims’ accounts.

5. Contact the right people and take additional action.

It’s a good idea to reach out to the breached company quickly. If the company isn’t willing to help or has not yet helped with your recovery, contacting other organizations is your next step.

To start, you can obtain free credit reports from www.cibil.com to watch for any suspicious or unfamiliar credit activity over the following months and years. Also, consider placing a fraud alert or credit freeze on your accounts with the three major credit bureaus, depending on the sensitivity of the data stolen.

If other methods of recovery and protection aren’t enough, you may decide to join a class action lawsuit.

6. Stay alert; monitor your accounts closely.

It’s a good idea to be proactive after a data breach. Monitor your accounts for suspicious activity. Keep in mind, cybercriminals sometimes combine information from different sources to commit identity theft.

For instance, if cybercriminals access your Aadhaar card number and a few other pieces of personal information, they may be able to commit a variety of crimes. This may include filing a tax return to collect your tax refund, collecting benefits and income, making purchases, setting up phone numbers and websites, establishing residences, using health insurance, and committing other crimes — all in your name.

Data breaches can lead to identity theft and other types of fraud. And it can take time and effort to untangle the mess.

That’s why it’s smart to know what to do after a data breach. If you you’re a victim of a data breach, taking these steps can help protect yourself against identity theft now and possibly in the months and years to come.

Norton logo
  • Norton
Norton empowers people and families around the world to feel safer in their digital lives

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.