What to do if you’re caught in a data breach

Here’s what you can do to protect your personal information if you’re caught up in a data breach.

What to do now

• Change your password for the account that has been breached and don’t use the same password across multiple accounts.
• Keep an eye on the affected account for any suspicious activity. If there is any, contact the account provider.
• It’s likely you’ll hear about a breach from the affected organisation; but if you haven’t, get in touch with them to understand what personal information has been compromised.
• Be alert to any calls or emails asking for your password to verify account details. Legitimate organisations will never ask for passwords to online accounts.
• If your email and password has been compromised, and you use those details to access other accounts – like Trade Me or eBay for example – change them as soon as you can.
• Need help? Contact Netsafe or IDCare, organisations that provide guidance and support people affected by data breaches.

How to protect yourself against future breaches

• Set-up multi-factor authentication for accounts you access online.
• Limit the amount of personal information you share online, particularly on social media.
• Check that your account recovery details are up to date. It will help you reset account passwords if someone else is trying to access your account.
• Avoid reusing passwords for online accounts.
• You may be able to manage what devices can be logged in to certain accounts. So for example if you just access banking on your phone, you’d be alerted if it was being accessed on a laptop.
• You can check whether your email or number is subject to a data breach via have I been pwned?