So, you think your identity has been stolen—fortunately for you, you’re not alone. We’ve all experienced some level of paranoia over how much cyber-criminals may know about us, but this concern is often misplaced.
Besides the popularly advertised “dark web monitoring services” (that do work to a degree), or instances where you can distinctly remember giving information accidentally via a malicious link or phishing email, it’s impossible to know if your information is in the possession of bad guys.
There’s not a whole lot you can do about this either, as the average person can only do so much to actively protect their personal information online.
Placing credit freezes, creating strong passwords, and avoiding harmful links/sites are a few of the most effective examples—but other than a few dozen or so steps you can take to protect your privacy, defending yourself against identity theft is almost entirely a defensive game.
This is due in part to the nature of how integrated we’ve become with technology for everyday tasks. It’s safe to assume that at least some of your information has been collected and stored in criminal databases online.
To put it simply, there are way too many weapons that criminals have at their disposal to gather our data without us even knowing, such as web scraping, mining, and crawling. Not to mention the amount of data breaches that go undocumented until years after the incident has occurred.
In that case, you’re better off assuming criminals already have ALL your information.
But what if you didn’t have to assume?
How to tell if your information was involved in a data breach
It doesn’t all have to be guesswork thanks to an extremely helpful website called haveibeenpwned. While not being able to solve all of your identity theft worries, it can help to answer some questions you may have about the security of your passwords, emails, and phone number.
Simply enter one of those into the search bar on the site, and it’ll reveal whether or not it matches any information that’s been previously leaked in a data breach. It can even cite the specific event in which the information was leaked, such as the Capital One breach in 2020 or Twitter breach in 2021
Now, if you’re concerned about the privacy risk of using such a program, and we would hope that you would be—haveibeenpwned follows strict privacy rules and even encrypts passwords you attempt to look for, but they explain this in-depth in their privacy policy and password page.
One of the coolest features they offer is the ability to sign up for notifications whenever an email/phone number is found in breach databases, so that way you don’t have to wait on companies to send you apology letters acknowledging that your information MAY or MAY NOT have been compromised.
Unfortunately, as stated earlier, this is one of the few if not only tools you can use to verify that your information was stolen. And as helpful and interesting as it is, there’s only so much you can benefit from by learning that your data was leaked in a breach anyways.
What to do if my email was involved in a data breach?
If you do find that your email was involved in a breach, it’s recommended that you change your password to a stronger, more secure one.
You can also continue to use that email without issue. Just keep in mind that since the criminals have it somewhere in their database, there’s a good chance you can receive phishing emails if you haven’t been receiving them already.
On top of that, if you don’t have two-factor authentication enabled, make sure to activate that for the related email account. It adds 10 seconds to your login time but can make all the difference when it comes to account security.
Lastly, feel free to create a burner email if you haven’t already. Burner emails allow you to avoid a direct connection to your personal and professional life via an email, while also letting you sign up for things you wouldn’t normally feel comfortable using an important email for.
What if my phone number was involved in a breach?
As for phone numbers, there isn’t too much we can recommend.
You are most likely already getting spam calls, but also be sure to be on the lookout for smishing messages (phishing for phones).
In no situation would we recommend getting a new phone number, as this can cause even more issues to arise, especially if a criminal is interested in using your number for fraud/SIM swapping. You can learn more about protecting yourself from phone fraud here.
What if my password was involved in a breach?
It should go without saying that changing your password is necessary if you believe it was involved in a breach. You should also change that password if you used the same one for any of your other accounts online.
If you want to learn more about creating strong passwords and basic password security, check out this article.
Still small solutions to a big problem
Although knowing there’s a tool like haveibeenpwned to help put your mind at ease, understanding the fact that your information is most likely already out there is by far the best thing you can do to get comfortable with the idea of identity theft.
When It comes down to it, it’s a lot more important to be on the defense against identity thieves than it is to actively try to scrub every last bit of data about you off the internet. By preparing for the worst, you can be ready for when it happens rather than catching it just a little too late.
