What it is
How it happens
-
Phishing or stolen passwords
-
Unpatched apps or exposed databases
-
Malware on an employee device
-
Third-party vendor with weak security
What you might notice
-
Emails about password resets you didn’t request
-
Strange logins or charges on your accounts
-
Notifications from a company saying your data was involved
If you get a breach notice
-
Change your password for that site (and anywhere you reused it); turn on MFA.
-
Watch your accounts: set alerts for bank/credit and enable sign-in notifications.
-
Check breaches for your email and rotate old passwords.
-
If payment data was exposed, freeze or replace the card and consider a credit freeze.
Prevent the next one
-
Use a password manager and unique passwords everywhere.
-
Turn on MFA (app or security key) for important accounts.
-
Be cautious with links/attachments; verify urgent requests out of band.
-
Keep your devices and browser updated.