What to do in case of a data breach
If you're a data subject and have been notified of a data breach, such as the ABS-CBN incident which involved 213 affected customers, there is only so much you can do at this point. Yet it doesn't mean that there is nothing you should do. While the data is most likely lost already, there are several key steps to take to make sure that whatever data you lost can't be used further against you.
Mitigate the damage by restricting and increasing security of your other existing information and accounts with these simple but important steps:
1) Know what data was stolen
Knowing what data was stolen – financial, health, personal, government records, etc. – is very important. What do the criminals know about you that you feel like they can use to cause harm to you in the future? Contact numbers? Address? How big your family is? Having an awareness of what data is in the possession of people with ill-intent helps keep you on your toes. You know where they might attack, so you'll know where to defend.
Moreover, institutions and companies you transact with often ask for a security question with a corresponding security answer. If you know certain data has been stolen from you, obviously, you'll have to make sure not to use that data for the said security measures as that is compromised.
2) Contact your bank and suspend all future transactions from your compromised account
It's simple diligence so make sure not to forget this one. Cancel compromised accounts, and credit and ATM cards. After being involved in a breach, it is also best to consult with your bank and know what additional steps you can take to ensure your security – and the security of your future accounts.
3) Change the password for all accounts having the same password of the account which was stolen
Typically, you would not want to recycle passwords – that is, using the same password for two or more accounts. But when it does happen, and a data breach occurs, make sure to change recycled passwords immediately. Hackers know that a considerable portion of netizens still use similar passwords across several accounts. Leaving recycled passwords unchanged could leave more personal information from other accounts at risk.
4) Contact authorities
If you've been involved in a data breach, you may also contact the National Privacy Commission to obtain more information, and know the potential extent of the damage.
On the other hand, in the event of identity theft, make sure to report to the PNP Cybercrime division or the NBI Cybercrime Division and file a formal report. Identity theft is the deliberate attempt to obtain and take away someone else’s personal information for unlawful gains. An example is when someone gets a postpaid plan from a telecommunications company or files a loan with a credit company using your name and other information. – Rappler.com