Skip to main content

Data leaks often involve logins, passwords, addresses, and phone numbers. In some cases, they may include passport details and bank cards, and on rare occasions, other types of personal information may be exposed. While any leak is unpleasant, there is no need to panic, but rather take a pause and think about the needed next steps.

If you suspect your account details have been compromised, immediately change your password and enable two-factor authentication. In the event that cybercriminals have already managed to access your account, contact technical support to restore access and investigate what other information they might have found.

When sensitive data such as your address or phone number are leaked, it is usually not critical, but still concerning. A leaked address typically doesn’t pose a threat unless it leads to targeted attacks like stalking. In rare cases like this one, it is strongly recommended that you contact the police promptly. For a leaked phone number, ensure accounts using that number as a login have two-factor authentication, change your password to be safe, and stay vigilant for potential fraud calls.

Should your passport or ID details become leaked, it’s important to stay alert for potential social engineering attacks. Scammers might attempt to call and use your passport details to seem even more credible. You should be aware of it, but there’s no need to obtain a new document. Using leaked passport data for fraud, like taking out a loan, requires a lot of other personal information and quite strong criminal skills offline. As a means of mitigation in the future, be sure not to give away your passport details unnecessarily; they’re needed mostly for banking and e-government apps, and sometimes logistics services.

Act promptly if your bank card details are leaked: monitor bank notifications, reissue the card, and change your bank app or website password. Enable two-factor authentication and other verification methods. Some banks allow setting spending limits for added protection. If account and balance details are leaked, be extra vigilant against phishing emails, SMS, and calls. Cybercriminals might consider you a victim for targeted attacks based on this information. Contact your bank directly in unclear situations.

Moreover, various types of leaked employee data may be used for OSINT (open-source intelligence) to further access internal systems. To counter these threats organisations are advised to use robust security solutions such as Kaspersky Next, strong cyber security policies, and employee trainings such as Kaspersky Automated Security Awareness Platform.

“It’s important to be aware of possible risks of data leakage, not to overshare, and be ready to double check information to avoid social engineering attacks. A crucial thing also is to educate your relatives, especially children and elderly people. For example, explain that if someone refers to personal information, such as full name and even passport details, by telephone, messengers, social networks or e-mail, it’s not necessarily the bank or social service representatives, but might be scammers. In personal issues it’s advised to have a code word or question that only relatives know, while with organisations if some actions are required it’s better to use official contact information for double checking,” says Amin Hasbini, Director of META Research Center Global Research and Analysis Team (GReAT), Kaspersky.

Take it personally: what steps to consider in case of a Data leakage

Recently, there have been a number of news items about data leaks, such as those from Santander and Ticketmaster. In fact, data leaks are a constant issue, affecting a range of industries from banking to logistics companies, online stores, entertainment, and more. Companies usually try to protect affected clients, but individuals can also take steps on their side to improve digital security. Kaspersky experts give advice on what to do if your personal data was leaked.
Kaspersky Logo