A data breach occurs when private and confidential information held by an organisation (like banks, retailers, government bodies and other service providers) is stolen or accessed without authorization. This usually means that the information becomes publicly available. It also means that others can use it for personal gain, or to cause harm to a business or individual.
Whether it’s a minor or major data breach involving passwords or not, if you receive a notification about a data breach affecting one of your accounts – it’s essential to change your login credentials immediately.
This includes your password and answers to security questions. Start with the affected account(s) and then the accounts associated with it. This includes passwords stored in a password manager, accounts that use single-sign-on services from the compromised account, and similar or identical passwords that you use for other accounts.
Finally, you should also change all your other passwords. They might be indirectly associated with the affected service, and the data breach may increase the likelihood of the accounts being hacked. Change the passwords for your devices as well.
