Skip to Main Content

What To Do If Your Data Is Breached: Cyber Safe Advice

General Advice page with tips and advice on how to deal with data breaches. 

Data Breach 3.jpg


What is a Data Breach?

A personal data breach is: “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of a public electronic communications service”.


What to do if you have been subject to a data breach:

1.       Determine what was stolen- pin down exactly what kind of information was lost in the data breach. Sensitive information falls into three general categories:

·         Least Sensitive: Name and street addresses.

·         More Sensitive: Email addresses, dates of birth and payment-card account numbers.

·         Most Sensitive:  National insurance numbers, online account passwords, passport numbers, financial-account numbers and payment-card security codes (the three-or four-digit number printed on the front or back of the payment cards).

2.       Change all affected passwords.

·         If an online account has been compromised, change the password on that account right away. If you use the same password for any other accounts, change those as well, and make up new, strong passwords for each and every account.

·          Don’t reuse the password for a second account. That way you’ll be limiting the damage next time there’s a data breach, and you won’t have to go through the process again.

·         If the online company offers two-factor authentication, to protect an account, use it. This means that even if the person trying to access your account does have the password then unless they have a numeric code that the company texts to the legitimate user’s mobile.

3.       Contact relevant financial institutions.

·         If a payment-card number has been stolen, contact the bank or organisation that issued the card. Explain that your account is at risk of fraud, and ask the card issuer to alert you if it detects suspicious activity on your account.

4.       Contact the credit reporting bureaus.

·         Contact the major consumer credit-reporting bureaus and ask each to place a fraud alert on your name. This way, if anyone tries to steal your financial identity you’ll know.



If you are a service provider, you must:

·         Notify the ICO; within 24 hours of becoming aware of the essential facts of the breach. Which must include your name and contact details; the date and time of the breach (or an estimate); the date and time you detected it; basic information about the type of breach; and basic information about the personal date concerned.

·         Consider whether to notify your customers; and

·         Record details in your own breach log.

This takes the place of GDPR breach reporting obligations.

If the breach is likely to adversely affect the personal date of your subscribers or users, you need to notify them of the breach without unnecessary delay. You need to tell them;

·         your name and contact details;

·         the estimated date of the breach;

·         a summary of the incident;

·         the nature and content of personal data;

·         the likely effect on the individual;

·         any measures you have taken to address the breach; and

·         how they can mitigate any possible adverse impact.

You must also keep your own record of all personal data breaches in an inventory or log. It must contain:

·         the facts surrounding the breach;

·         the effects of the breach; and

·         remedial action taken.

Top Tips:


·         Protect Information: Sensitive information must be protected wherever it is stored sent or used. Do not reveal personal information inadvertently.

·         Reduce transfer of data: the organisation should ban shifting data from one device to another external device to another external device. Losing removable media will put the data on the disk under risk.

·         Restrict download: any media that may serve as an allegiance to the hackers should be restricted to download. This could reduce the risk of transferring the downloadable media to an external source.

·         Ban unencrypted device: The institution should have a ban on the devices that are unencrypted. Laptops and other portable devices that are unencrypted are prone to attack.

·         A good password: The password for any access must be unpredictable and hard to crack. Change of password from time to time.

·         Automate security: Automating systems that regularly check the password settings, server and firewall configuration might bring about reduction of risk in the sensitive information.

·         Identify Threats: the security team should be able to identify suspicious network activity and should be prepared if there is an attack from the network.

·         Monitor data leak: Periodically checking security controls will allow the security team to have a control network. Regular check on the internet contents to locate if any private data is available for public viewing is also a good measure to monitor data.

·         Track Data: Tracking the motion of data within the organisational network will prevent any unintentional use of sensitive information.

·         Define accessibility: Defining accessibility to those who are working on company’s sensitive data will bring down the risk of malicious users.

·         Security Training: Providing privacy and security training to all employees, clients and others related to data related activities will bring about awareness on data breach.

·         Stop incursion: Shutting down the avenues to the company’s warehouse will prevent incursions by the hacker. Management, production and security solutions must be combined to prevent the targeted attacks.

·         Breach Response: Having a breach response plan will help in triggering quick response to data breaches and help in the reduction of harm. The plan could contain steps involving notification of the concerned staff or the agency that could contain the breach.