By Mycal Pedder

Large scale data breaches have become more common as the amount of gathered information in databases continues to grow. Making sure personal information remains safe is a vital issue of concern in today’s cyberlandscape. Websites serving commerce, government, banking, among others all require personal information to be entered: names, emails, passwords, credit card numbers, Social Security numbers. All of it can be stolen if an attacker breaches a website. Identity theft, bank accounts drained, or personal emails and photos exploited or sold online are real-world problems arising from data breaches.  

But how do you know if your data has been compromised?

The effort can be complex, but there are services available that simplify the process. The main way of finding this information is through online tools. A popular, free online tool to find out if your information has been a part of a data breach is the website Have I Been Pwned. This source has a database full of information that has been part of data breaches. Have I Been Pwned is used to inform the public if their information has been released or sold. On the main page, one can enter their email address or phone number, and then press the button that says “pwned?”.

Entering a phone number will share whether that specific phone number was part of a breach and from which company that information was leaked. Similarly, entering an email address and pressing the button brings up a window that lists the breaches that the email has been found in. Here it will show what website was breached and what was compromised, such as email address, password, username, IP address, etc. It will also show what month and year the data breach occurred, as well as news on the data breach.

The website also has a domain search function. This tool can be used by IT staff of a company to check any username as part of their domain. One can search for their company’s email domain, and any user that was part of a data breach with that email will be shown.

As a courtesy, this website also allows you to sign up to be notified if a given email is ever seen as part of a new breach.

Search engines such as DuckDuckGo and Haystak can be used to protect your identity and privacy. These websites store as little data as possible as you search through the internet and do not sell your privacy for profit.

One of the best ways to protect yourself online is to follow best practices for passwords. Use uppercase and lowercase letters, numbers, and symbols to increase a password’s complexity. Never use the same password on multiple websites, and change passwords frequently to make sure that if a password is seen in a data breach, it is either an old password or that password does not access multiple websites.

The large-scale data breaches that occur seemingly daily are a scary reality for us all. However, by following general cybersecurity best practices as well as changing and maintaining passwords on a regular basis, you can greatly reduce your risk of experiencing the consequences of an inevitable data breach. If you do happen to become an unfortunate victim, know that there are tools available to keep you informed.

Mycal Pedder is director of IT with CybXSecurity LLC in McKeesport, Pa. He can be reached at mycalpedder@cybxsecurity.com.

Sign up for PICPA's weekly professional and technical updates by completing this form.

Statements of fact and opinion are the authors’ responsibility alone and do not imply an opinion on the part of the PICPA's officers or members. The information contained herein does not constitute accounting, legal, or professional advice. For actionable advice, you must engage or consult with a qualified professional.