Billions of online accounts are compromised every year

According to the Breach Level Index report by digital security firm Gemalto, almost 15 billion data records have been compromised since 2013. From usernames and passwords to date of birth or home addresses, compromised personal information can leave you vulnerable to identity theft and fraud. Analysis by the National Fraud Intelligence Bureau reveals that mass phishing campaigns are using personal details, such as names or address, to tailor scam messages to intended victims. One of the most reported phishing emails to Action Fraud last year was a ‘sextortion’ email that contained the victim’s genuine password. The ability to personalise fraudulent messages makes it increasingly difficult for people to spot as fakes, thereby increasing their chances of falling victim to fraud.

How do I find out if I’ve been affected?

Have I Been Pwned is an online service that allows you to quickly and easily check whether your accounts have been compromised in any known data breaches. Head over to https://haveibeenpwned.com/ to find out if your accounts have been affected. 

My account has been compromised! What should I do?

Don’t panic, you can reduce the damage caused by a compromised account if you act quickly. The first thing you need to do is perform an immediate password reset on any accounts that have been compromised, as well as any accounts where you have used the same password. You should always use a strong, separate password for your important online accounts, such as your email. Where available, enable two-factor authentication (2FA) on accounts as it provides an additional layer of security. 

For more simple tips on how to protect yourself online, visit cyberaware.gov.uk. If you have been a victim of fraud or cyber crime, report it to Action Fraud at actionfraud.police.uk.