Protect yourself

Keeping safe after a data breach

Here's what you can do to help secure your personal information after a data breach.

2 min read

Why it matters 

A data breach is when private information held by a business is unintentionally disclosed, usually publicly, by accident. This can include personal information (such as your name, email, or username), financial records, or login credentials.

Not all breaches are the same – some might expose ‘less valuable’ information like your email, while others could involve more sensitive details like your username and passwords, passport details, banking information or even your ID. 

If you find yourself affected by a data breach, it’s crucial to take steps to minimise the damage and protect your personal information. 

Information leaks

Protect yourself from unauthorised access

How to protect yourself

  • Confirm the breach

    Verify whether your data has been compromised. It’s likely you’ll hear about a breach from an affected organisation, but if you haven’t, get in touch with them to understand what personal information has been compromised. 

  • Change your passwords

    Change the passwords for your affected accounts immediately, as well as those of your most important accounts (e.g. email, bank).

    Use each password only once. If an attacker gets hold of one of your account passwords, it'll give them access to any other accounts that share the same password.

    How to create a good password

    Keep your data safe with a password manager

  • Enable two-factor authentication (2FA)

    Where possible, turn on 2FA for all your online accounts to add an extra layer of security. 

    Use two factor authentication (2FA) to protect your accounts

  • Monitor your accounts regularly

    If your account has been compromised, there may be a risk to your other accounts, especially if you’re using weak or reused passwords. Be attentive and monitor all your accounts, including social media, email, and banking, for any suspicious activity. Suspicious activity could include messages you have not sent, or emails about login attempts.

  • Watch out for phishing

    Watch out for phishing (emails or texts pretending to be from legitimate organisations) particularly if they are asking for sensitive information, like login details.

    Protect yourself against phishing

Get help

If you’ve been affected by an incident online, or targeted by a scammer, we’re here to help.

Report an incident(external link)

If your sensitive data has been leaked, you may feel embarrassed, hurt, or confused about what has happened to you. However, remember that these people make a living out of manipulating people and are very good at it. You aren’t alone. You are entitled to support services. For further information on this you may wish to visit:

www.idcare.org(external link) or phone 0800 121 068  

www.victimsupport.org.nz(external link) or phone 0800 VICTIM