Why it matters
You can’t always protect yourself against information leaks, as they're often out of your control. Usually, when your personal information is leaked online it’s due to a data breach – which is when a business or company is affected by an online security incident and their data is stolen. But there are ways to help secure your personal information even if it's leaked as part of a data breach.
How to keep your information safe
Don’t share too much information online
Only share as much information online as you need to, and make sure you have strong privacy settings on all of your online accounts.
If you’re being asked to provide a business or service with more information than you feel is relevant, ask them what the information is being used for and why they need it. Businesses are legally required to only ask you for the information they really need.
Create good passwords
Use strong, long and unique passwords on your online accounts. That way if the password for one of your accounts is leaked you’ll only need to update that one account – your other accounts will still be safe.
You can also use a password manager to help keep your accounts safe.
Use two-factor authentication (2FA)
Where possible, turn on 2FA for all your online accounts to add an extra layer of security.
Check to see if any of your information has been leaked already
The details of several large public data breaches have been added to a website called ‘Have I been Pwned?’. While we’re not affiliated with this website and haven’t verified the data it contains, it can be helpful to check it to see if any of your details have been leaked online as part of a data breach. You can visit the site to see if your email address is included in their lists of leaked information, which are usually referred to as ‘credential dumps’.