(Credit: Lily Yeh, Getty Images)
No company is safe from data breaches. You doubtlessly participate in the global economy in some way, too, so you aren't safe either. Data breaches happen so often that they rarely make the regular news cycle, outside of major stories like the National Public Data breach that exposed millions of social security numbers, the Internet Archive's brief shutdown following a data breach, or the giant Mother of All Breaches (MOAB). The volume and frequency of data breaches are scary, but that doesn't mean you should give up and continue handing over your private data without a fight. If you're ready to make some changes to the way you interact with companies online, read on for steps to protect yourself before the next big breach.
Why Should You Care Who Has Your Data?
If attackers have your email address and password for one site or app, they may have the keys to much of your life, especially if you're using the same password for all of your accounts. You should care about your data showing up in a data breach because bad actors could use this information to steal your identity and publicize your private accounts.
Troy Hunt is the owner of HaveIBeenPwned, a free online security resource used by many password managers and security suites for dark web monitoring. His website lists data breaches as they are reported and allows visitors to check if their information has appeared in any of them. Hunt said, “Depending on the nature of the data, it might be information you just don’t want other people to see.”
He continued, “It might be something like Ashley Madison; that was a hell of a data breach. It might be something very deeply personal. This is a case where people killed themselves over it.”
How Often Do Data Breaches Happen?
“Every day. Multiple times. Every day, without question.”
While speaking to me on the phone from his home in Brisbane, Australia, Hunt said he had just finished processing 545 breached accounts that morning from overnight reports, and he had at least that much more left to post on his website that day. He's one of the few people in the world who has an idea of the volume and frequency of data breaches.
In its summary of cybercrime predictions for 2025, the Identity Theft Resource Center (ITRC) noted that, as expected, 2024 saw a surge in the number of people who reported identity misuse or theft following a data breach. Amazon and Meta customers have been affected by data breaches in recent years. If these big companies can't keep your data secure, can any company?
How to Keep Your Data Safe From Breaches
Hunt told me that mitigating the damage from data breaches hinges on taking preventative action and changing your online habits. Below are a couple of pain-free ways to change your internet habits and protect your private data in the future.
Reconsider Your Relationship With Social Media
Creating boundaries for yourself online may be tough because so much of our social and professional lives are online. Despite Facebook's lack of fact-checking and the bizarre AI-generated posts featuring real people on Instagram, many people still need to use those apps daily. Meta owns Facebook, Instagram, and WhatsApp, and those three platforms are where many people around the world conduct business and socialize.
Consider deleting your social media profiles or changing the settings to be friends-only or private. PCMag has guides for deleting popular social media apps such as Facebook, Instagram, Snapchat, TikTok, and X (Twitter). If you just want to remove your old public posts on Facebook, we have instructions for doing that, too.
I know it isn't ideal to delete your entire online presence to prevent account takeovers, but you should consider sharing less about yourself. Hunt agreed, noting, "If you work under the assumption that the things you’re putting onto these platforms are on public display, and you adapt your behavior accordingly, the risk really goes down.”
Reduce Your Digital Footprint
While everyone knows someone prone to chronicling the minute details of their existence on social feeds, oversharing can also look like offering unnecessary personal data on account sign-up forms or posting public photos of yourself and your family. Instead of filling in every form when you're online shopping, only fill in the necessary ones to complete your transaction, such as your physical address and payment details.
You can lie on these forms, too. If a company requests your phone number to complete a transaction, create a fake one using Google Voice or a similar secret phone number generator. If you need an email address to sign up for a new account, use an email alias generator to fill in a fake email address to fend off spammers and trackers.
Improve Your Online Privacy Routine
Weak passwords are often the bulk of data breach records, and while no one likes them, they are used to secure most online accounts. Use a password manager, create passkeys for your accounts whenever possible, and enable multi-factor authentication to improve your chances of dodging fallout from a future data breach.
A password manager often requires you to create a strong master password, but many password managers now allow users to log in using passwordless authentication methods like biometrics or a passkey. If you’re worried about creating a guessable master password, the password manager will do more than just look for a minimum length and use of different characters. The app will rate easy-to-remember passwords as weak, forcing you to create a master password that is likely to keep your information secure.
Organize Your Life Online to Prevent Identity Theft
To avoid becoming a victim of the identity crimes spawned by data breaches, it's a good idea to periodically read your credit card statements and monitor your credit report. Being familiar with your financial situation can help you spot any fraudulent activity linked to identity crimes before it gets out of hand.
It's also wise to update the privacy settings for your accounts, apps, and devices and invest in a powerful security suite. Check out our guide on what to do when you've been hacked, and also consider the many ways to disappear completely online.