Got a data breach letter? How to handle your data leaked online

profile photo
By Yosi Yahoudai
Founder and Managing Partner

Another day, another data breach.

Recently, AT&T sent customers a letter informing them that their information had been released on the dark web, making it easily accessible to anyone.

“So when we see things like AT&T, you cannot be removed from the AT&T data breach because tens of thousands of people had it now because it’s published on the internet and it’s easily downloadable by anyone,” explained Troy Hunt, creator of the website “Have I Been Pwned.”

Hunt’s website allows you to check if your personal information and passwords have been exposed in any of the 760+ data breaches compiled on the site, including leaks from well-known companies like Facebook, Adobe, LinkedIn, and Dropbox.

The real danger lies in the fact that when your password is exposed in a breach, hackers often attempt to use it to log into other websites.

“It’s mass automated, it’s done at really, really high volumes. And suddenly, because you’ve reused your password across sites, someone’s now into your social media accounts or whatever else it may be where you’ve reused those credentials,” said Hunt.

To combat this issue, it’s essential to use a password manager to create strong, unique passwords for every website you use.

Listen to my entire interview with Troy Hunt on the Rich On Tech Radio Show.

“You’re never going to remember 100 plus passwords so that the unique, so what most people do is they go, well, I got, I liked my dog and I went to university in this year. So therefore there’s my password and I’m going to use that everywhere,” said Hunt.

While there are password alternatives like passkeys, which use your phone to approve website logins, these can be confusing and difficult to sync across various devices.

“We’re trying to sort of drag people from something that’s very familiar and easy to use to something that’s much more secure, but requires change,” Hunt notes.

Hunt believes that it’s only a matter of time before the next breach occurs.

“I think we’re judging companies a lot less by the fact that they’ve had a data breach and more about how they’ve handled it,” said Hunt.

Unfortunately, if your information is already out there, there’s not much you can do to remove it.

Services that claim to remove your personal information online typically only deal with sites like people finders and data brokers, not the more dangerous places where your information may be available.

“My concern is that they’re well intentioned. They do a good job of taking you out of the least dangerous places, but they can’t take you out of the worst places,” said Hunt.

If your information is on the dark web, it’s usually there for good, which is why prevention is key.

By using unique passwords and being cautious about where you share your personal information online, you can only help minimize the risk of being a victim of a data breach.

author photo
About the Author
Yosi Yahoudai is a founder and the managing partner of J&Y. His practice is comprised primarily of cases involving automobile and motorcycle accidents, but he also represents people in premises liability lawsuits, including suits alleging dangerous conditions of public property, third-party criminal conduct, and intentional torts. He also has expertise in cases involving product defects, dog bites, elder abuse, and sexual assault. He earned his Bachelor of Arts from the University of California and is admitted to practice in all California State Courts, and the United States District Court for the Southern District of California. If you have any questions about this article, you can contact Yosi by clicking here.