If this helped, forward it to one person who’d benefit.

You hear about data breaches all the time. Big company gets hacked. Millions of accounts exposed. You shake your head, scroll past, and move on with your day.

But what if your email address was in one of those breaches?

Chances are, it was. And probably more than once.

Go to haveibeenpwned.com — a free, legitimate tool created by security researcher Troy Hunt. Type in your email address, and it'll tell you exactly which breaches your data appeared in.

Don't panic when the results come back. Almost everyone shows up in at least a few. The site has tracked over 14 billion compromised accounts across thousands of breaches.

What matters is what you do next.

It depends on the breach, but commonly:

The worst part? Breached data doesn't just disappear. It gets traded, sold, combined with other breaches, and used to build detailed profiles of you. A hacker might combine your email from one breach with your password from another and your phone number from a third.

Here's what most people think: "I've been in breaches before and nothing happened, so it's fine."

That's like saying, "My house key has been copied, but no one's broken in yet."

Breached credentials are often used for:

1. Check haveibeenpwned.com Search every email address you use: personal, work, old ones you forgot about.

2. Change passwords on breached accounts Start with anything financial: banks, PayPal, credit cards. Then email. Then everything else. Use strong, unique passwords for each one.

3. Stop reusing passwords This is the single biggest risk multiplier. If the same password works on your Target account, your Gmail, and your bank, one breach compromises all three. Use a password manager (covered in our earlier issue, The Password Problem).

4. Turn on two-factor authentication (2FA) We'll cover this in detail next week, but the short version: turn it on everywhere you can, starting with email and banking. It's the single most effective thing you can do after a breach.

5. Watch for phishing After a breach, scammers know which services you use. Expect convincing-looking emails from those companies. Don't click links in emails, go directly to the website instead.

6. Consider a credit freeze If sensitive personal info was exposed (SSN, date of birth, address), a credit freeze with the three major bureaus: Equifax, Experian, and TransUnion, prevents anyone from opening new accounts in your name. It's free and reversible.

🔍 Check haveibeenpwned.com: search every email address you use.
🔑 Change passwords on breached accounts: start with financial and email.
🚫 Never reuse passwords: one breach shouldn't compromise your whole life.
🛡️ Turn on 2FA: it blocks the vast majority of unauthorized logins.
🧊 Consider a credit freeze: if personal data was exposed.

Data breaches aren't going away. They're happening more often, to bigger companies, exposing more data every time.

You can't control whether a company you use gets hacked. But you can control how much damage it does to you.

Check your exposure. Fix your passwords. Turn on 2FA. Do it this week.

Until next time — stay private, stay safe.

— Peter Oram
Chief Cyber Safety Evangelist

P.S.: I’m working on a practical iPhone safety guide for parents.
Reach out if you’re interested in early access.

Join the Community! A Facebook group where you can ask your questions, get tips, and help others.

Want more practical tips like this?
👉 Subscribe or read past issues at newsletter.cybersafety.group

Have a topic you’d like covered?
📬 Email me directly: [email protected]

FOLLOW US ON SOCIAL MEDIA