Data breaches are becoming more common these days and known to create financial burdens most impactful on small businesses. In fact, the median financial impact of a breach last year was $21,659, with 95% of incidents falling between $826 and $653,587.

But what exactly is a data breach? A data breach is when secure information is taken from a trusted environment without permission. The bad guys can use this information to steal your identity, hack into your online accounts, or use the information for targeted phishing attacks to gather even more information about you. Most often, when data breaches occur, your credentials will be sold on the dark web.

How do I know if my information was exposed in a data breach?

The most obvious way is to be alerted by the company that been victim of the data breach. The most reliable way to know if data is exposed is to sign up for a monitoring tool. Dark web monitoring tools will actively search for company domain credentials leaked from a data breach. The tool will alert you with new results.

It is important to note that data exposed in a data breach and available on the dark web does not necessarily mean it’s already being used by hackers. It only means that hackers can easily gain access to it. There are steps you can take to protect your information even if you were exposed in a data breach which is why it is important to be able to detect any changes as they occur.

What can I do to prevent hackers from using my information exposed in a data breach?

85% of data breaches involve human interaction. This means the 85% of data breaches are caused by someone letting a bad actor in whether that is through a download, click, or submitting personal information into an illegitimate source. Mistakes happen (we are all only human) so here are three things you can do to prevent further loss from exposed data:

  • Use unique passwords across websites/apps and change them often.
  • Set up two-factor or multi-factor authentication.
  • Actively monitor the dark web for your credentials.
What do I do if my information was already exposed in a breach?

Take a moment to assess the situation. Ask yourself: What sort of information was exposed? Do I need to notify my bank or other entities? What steps should I take to make my information more secure now?

If your password was exposed (most common), you should change your password for all accounts associated with that password immediately. Make sure the password is unique and complex or use a password generator to create one for you. You should set up multi-factor authentication if it is not already turned on. If it is a company credential that was exposed, you should immediately alert your IT team or MSP.

For a deep dive into the dark web to find your exposed credentials, go to