Has Your Personal Info Been Leaked? Here’s How You Can Tell

You get an email with a password reset link for your Amazon account. You didn’t request it, so you “safely ignore it” as the Amazon email states. Then, a few days later, you get an email asking to confirm your email address for a new account on Robinhood, a stock market e-trading app. Not long after that, you get a text message with a two-factor authentication code you didn’t request for your bank account.

All of these notifications should put you on high alert. Why? Because your email address and phone number (and probably some passwords and other sensitive info) have been leaked. A cybercriminal has a hold of them and is trying to log into your existing accounts or open new ones with your info.

These kinds of emails and texts are a good indicator of stolen personal data, but they’re not the only sign. You should know which factors to look out for and how to check if your personal data has been compromised.

How You Can Tell if Someone Is Stealing Your Personal Data

If you suspect that your data might be compromised online and you’re looking for “signs” that your data has been leaked or stolen, chances are it already has been. You shouldn’t wait until you notice unusual account activity to be on your guard—you should always be careful online.

With that precursor out of the way, let’s look at some of the most obvious indicators that your personal data (email address, phone number, address, passwords, bank info, etc.) is being shared without your permission.

• You receive password reset notifications or emails but you didn’t initiate a password reset request.
• You are locked out of your accounts even though you’re using the credentials you set the account up with.
• You get an alert from a website or application about unusual account activity and you don’t recognize it.
• Your online account is missing money.
• You notice a new credit line or loan on your credit report (you should get a credit report from one of the three major credit bureaus once per quarter).
• Your device is infected with malware (if you have malware, your info probably got stolen too).
• You notice unexpected software installs on your device.
• Your family and friends tell you they’ve received odd messages from you.

The sign that usually prompts people to run personal data breach scans is receiving an email saying that an application or service you use has been hacked and that your information may have been implicated. If this happens, you should take action immediately.

What to Do After a Data Breach

• Report the breach to your bank and all three credit bureaus within 72 hours. You can also initiate a fraud alert if needed.
• If you can still access your accounts, change all the passwords (this is a lot easier if you use a password manager).
• Install all updates for firmware and software on your devices.
• Run a scan with your antivirus software on your device.
• Keep an eye out for scams going forward.
• Consider signing up for an identity monitoring and protection service like Aura.

Free Data Check Tools

It’s easy to find out if your personal data has been compromised. You can use one of these free tools to see if any of your data has been shared without your knowledge or permission:

• WhatIsMyIPAddress Personal Data Scan: This tool isn’t for breaches, but you can check how much of your info is available on public data broker sites. It’s for U.S. residents only.
• Have I Been Pwned: Search across multiple data breaches to see if your email or phone number has been compromised.
• Avast Data Leak Check: Quickly search if an online account linked to your email address has been compromised.
• F-Secure Identity Theft Checker: Check if your personal data has been exposed on the dark web.

There are also paid services you can use to check for exposed data, and these generally tend to be more comprehensive. After a certain point, though, it doesn’t matter how much of your data has been leaked. Knowing that even one piece of personal information is where it shouldn’t be is enough to make you take action.

Data Breaches vs Data Brokers

When checking for your leaked personal data online, you may come across your information in a people search site like Yellow Pages or Zoominfo. These directories aren’t considered illegal, however, and they didn’t receive your data by stealing it.

They legally obtained it, usually by purchasing it from a vendor. And they’re allowed to sell it too. Companies that collect information about people, whether for people search directories, advertising purposes, or healthcare, are known as data brokers.

These companies can make certain information about you publicly (or privately) searchable and it’s not considered “stealing” or “leaking” your information.

Some examples of data brokers are:

• Advertising brokers: Epsilon, Oracle, KBM, Axicom, etc.
• Healthcare brokers: Experian Health Inc. and Healthcare.com
• Risk mitigation brokers: LexisNexis
• Credit Bureaus: Equifax, Experian, TransUnion, and other platforms that let you monitor your credit score

How Data Brokers Use Your Information

Data brokers gather information about you and sell it to third parties. They build profiles on millions of people for advertising, call centers, debt collections, and more.

Examples of personal details data brokers deal in are:

• Email address
• Phone number
• Physical mailing address
• Aggregate demographic data
• Information about your purchases

Where Data Brokers Get Your Information

They can get your information from a variety of sources—and this information isn’t considered confidential. The most common sources are:

• Website tracking cookies
• Government public records (birth certificates, marriage licenses, etc.)
• Bank databases and credit card companies
• Online retailers
• Social media platforms
• Website surveys

Why Data Brokers Are a Privacy Risk

If data brokers don’t collect or compromise confidential personal data, why should you be concerned about them? While they don’t share your bank account numbers, Social Security number, or other “sensitive” info, hackers can still use brokers to build profiles of their targets.

A cybercriminal might obtain a password to one of your accounts in a data leak. Then, they find your email address on the dark web. They can then find your birth date, mailing address, and phone number from a “legitimate” people search site. With just this information, they can open fake accounts in your name or even trick your cellphone provider into porting your number to a new SIM card (a scam known as SIM swapping).

It also shouldn’t be surprising that these data brokers are prime targets for hacks. Equifax was breached in 2017, which affected the personal information of 147 million people. T-Mobile had 15 million records exposed in 2015 because they were stored on Experian’s servers, and Experian was breached. In 2011, Epsilon was hacked, exposing the names and email addresses for millions of people.

Most data brokers allow you to request to remove your information from their sites, but they make the task difficult and inconvenient. They’re also continuously collecting info, so even if you succeed at getting your data removed, it may show up again in a year or two. Some services will go through a large number of data brokers and remove your info for you, but they’re not free.

Are Data Brokers Legal?

Data brokers are completely legal in the U.S. and there are no federal laws to regulate the industry. For the most part, they can sell your information to just about anyone if the price is right. 

However, as of 2024 they’re prohibited from selling sensitive personal data of Americans to potentially malicious countries or companies that operate in malicious countries.

How to Keep Your Data from Getting Leaked

If you want to avoid having your information compromised in a data breach, you should take action now. Online security always works better when it’s proactive, and not reactive.

Here are some steps you can take to secure your information:

• Get good antivirus software: With an antivirus installed, your chances of getting hacked are lower. It detects and blocks any potentially malicious software from your device.
• Use a password manager: Strong passwords are the foundation of a secure online presence. They’re not the only thing you need to stay safe, but they’re essential. Keep track of all your passwords with a password manager.
• Back up your important information: Make copies of your most important files and info and keep them in a secure place that you can access in case of a breach.
• Protect your identity: Sign up for a service that offers identity theft monitoring and protection. You’ll get alerts when your information gets found somewhere it shouldn’t be.
• Stop phone scams: Use a service like Robokiller to block spam texts and calls on your phone.

Stay Safe Online

Personal information has become a commodity in the digital age. Brokers want it so they can sell it to the highest bidder; cybercriminals steal it so they can also sell it to whoever’s willing to pay. As our lives have moved increasingly online, it’s become harder to maintain privacy.

Fortunately, there are ways to protect your sensitive information, if you’re willing to put some effort into being more cautious. You should have a skeptical attitude about everything you encounter online and never give away your information—name, email address, phone, anything—easily.

Your personal data and your identity are the most important things you have. Protect them vigilantly.