Skip to main content

Cybersecurity Advice: What to Do if You’ve Been Hacked


PURE Staff

Imagine hopping on the free Wi-Fi at your local coffee shop and checking your bank account. In this brief moment, a hacker gains unauthorized access to your account and begins wiring out funds. Unfortunately, this is a common cyber attack method.

Public Wi-Fi networks at hotels, airports and cafes are notoriously unsecure. You don’t know who set them up or who is connected to them, making great targets for hackers who can track all users’ history.

Avoid these networks and instead use a Mi-Fi (a personal mobile Wi-Fi device with a unique password) which you can get from your cellular carrier. You can also use a virtual private network (VPN) service, which can be downloaded to your device as an app.

According to recent analysis, the United States continues to experience the most data breaches of any country with 49.9 million alone in the second quarter of 2023. Russia trailed behind with 15.2 million. Worldwide, the second quarter of 2023 also saw a 156% increase in breached accounts compared to the first quarter.

Sensible security measures to protect your online information can help you avoid joining this statistic, but given the increasing severity and frequency of cyber and ransomware attacks, there is no perfect solution. So, it’s important to know how to minimize your exposure the moment it occurs and how to better secure your accounts following a malicious breach.

To help prevent a hacker from easily gaining access to your sensitive information, turn off default settings on your wireless devices like automatically connecting to the closest Wi-Fi. While inconvenient, you should also deactivate the feature on your bank and credit card apps and accounts that keep you logged in.

How to minimize a cyber-attack

Change your passwords as soon as you become aware your account has been hacked.

Log out of the compromised account on all devices.

Check the login logs for your account. Most cloud services track each and every time you log in to an account. This allows you to see when and from where that account has been accessed.

Call your bank if a bank account has been hacked. Immediately inform the financial institution and add a fraud alert to your credit report. This will make it harder to open a new account under your name if your identity has been stolen. Adding a fraud alert is free, good for 90 days, and if you add it to one credit-reporting agency, it will be reported to the other two. It may be prudent to cancel accounts that have been compromised and replace them with new accounts.

Reducing the likelihood of a future attack

Maybe you haven’t had your accounts compromised before, but you’ve gotten a call from your bank about a suspicious transaction attempt or you’ve been asked to reset your account password after a failed login attempt. Whether you are mitigating a cyber threat or taking preventative measures, here are some ways you can help stop cyber attacks on your accounts in the future.

Strengthen your password. A strong password is unique, including upper-case and lower-case letters, numbers and special characters. Consider using a mnemonic device to help you remember complex passwords. For example, build a password from the first letter of every word in a song: TtL*hiwWYA5 (“Twinkle, Twinkle Little Star” with special characters, lowercase and capitalized letters and a number). Place special characters, numbers and capital letters in the middle of your password rather than only at the beginning or end. Never use personal information in your passwords.

Enable multi-factor authentication on all your accounts and devices. Most companies that handle sensitive information—from financial institutions to social media platforms—will have a feature in the settings that will allow for multi-factor authentication using your phone or a third-party device. If available, enable account login notifications.

Set up credit card alerts to notify you when a transaction occurs so that you can identify fraudulent charges in real time.

Set up monitoring services. Note the difference between identity-theft monitoring and cybersecurity monitoring. Both can be beneficial, but cybersecurity monitoring is intended to help prevent cybercrime while identity-theft monitoring is intended to help you react more quickly if fraudulent activity has already occurred.

If your email address was compromised when your account was hacked, establish a new email address that you only use for banking, investment, health care and other accounts that hold sensitive information.