How safe is my data after a hack or leak?

Following news stories in the past few days, it’s understandable you might be concerned about your data.

The UK’s elections watchdog revealed on Tuesday it had been the victim of a “complex cyber-attack” potentially affecting millions of voters.

Then on Wednesday it emerged personal details of police officers in Northern Ireland were published accidentally.

But what can you do if you are concerned your data may have been leaked, and how can you prevent issues?

Generally, when public organisations such as the Police Service of Northern Ireland (PSNI) respond to Freedom of Information requests they should remove any identifying data.

In this case, though, the force published confidential details by accident, leaving some officers and their families with concerns about their safety.

However, an average person affected by a data leak or hack should not panic.

The Electoral Commission has apologised to those affected by the cyber-attack, but says on its website the data it holds is “limited, and much of it is already in the public domain”.

“According to the risk assessment used by the Information Commissioner’s Office [the data regulator] to assess the harm of data breaches, the personal data held on electoral registers, typically name and address, does not in itself present a high risk to individuals,” it says.

This information could be combined with other bits of data about you, such as what you share on social media, to identify you – but this takes a lot of time and cyber criminals will generally only target prominent individuals like this.

And unless you have opted out of being named on the open electoral register, much of this information will already be publicly available online.

If you are concerned about a different data breach, and are worried that your information may have been lost, there are also websites which will tell you if your email was part of a known data breach, such as the free online service Have I Been Pwned (HIBP).

If you believe your password to an account may have been compromised, it makes sense to change it.

But you should be mindful not to respond to any emails recommending this, as they could be attempting to scam you – instead you should visit the website as normal, and change your password there.

This is also why it is important to have different passwords for different accounts.

By always keeping different log-in credentials, a future hack is less likely to affect you seriously as the hackers will not be able to use your data beyond accessing a single service you used.