Between 2013 and 2016, Russian-backed hackers initiated cyberattacks on Yahoo that resulted in the compromise of—wait for it—3 billion users. The attack began as an FSB assault on several banks and high-ranking international businesspeople, but the simple spear phishing emails they sent ultimately gave them access to every Yahoo user’s information, including names, phone numbers, and even password recovery details.

This devastating hit to Yahoo ($117M to settle class action suits and immeasurable damage to their reputation) is one of dozens of high-profile attacks that should serve as a wakeup call to anyone on the internet today. Although we’ve talked before about how to protect yourself from attacks like these, we’ll review a few tips and then address what to do should you suffer such an attack:

BEFORE

• Visit https://haveibeenpwned.com/ to see if you’ve been hacked. Simply enter your phone number or email address and this free service will list any websites where your information may have been compromised. If any are listed, go to those sites, and change your password immediately.
• Log out. Yes, it’s a pain to have to re-enter your password every time you log in, but staying logged in leaves the window open for hackers.
• Update passwords often. Set a reminder to update your passwords regularly—or if you suspect a breach—and try not to use the same passwords for different sites.

AFTER

• Determine what’s been hacked. Simply changing a password is much less taxing than canceling credit cards or opening a new bank account, so learn exactly what’s been compromised and then take the appropriate action.
• Change passwords. Update your passwords everywhere and where possible, add a secondary authentication. If you’ve used the same breached password on multiple websites make sure you change those passwords too. If you have trouble remembering your various passwords, consider a password manager like Password Genie. 
• Remove your home address. If you find out this very sensitive piece of information has been stolen, reach out to Google and Bing to request to have your address removed from internet searches and contact Facebook, Twitter, and Reddit and file a report noting that private information has been made public.
• Contact credit agencies. If your Social Security Number or credit card information has been stolen, contact the three credit agencies immediately to freeze your credit. No one will be able to use your information to open new lines of credit when your account it frozen.
• Monitor your credit. If a website was negligent with your data, they may pay for a year’s worth of credit monitoring. If they don’t own it, grin and bear the monthly charge to keep an eye on any unauthorized purchases or attempts to access your credit.

A simple Google search will highlight dozens of data breaches over the last decade, many devastating for businesses and individuals alike. Due to the porous nature of software and networks, we can’t have 100% security, but there are definitely ways to plug the holes. If you stay on the offensive, you have a great chance of keeping your data and personal information secure.