Financial and payment information are the most critical data types that you own. But what if it got leaked?

That’s exactly what happened with over 600,000 payment cards and financial records, affecting billions of people in nine countries. What happened and what can you do?

A Double-Hacking Incident

On March 17, 2020, the underground online store dealing in stolen payment cards and financial information, Swarmshop, was hacked. The hackers leaked 623,036 payment cards and records, nearly 500 online banking accounts credentials, and close to 70,000 Canadian Social Insurance Numbers (SIN) and American Social Security Numbers (SSN).

However, the cybercriminals didn’t stop there.

They also targeted and leaked records of the shop’s admins, sellers, and buyers; exposing their usernames, passwords, online activity history, and even their contact details. Then, they uploaded the data to a different online forum.

The site owners' and patrons' personal information being leaked might not be the biggest concern to the average user, but the accompanying data should be. While people’s financial and personal information was nestled in a dark corner of the internet, they became open for anyone to access and take advantage of.

The funds loaded on the 600,000 cards add up to approximately $18,000 and average at around $30 per card. The card leaks likely didn’t result in a severe financial loss for their owners as people rarely keep lots of money on their shop cards—only topping up when needed.

Not to mention, it’s easy to dispose of or freeze your card if you think it’s been compromised.

The dangers of this security leak lie within the security and insurance numbers, and banking information. Those often require a lot of work on behalf of their owner to fix. And whoever has access to them can cost the victim a lot more than $30.

What Can You Do?

Alexa skills against stress and anxiety

So, what can you do if you were part of this massive data leak or a similar one in the future?

First, you need to confirm the leak happened from trusted sources and check whether you were included in the breach. When it comes to data leaks from companies, they're likely to contact you to inform you that your data might've been compromised in a breach.

But in situations like these, where there isn’t an official service provider, you have to take matters into your own hands. You can hire a dark web scanning service, which is sometimes included in security-focused password managers. With their help, you won’t have to venture into the dark web on your own, aimlessly searching for your data.

Next, contact the affected company and ask whether they can help you manage and change your compromised data. If that's not an option, you’ll need to change all the information included in the breach as soon as possible on your own.

If it’s financial information, contact your bank and inform them of the situation. You'll be able to prevent fund withdrawal under your name and receive new and secure information shortly.

If the data in question was your SIN or SSN, immediately contact the local authorities.

How to Protect Your Data From Future Incidents

Phone with purple screen and white lock

As a user, there isn’t much you can do when it comes to the security of a company’s database. But what you can do is pick which companies hold your data.

Whenever possible, work with businesses that allow you to store your data locally on your device.

You should also look for services that utilize strong encryption, preferably end-to-end encryption whenever possible—like with password managers.

Data Breaches Are Inevitable

Still, data breaches and leaks can’t be entirely avoided. In addition to choosing secure service providers, you need to be vigilant.

Keep up with the latest security news, especially ones regarding data leaks and security vulnerabilities in companies you deal with. That way, even in the case of a leak, you’re prepared and can act fast.