So you gave personal information to a company involved in a data breach. What now?

Hacks, ransomware attacks and data breaches seem to be in the news more and more – and many people are getting warnings that their information has been compromised in the process.

This week, Petro-Points members discovered that an unauthorized party had obtained their basic contact information, such as postal and email addresses, phone numbers and dates of birth. Petro-Canada sent an email to its customers to watch out for unusual emails and messages.

In February, a ransomware attack on Indigo compromised the data of current and former employees. And late last year, thousands of people in Ontario were warned that their personal information may have been compromised by a breach of the province’s vaccine management system.

Getting one of those ominous emails or letters alerting you to a problem can make you feel powerless. But cybersecurity experts say there are helpful steps you can take to protect yourself after a data breach — and prepare for the next time it happens.

“It’s not like you’re going to be violated, it’s when you will be violated,” said Cat Coode, a data and privacy strategist who founded Binary Tattoo, a cybersecurity firm based in Waterloo, Ont.

How to check if your data has been breached

Even if you have not been warned about a data breach, you can still take action.

Try entering your email address at HaveIBeenPwned.coma free service that checks whether your data has been breached and what exactly has been compromised.

You can also sign up for notifications about future breaches involving your email address.

Yes, I’m affected. What now?

If the breach involves your credit card number, call the company and let them know. It may be wise to ask your credit card company if you should change your number or cancel your card and request a new one. You should also call credit reporting agencies – in Canada they are TransUnion And Equifax – alert them to the problem and check for suspicious activity that may affect your credit score.

The company that suffered the data breach may also offer you free credit monitoring. If they do, include them — and insist on getting it for your kids if they’re affected, Coode said. While they may not have credit scores yet, their dates of birth and other personal information can be used to apply for credit cards.

Also, keep an eye on your credit card statements for any unusual activity.

If you believe you’re a victim of identity fraud, you can also request a fraud alert or credit freeze on your accounts, said Carolyn Boris, a vice president at Chubb Personal Risk Services.

You can even contact your insurance agent or broker to ask if your policies cover identity theft or related costs, she said in an email.

What about passwords?

Change the passwords of affected accounts. It’s also essential to make sure all your passwords are different – and yes, cybersecurity experts know full well how difficult that can make life.

“It’s very easy and common to use the same password, or maybe you have a small list of passwords. But this is exactly what the bad guys are after,” said Ian L. Paterson, CEO of Plurilock Security, from Victoria.

“Anytime a password is breached through a hack or a data breach, it is very common for the bad guys to use bots to test that password and see where else that password can be used.”

Both experts suggest using a secure password manager to keep track of your passwords. If you don’t want that, it’s better to write down cryptic hints for each password than the passwords themselves, Coode said.

And when choosing your passwords, think beyond the obvious. Chubb released a personal cyber risk report late last year that found that about half of people in Canada and the United States still include a pet’s name or other recognizable name or date in their passwords.

Coode suggested basing your passwords on your favorite book series instead.

What else can I do?

Make sure you are running the updated version of all applications and programs on all your devices and that your operating systems are up to date. Software companies often release patches and security fixes, Paterson said.

And wherever you can enable two-factor authentication (2FA) or multi-factor authentication (MFA), do it.

“It’s that annoying text message you get with the six-digit code you have to punch in,” Paterson said. “It’s frustrating, it slows you down, but it works wonders for protecting your safety.”

Chubb’s report showed that more than 50 percent of Americans and Canadians now use 2FA.

Finally, if you pay for things online, use services like PayPal where possible instead of entering your credit card information, Coode said. It prevents your credit card number from spreading widely.

The experts offered common sense advice that most of us have heard before. But if you track it, it can travel a great distance to protect you, Paterson said.

“The bad guys want to go after the easy targets,” he said. “As a consumer, you have to be safer than the next. And the bad guys go after the other one.”