Protect yourself against information leaks

Why it matters

You can’t always protect yourself against information leaks, as they're often out of your control. Usually, when your personal information is leaked online it’s due to a data breach – which is when a business or company is affected by an online security incident and their data is stolen. But there are ways to help secure your personal information even if it's leaked as part of a data breach.

Learn more about information leaks

Protect your business against data breaches

How to protect yourself

Don’t share too much information online

Only share as much information online as you need to, and make sure you have strong privacy settings on all of your online accounts.

If you’re being asked to provide a business or service with more information than you feel is relevant, ask them what the information is being used for and why they need it. Businesses are legally required to only ask you for the information they really need.

How to protect your privacy online
Create good passwords

Use strong, long and unique passwords on your online accounts. That way if the password for one of your accounts is leaked you’ll only need to update that one account – your other accounts will still be safe.

You can also use a password manager to help keep your accounts safe.

How to create a good password

Keep your data safe with a password manager
Use two-factor authentication (2FA)

Where possible, turn on 2FA for all your online accounts to add an extra layer of security.

Use two factor authentication (2FA) to protect your accounts
Check to see if any of your information has been leaked already

Tip

The Have I been pwned? website tracks data breaches as they happen. You can sign up to get notified by them if your email address is ever included in a credential dump.
Have I been pwned?

The details of several large public data breaches have been added to a website called ‘Have I been Pwned?’. While we’re not affiliated with this website and haven’t verified the data it contains, it can be helpful to check it to see if any of your details have been leaked online as part of a data breach. You can visit the site to see if your email address is included in their lists of leaked information, which are usually referred to as ‘credential dumps’.

Get help

If you’re concerned that some of your personal information has been leaked as part of a data breach:

contact the relevant business or organisation to see if the breach affects any of your accounts
change the password for any account that's been included in the breach immediately. If you’ve used the same password on any of your other accounts, change the passwords for them too
get a free credit check done. This will let you see if any accounts have been opened in your name. You can ask to have your credit record corrected if there’s any suspicious activity on it.

How to get a credit check report in NZ (external link)

Some attackers will use other people’s personal information that they find online to impersonate them or steal their identity. Find out what to do if you’re concerned about identity theft.

Online identity theft

Report the issue to CERT NZ

You can also report an online issue or security incident like this to us at CERT NZ.

Get help now

What to read next

The basics

Create good passwords

Browse all The basics

Outdated browser