Interacting with organisations are almost entirely online for a first touch. We’ve all grown accustomed to sharing our personal details with various online platforms, from e-commerce sites to social media networks. The benefits of this are clear – saving time, immediate response, bulk information. Yet, this comes with risks—specifically, the risk of our personal information being compromised, often without our immediate knowledge.  

The UK's data protection laws are primarily governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. These work together to regulate the processing of personal data, ensuring it is used lawfully, fairly, and transparently. Individuals have rights over their data, including access, rectification, and the right to be forgotten, while organisations must comply with principles such as data minimisation and ensuring adequate security. After Brexit, the UK has maintained similar standards to the EU GDPR but has already amended the standard slightly.

Here are four telltale signs that your email address or other personal details might have been sold, leaked, or breached:

Unexpected Password Reset or Account Verification Emails: If you begin receiving unsolicited password reset requests or account verification messages from services you recognise (or don't), it could be an indication that someone is trying to gain access using your details or that your email is on a list being targeted. In the Latitude breach, many old customers received password reset emails and SMS from their acquired companies, causing confusion. This, however revealed the breadth of the data stolen.

Spam Overload: A sudden influx of spam emails, especially ones promoting shady products, services, or asking for more information can indicate that your email address has been sold or shared among various spammers. The cyber criminals can be reasonably sure your email is valid and that you’ve bought online before, making you a potentially warm lead.

Phishing Attempts: These are deceptive emails that try to impersonate legitimate companies, often asking for sensitive information or leading you to fake websites to enter login details. If you notice a surge in such emails, your details might be part of a broader list being exploited. Some might be addressed to you personally, if the scammer has bought more complete personal details.

Unusual Recommendations or Advertisements: If you suddenly see remarketing advertisements or product recommendations that you probably haven’t interacted with or are outright wrong for you - it might hint at your data being shared more broadly than you'd like, though it could also be a result of legitimate data-sharing practices by companies. This can be similar to the remarketing you get that is eerily related to your recent purchases, interests, or even conversations – except the recommendations are to scam websites.

What to do next:

Change Your Passwords: For any site or app where you think you may have reused a password or used a similar naming convention – change it. Use a password manager to store passwords for each account.

Activate Multi-Factor Authentication (MFA): This can add an extra layer of security, ensuring that even if someone has your password, they still need a secondary method such as biometrics, an authenticator app or code to access your account.

Log out of services: Check your Google, Microsoft and social media accounts for unusual device locations or unrecognised devices. Log out of all locations and change your password.

Beware of Phishing Attempts: Always double-check the URL of websites or links sent to you before clicking or entering details and never provide sensitive information via email, especially if you didn't initiate the conversation.

Stay Informed: Regularly check services like "Have I Been Pwned" to see if your email address shows up. Being proactive can help mitigate potential damages. If you have a large footprint in breaches as reported by “Have I Been Pwned” it might be time to retire that email address permanently. This is a difficult thing to do, but it might be the most secure way forward.