It seems like there’s a major data breach every few months.

Just a few months ago, on August 9th, I received this email from ‘;–have i been pwned?

It’s just an email address, so not the worst breach ever, but it’s information from a cybersecurity firm I’ve never worked with. More surprisingly, there was no leak or hack, the bad guys just collected data from “publicly available sources.”

Anyone can go to haveibeenpwned.com to see if their email address has been leaked. It’s run by Troy Hunt, an information security professional whose blog I’ve followed by for years, and you get notifications when your email is leaked. It’s free.

If you’ve had the email address for more than a year and use it anywhere, it’s probably leaked. My main email address has been leaked in 29 data breaches.

The list is quite impressive – me and 153 million others were leaked via Adobe in 2013 (when Troy started the tool) and I joined 79 million others when Advance Auto Parts was breached in June of 2024. It was leaked in pretty much every major data breach in the last twenty years!

But does it really matter?

Yes… but also not really. Here’s why.

It’s Already Out There

If you get a notification that your data was revealed in a breach, I wouldn’t get stressed out about it. When I received the email that other day about SOCRadar, it barely registered.

Your data is already out there.

I’m in my forties, I’ve been online since I was an adult, and I’m comfortable using online services so my information has been stored on hundreds (if not thousands) of websites.

As you saw in the screenshot, some subset of my personal information has already been revealed at least 28 29 times.

You Already Get Lots of Spam

You will get a lot of spam text messages, phone calls, and emails.

Fortunately, email inboxes are savvy enough to limit most of the bad stuff. You should still be aware of phishing attempts and ignore pretty much anything official looking.

I like to use a confidential “classified” email address that is only used with important (financial) accounts. But if your data is leaked by a bank, well your classified email address is junk now too (womp womp, sorry!). I also use a junk email address that I never check for anything unimportant.

This is known as security through obscurity and a nice additional layer of protection (but not a primary one, for that we use 2-factor authentication).

As for phone calls and text message, I silence unknown callers and briefly check voicemail transcriptions if they leave a message (I never listen to them). Sometimes it’s a delivery driver who is lost or someone local who needs to reach us, but those are extremely rare (1 out of 50?).

I Never Get Complimentary ID Monitoring

Whenever there is a breach, the company offers complimentary identity theft monitoring from some service. I’ve never signed up for it.

I don’t believe I need it and I also don’t want yet another company having my information. (I also secretly think it’s a ploy to get you to use the service and then start paying for it after the complimentary period expires)

I just use my own do-it-yourself identity theft protection system and I don’t need to worry about canceling the service. (you may not even need to cancel the service, I’ve never signed up so I don’t know)

I also freeze my credit reports so I’m not concerned someone with my information could open a line of credit. Until I unfreeze it, no one can.

I’m confident that I have protections in place to prevent anything bad from happening because of these breaches.

I’m not as bold as the former CEO of LifeLock, Todd Davis. As part of a marketing stunt, he plastered his Social Security Number on billboards and trucks to prove how effective LifeLock could be. He also discovered that by doing that, his identity had been stolen 13 times in three years. Yikes.

It’s Serious But Also Too Common

I know I’m being cavalier about data breaches. They are serious events but in most cases, given limited liability rules and the fact that they’ve been happening for ages, it won’t impact you. It’s nothing to lose sleep over.

If you protect yourself, and our guide for DIY identity theft protection offers a lot of easy and free steps you can take to protect yourself, the impact will be minimal.

If you are the victim of identity theft, the perpetrator is likely going to be someone you know. It makes reporting that much trickier, especially if it’s a family member.

But, if it does happen, experts suggest that you:

• Report it to the Federal Trade Commission at IdentityTheft.gov and/or call 1.877.438.4338
• Put fraud alerts and freezes on your credit reports (Experian, Equifax, TransUnion)
• Contact all your financial institutions (credit cards, banks, etc.)

IdentityTheft.gov offers this page of suggestions if you are a victim.

Have you been a victim of one of these breaches? (how many times? More or less than 29!?)