Steps to Better Protect Your Personal Information from Hackers, Breaches and Other Harms

Taking steps to protect yourself and your personal information from the harms associated with hacking can reduce the threat of identity theft and protect your online privacy.  Data breaches include incidents that result in unauthorized access to personal information. The breaches that often have the biggest impacts on society are those in which criminals hack into a business and exfiltrate the data of hundreds or even millions of consumers. 

Unfortunately, data breaches are a common occurrence — there have been more than 420 data breaches impacting over 500 Californians that were reported by businesses to the California Attorney General from January 1-September 30, 2025.  Some of these breaches impact millions of Californians.  

A data breach is often the gateway to identity theft, exposing personal information that criminals can later use to impersonate victims or commit fraud. The hackers who exfiltrate personal information during a data breach often sell it to other criminals, who then use it to access and take over online accounts, obtain additional information about you, and take other actions pretending to be you. Experts have estimated the total annual cost of identity theft to be in the tens of billions. 

Below are seven tips you can follow to better protect the data on your devices, strengthen your online accounts, and minimize the amount of personal information businesses have about you so that there’s less to exfiltrate if a business is breached. 

#1 Secure your files, apps, devices, and networks 

Data breaches can occur because of vulnerabilities in older versions of software that run on devices and networks. While businesses are responsible for protecting their networks and keeping their software up to date, you should keep your software up to date too, including your operating systems, security software, home routers, applications, and browsers.   

Other steps you can take could include: 

• Password-protecting your devices and keeping them in a safe place 

• Encrypting sensitive personal files so no one else can access them (Be sure to remember passwords that will decrypt the files.) 

• Backing up important files so you don’t lose them (e.g., to an external hard drive or flash drive, or using an automated cloud-based backup service) 

• Using encrypted messaging apps 

#2 Strengthen your online accounts 

Password security is one of the most essential and effective defenses against identity theft and account compromises that can expose your personal information. CalPrivacy recommends using strong, unique passwords for every site and consider using a password manager. For security questions, consider using made-up answers that only you would know. Enabling multi-factor authentication (MFA)  whenever it’s available will provide even greater security to your accounts — especially for sensitive accounts, such as banking, health services, and email. 

#3 Watch out for phishing and scams 

Phishing is when someone tricks you into giving away your personal information. Stay safe by avoiding suspicious links and attachments. If you receive a text or email that looks like its from your financial institution or another trusted business, it is always best to look up their information and contact them directly using websites or phone numbers you know are theirs instead of responding to the message. 

#4 Clean out unused or old accounts 

Be sure to delete or deactivate accounts you no longer use. The fewer active accounts you have means there are fewer accounts that can be broken into. 

#5 Limit Data Sharing 

You should be cautious about what personal information you share publicly online; many hackers can scrape social media platforms to build a profile on you that can be used nefariously. Consider setting your social media profiles to only allow friends to see your posts. 

#6 Exercise your California privacy rights 

The less personal data a business has about you, the less it impacts you if a data breach of a business occurs. Exercise your California Consumer Privacy Act (CCPA) rights to reduce your digital footprint by: 

• Submitting deletion and opt-out requests to businesses that collect your personal information 

• Enabling an opt-out preference signal that automatically tells websites not to sell or share your personal information 

• Submitting a complaint with CalPrivacy if you believe your CCPA privacy rights have been violated. 

Starting in 2026, CalPrivacy is launching a simple way to submit deletion requests to data brokers: the Delete Request and Opt-Out Platform (DROP). DROP is the first platform in the world that will allow you to submit deletion requests to every registered data broker at once. 

#7 Stay informed 

It’s important to subscribe to websites that track data breaches and read any notices you get from businesses that may have been breached. Additionally, stay informed on best practices by following the latest guidance from our sister agencies: 

• The Department of Financial Protection and Innovation has useful resources for fraud prevention for consumers. 

• The Federal Trade Commission offers information on what to do after a data breach and tools for victims of identity theft. 

• The California Attorney General’s Office offers an identity theft victim checklist. 

Everyone can be impacted by a data breach — even if you follow these tips. When you receive a breach notice or suspect that your device or an online account may have hacked, be sure to act fast.