Data Breach Notice


When it happens, you feel powerless. You get an email or letter from a business saying someone breached your data. It happens all too often today.

Data breaches happen at banks, online sites like Facebook, and ecommerce stores. Not only that, but governments are also victims. This leaves things like your address, SSN, and credit card details exposed to thieves.


A business getting hacked is something you have little control over. But you can take important steps afterwards. We’ve outlined the most important things to do below. These steps can help you mitigate the financial losses.

Change Your Passwords

The very first thing you should do is change your passwords. Change the password for the service that sent you the breach notification first. Then, change it for any logins using the same password.


This is one of the reasons it’s a best practice to use unique logins for every site. Many people get in the habit of using the same password in several places. This leaves more than the single breached login at risk. Use a password manager to help you create strong passwords. You only need to remember one to access all the others.

Enable Multifactor Authentication (MFA)


Multifactor authentication can keep accounts secure, even if a hacker stole the password. Enable it for the breached service. Then, ensure you have MFA activated for all other logins, where possible. MFA is also called two-factor authentication or two-step verification.


Common forms of MFA are:

Text message

Authentication app

Security key

Image

Check Your Bank Accounts


If payment card details were breached, check bank accounts. You’ll want to watch these for several weeks for fraudulent charges. Report the breach to your bank to have them issue you a new card, if needed.

Notify your bank about the 3rd party data breach. This can help keep you from being held responsible for fraudulent charges. It’s good to get out ahead of it. Your bank can then help you with appropriate steps to avoid fraud.
Image

Freeze Your Credit

Online criminals will often sell breached personal details. These details can enable someone to take out credit in your name. Contact the three credit agencies. They each have ways to freeze your credit to protect you. You can do this right on their websites.

The three credit agencies are:

  • Equifax

  • Experion

  • TransUnion

Carefully Review the Breach Notification

It’s important to understand exactly how the data breach may impact you. Review the notice you received. Additionally, look for updates on the company website.

  • These are the things you should be looking for:

  • The type of data exposed (passwords, card numbers, etc.)

  • What reparations the company is making (e.g., credit monitoring)

  • Any instructions given to secure your account

Regularly check the company’s website. Often, they don’t immediately know how far reaching the breach is. You may check back later and find out other types of sensitive data were exposed.

Get Good Cybersecurity Options

Make sure you protect your device and network. There are some simple tools you can use to beef up personal device security. These include:

  • A good antivirus/anti-malware program

  • DNS filtering to block malicious sites

  • Email spam filtering for phishing

Another good protection you can use is a VPN. This helps mask your traffic. It is especially helpful if you’re using a public Wi-Fi. VPNs are easy to use. You can use VPNs for both computers and mobile devices.

Be on the Lookout for Phishing Scams

Emails are often exposed in data breaches. This means you may receive an uptick in phishing emails. Phishing is very convincing since criminals have AI at their disposal. Phishing emails often are hard to spot from the real thing.

Stay ultra-aware of any unexpected emails. Follow best practices to avoid becoming a phishing victim:

  • Hover over links to see them

  • Go to websites directly

  • . Don’t click email or SMS links

  • Beware of unknown senders

  • Watch for phishing on social media and text messages

  • When in doubt, double check through an official source

Make Sure to Update Software and Systems

Hackers often exploit unpatched vulnerabilities. How do you get unpatched vulnerabilities? Most times it’s from failing to keep software updated.

Make sure to update your device operating system. Update all apps or software on your devices. Update firmware for routers and printers. Update firmware for smart devices.

There are so many updates we need to do with our electronics. Automating your updates is a good way to stay protected.

Managed Security Services You Can Count On


The cashless revolution is here. It’s time for small businesses to embrace it. By adopting digital payments, you can enhance your customer experience as well as improve efficiency and reduce costs.


As your trusted IT partner, we're here to support you every step of the way. Let's make the transition to cashless payments a seamless one for your business.

Reach out by phone or email to schedule a chat today.

Read more from our Blogs

password spraying

What Is Password Spraying

CrossNewsletter
June 18, 20253 min read

What Is Password Spraying

Cyberattacks aren’t always complex. In many cases, hackers succeed simply because users reuse weak passwords. One of the most effective techniques for exploiting this? Password spraying.

Unlike traditional brute-force attacks that hammer away at a single account, password spraying takes a more subtle approach—and that’s exactly what makes it dangerous. For small to medium businesses (SMBs) in Newcastle, understanding how password spraying works is essential. At Crossover IT, we help local businesses detect and prevent these attacks before they cause damage.

What Is Password Spraying?

Password spraying is a type of brute-force attack, but with a twist. Instead of trying hundreds of passwords against one account (which usually triggers lockouts), hackers try one commonly used password across many accounts. This way, they avoid detection and increase their chances of a successful login.

Here’s how it typically works:

  • Attackers use a list of usernames, often sourced from public data breaches.

  • They attempt a single weak password—like “Winter2024!”—across every account.

  • The process is automated and spread out to avoid raising red flags.

This method exploits poor password habits and often flies under the radar of traditional security systems.

How Is Password Spraying Different from Other Attacks?

Let’s break it down:

Traditional Brute-Force Attacks

Focus on one account and try many password combinations. Easy to spot, easy to block.

Credential Stuffing

Uses real username-password pairs leaked in past breaches. Relies on people reusing passwords across services.

Password Spraying

Tries one password across many accounts. It’s low and slow—deliberate enough to evade account lockouts and detection systems.

This tactic is now being used not just by independent hackers, but by organized cybercriminals and even state-sponsored attackers.

How to Detect and Prevent Password Spraying

Stopping these attacks requires more than just complex passwords. Here's what we recommend:

1. Enforce Strong Password Policies

  • Require long, complex passwords (12+ characters, mix of symbols, numbers, and cases).

  • Prohibit common passwords like “Welcome123” or “Company2023.”

Use a password manager to help your team create and store secure logins.

2. Enable Multi-Factor Authentication (MFA)

Even if a password is guessed, MFA adds a second step that blocks unauthorized access. For SMBs in Newcastle, this is one of the easiest and most effective ways to shut down password spraying.

3. Monitor Login Patterns

Look for:

  • Failed login attempts spread across multiple accounts

  • Logins from unfamiliar IPs or geographic regions

  • Repeated attempts at off-hours

A good MSP can help you set up this kind of behavioral monitoring.

4. Regular Security Audits

Review login logs and access controls regularly. If you spot trends—like repeated failed logins with a specific password—it could indicate a spraying attempt.

Go Beyond the Basics: Strengthening Your Security

In addition to the essentials above, here are a few extra steps:

Configure Login Detection

Set alerts for multiple failed login attempts from the same IP, especially across different accounts. This helps identify slow, stealthy attacks.

Train Your Team

Human error remains one of the biggest risks. Educate staff on good password practices and phishing awareness.

Have an Incident Response Plan

If an attack gets through, you need a plan:

  • Alert affected users

  • Force password resets

  • Audit access logs

  • Notify your MSP or IT provider

Don’t Wait for a Breach

Password spraying is easy for attackers—and devastating for businesses caught unprepared. But with the right systems and habits in place, it’s also highly preventable.

At Crossover IT, we help small to medium businesses in Newcastle protect their accounts with layered security, real-time monitoring, and staff training. As your local MSP, we’re ready to help you stay one step ahead of cyber threats.

Need help protecting your business from password spraying and other attacks?
Contact Crossover IT — your trusted MSP for SMBs in Newcastle — for practical cybersecurity solutions that keep your business safe.

Back to Blog
Image

Innovation

Fresh, creative solutions.

Image

Integrity

Honesty and transparency.

Excellence

Excellence

Top-notch services.

FOLLOW US

COMPANY

CUSTOMER CARE

LEGAL

Copyright © 2024. CROSSOVERIT. All Rights Reserved. Newcastle, Australia.