Three Steps to Take after a Data Breach
With record setting numbers of data breaches happening each year, there’s an excellent chance that you will become a victim of lost or stolen personal data—if you haven’t already, that is. One of the chief concerns security experts have in this climate of hacking and fraud attempts is that consumers will stop taking the threat so seriously. So what do you need to do if you’re a victim in a data breach?
Your immediate response will vary depending on what information was stolen and how quickly you’re informed of the incident. Some people only find out about a breach or hacking event after their financial institution informs them that their accounts were compromised; in a situation like that, you wouldn’t have to do much of anything. Your bank will correct any fraudulent charges and your new credit card will arrive in the mail.
But other incidents aren’t so clear cut and easy to recover from. That’s why all consumers need to be prepared to take action the moment they’re informed of a data breach.
- Determine what information was stolen – Depending on what data the thieves got their hands on, you need to be ready to devote some time to protecting yourself. If your credit card number, physical address, or an email address were the only pieces of the puzzle that they accessed, you’re not completely out of the woods but you also don’t need to put your day on hold to tackle your security.
You need to be mindful of how many other pieces of the puzzle hackers may have accessed from other sources, though. For example, they might have stolen your email address from one data breach, and your password on a separate account from another data breach. This could give them greater access to your information if you’re reusing that password anywhere.
Any time you’re informed of a data breach, it’s a good idea to change your passwords on your crucial accounts. It’s really a good idea to do so even if there hasn’t been a breach; some companies even require users to change their passwords every ninety days just to be on the safe side.
- They got it all – Unfortunately, if you’re involved in a data breach in which the hackers took everything—names, addresses, birthdates, Social Security numbers, and more—you’ve got more work to do. You’ll receive a notification letter from the company that was breached, and it will tell you what was believed to have been stolen.
In the event that hackers got everything, you need to contact the three major credit reporting agencies and place alerts or freezes on your accounts. This step will be free if you can provide proof that your information was stolen; your notification letter may serve as that proof, but you may also be required to file a police report. Filing the police report is a good idea anyway, since it will serve as proof down the road that your data was compromised if it’s ever used for criminal purposes.
There’s one more step you need to take, especially if your SSN was stolen, and that’s to alert the IRS. Tax identity fraud is a huge criminal industry now, and alerting the IRS will help add a layer of protection over your tax return in the coming tax filing seasons. You will also want to make sure that you file your legitimate return as early as you possibly can in order to beat a criminal to it.
- Monitor your credit reports and your accounts – If your notification letter included free credit monitoring services, don’t ignore it. Take them up on the offer and use it to help protect yourself. Of course, you don’t have to wait for a service to alert you to a problem. You can—and should—request a free copy of each of your credit reports once a year. If you stagger those reports, meaning you request one agency’s report in January, another one in May, and another one in September, you’ll get an ongoing picture of your credit throughout the year. That could make a lot of difference in preventing more widespread damage to your credit.
Data breaches and identity theft might seem like they’re practically unavoidable, and it’s understandable that consumers might feel like they can’t do anything to stop it. But even if you can’t stop a hacker from accessing your information, you can do a lot to make sure the damage he does with your data is kept to a minimum.
Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.