Only a few years ago, the entire world was shocked by a major retail data breach that stole tens of millions of consumers’ credit card information during Black Friday shopping. It was the talk of news channels everywhere, and at the time it highlighted just how capable cyber criminals really were.

These days, the thought of a hacker stealing only credit card numbers is almost laughable. Since that 2013 event, we’ve experienced data breaches like the Office of Personnel Management breach that stole the complete identities of nearly 22 million people, or the Yahoo breach that stole the login credentials to roughly one billion email accounts. So far in 2017, more than 200, US businesses have been hit by successful spear phishing attacks seeking Social Security numbers and payroll information. Criminals have not only realized that the big money is in broader, longer-lasting data, but they’ve also devised new ways to get their hands on it.

As consumers, it’s important to understand how data breaches—both accidental and intentional—can lead to identity theft. It’s also critical that you know what steps to take if you’re notified that your data has been compromised in some way.

If You Receive a Breach Notification Letter

Read it thoroughly to see what information is believed to have been accessed. It might be financial information like credit card numbers or account numbers, or login credentials like your username, password, and security questions.

It might even be your complete identity, including your name, address, birth date, and Social Security number. Your compromised information will tell you a lot about steps you might need to take next, from simply changing your password on an account to contacting the credit reporting agencies and placing freezes on your credit report.

More information available on ITRC Fact Sheet 129.

Check Your Credit Reports

One step that is always a good idea, whether you’ve received a data breach notification letter or not, is to monitor your credit report regularly. You’re entitled to one free report every year from each of the three major credit reporting agencies, TransUnion, Equifax, and Experian.

By staggering these reports—as in, ordering one in January, one in May, and one in September—you can get an ongoing look at your accounts and take action against any suspicious activity. Remember, checking your credit score is a good idea and there are even apps that let you do it at the touch of a button, but that’s no substitute for a thorough look at your entire credit report.

Best of all, you can sign up for alerts from the Identity Theft Resource Center, who has been tracking data breaches for more than ten years. Their scam alerts and emailed newsletters will help you stay “in the know” about the latest breaches and hacking events, as well as new tactics cybercriminals are using to steal identities.

For on-the-go assistance, check out the free ID Theft Help App.