It can be unnerving to be told that your information has been compromised – through no fault of your own – in a data breach. With the rise in the number of breaches and information exposed, it is a question of when not if your information will be compromised. The steps you should take for a breach notification vary for each data breach because the type of information exposed is not always the same. You should always be proactive when receiving a breach notification that your information was compromised in a data breach; breached information can quickly be used to commit identity theft.
The first step you should take after receiving a breach notification is to log in and change the password for the account(s) involved, ensuring you are creating a strong and unique password that will not be used elsewhere. Most breached entities will reset passwords and force you to make an update. Contact the compromised entity directly to see what additional protections you can put in place changing your username, enabling multifactor authentication and changing your account number are some common requests. If the account asks for security questions, update the security questions and answers.
If allowed, or if it makes sense, consider changing or removing any personal information you have affiliated with the account (name, address, phone number, email, etc). If you store any payment information within the compromised account, see Exposed Financial Account below.
If your bank account, credit card or other financial account number has been compromised, whether it is a result of a breach at that financial institution or because of a data breach with a different entity who was storing your financial account information, ask to close the affected account(s) and open a new account. Ask that a note be added to the closed account regarding the reason the account is being closed e.g. exposed in a data breach, potential for fraud. Make sure the new account has a new account number. If the data breach occurred at your financial institution and involves an existing card number, most institutions will proactively issue a new card with a different card number.
Monitor your current and past account statements for fraudulent activity (the breach may have occurred well before it was discovered and the thief may have had your information before you were notified). For a month immediately after the breach notification you may wish to monitor your account weekly, then continue to monitor your account statements monthly. Report any suspicious activity to your financial institution immediately.
Read a more comprehensive remediation plan on financial identity theft here.
If you receive a breach notification, place a one-year fraud alert and place a credit freeze with the three main credit reporting agencies (CRAs): Equifax, Experian and TransUnion. Order your credit reports from all three CRAs and review them for fraudulent activity. If you spot activity on your reports that is fraudulent, contact the entities that are reporting the activity and ask to speak with the fraud department. If the entities reporting the information to the CRAs do not contact the CRAs to update their information, you can file a letter of dispute. Continue to monitor your credit reports annually.
Check your social security statement regularly by establishing a my Social Security account. Check for earnings activity that does not belong to you.
File your taxes as early as possible every year. Thieves can use your social security number in conjunction with your other personally identifiable information to file taxes in an attempt to have a refund routed to their account.
Just because your social security number was breached once does not mean it will not be used again; thieves will sell your information to other thieves who will attempt to use it again.
Contact your insurance provider and ask if they can change your insurance account/card number. See what additional protections you can put in place such as an additional password when calling for service. Check your medical insurance billing statements closely to ensure the company is not covering services received by a thief that you have not received.
For more information on data breaches and to receive no-cost assistance in preventative steps contact an expert ITRC advisor toll-free at 888.400.5530 or LiveChat with us.