What to Do When You Get a Data Breach Alert
Joy Wallet is advertiser-supported: we may earn compensation from the products and offers mentioned in this article. However, any expressed opinions are our own and aren't influenced by compensation. To read our full disclosure, click here.
Finding out your data may have been compromised can send chills down your spine. No one wants to learn that cybercriminals have accessed their personal information during a data breach. However, a data breach doesn’t have to stop you in your tracks. By being proactive in your response, you can take steps to stop cybercriminals before too much, if any, damage is done.
In this article
What is a data breach?
A data breach occurs when someone takes secure information they have no authority to access without permission. Examples of security breaches include stealing credit card numbers from retailers, email addresses and passwords from Internet service providers, and Social Security numbers from healthcare providers.
How to respond to a data breach
You will often receive notification of a data breach via email. Instead of panicking, this breach notification should be your starting point in addressing the data breach.
Confirm the data breach
One way cybercriminals try to steal your sensitive information is through phishing or fake emails. These emails may look like official emails, including company logos or official email addresses, but on closer inspection, they are not. When hovering your cursor over links in the email, you’ll see website addresses that do not go to the company’s official website. Or the phone numbers may look suspicious. Therefore, it’s important to verify the email is legitimate.
To verify a data breach notification, do not click on any links in the email or call any listed phone numbers. Instead, go to the website of the company that was breached and call the phone number listed for customer support. Let them know about the email you received and ask if it is legitimate. If they say no, delete the email and move on. If they say yes, ask them what steps you need to take next.
Determine what data was affected
Once you verify a data breach, discover what personal data was stolen. Many types of data could be involved. These include:
- Email address or password
- Credit or debit card numbers
- Banking information
- Social Security number
- Phone numbers
- Mailing addresses
- Dates of birth
- Security questions and answers
Knowing the data involved in the breach will help direct your next action. For instance, you probably don't have much to worry about if your name, mailing address, or phone number were involved. For most people, this information is readily available online through search engines or online phone books.
If your email was involved, it likely won’t result in much more than an increase in spam content in your junk folder. However, if your email password was also involved, that could be problematic because anyone using it may be able to log into your email account and access even more sensitive information.
Of course, banking or credit card information, your Social Security number, and your date of birth are some of the most crucial pieces of personal information that could be used in identity theft and, therefore, demand the most attention. These items can be combined with less-sensitive information like your name and mailing address to apply for new credit cards, open new bank accounts, or file fraudulent tax returns.
If your Social Security number is compromised, identity thieves can create great harm because they don’t necessarily need your mailing address or other personal information to open new accounts or pose as you. You likely won’t be able to replace a stolen Society Security number with a new one, so it’s imperative to follow the steps below to protect it as much as possible.
Change all passwords for affected accounts
Regardless of the information stolen in the data breach, changing the passwords and any security questions and answers for the related account is a good idea. Make sure you have strong passwords that include upper- and lowercase letters, numbers, and at least one special character, such as an exclamation mark. Pay attention to the account’s specific requirements for unique passwords, such as the minimum or maximum number of characters in the password and which special characters are permitted.
Also, do not use the same password for more than one account. Of course, trying to remember many new passwords for several accounts can be difficult. To help you out, try a password manager such as LastPass or Dashlane to keep track of your passwords. Although not free, a password manager can provide peace of mind because you won’t have to keep up with multiple passwords.
Update your security questions and answers as well. Choose questions you haven't used before. In addition, don’t give out any information used as answers in those social media posts you see that ask to share personal information so your followers can “get to know you.” For example, don’t reveal the make and model of your first car, what street you lived on, or your first pet’s name. Cybercriminals continually troll social media posts for this information so they can hack into your accounts.
If you can set up two-factor authentication, now is the time to implement it. This security process adds an extra layer of cybersecurity to the log-in procedure, making it harder for cybercriminals to access your accounts. There are several types of two-factor authentication. For instance, after entering your username and password, you may have a verification code sent to you by text or email to enter as an extra form of verification. Some companies use third-party two-factor authentication apps such as Google Authenticator, which provides a security code to enter when logging into your account.
Update your accounts
If your credit or debit card numbers were stolen or your bank account information was compromised, call your credit card company or bank to cancel the compromised accounts and arrange for replacement cards or a new bank account number. Make these calls as soon as possible to protect you from fraudulent charges.
With credit cards, you can report a stolen card at any time, and you will be responsible for no more than $50 of fraudulent changes. If you spot fraudulent charges on your credit card bill, you will have 60 days to dispute them, which must be done in writing.
Debit cards are a bit different. You must notify the bank within two business days of discovering your card was stolen or used for fraudulent charges. If you do, you’ll be responsible for only $50 of those charges. However, you could be responsible for up to $500 if you wait. If you don’t report the stolen debit card or any fraudulent charges within 60 days, you could be responsible for all fraudulent charges.
If your driver’s license number was stolen, call your local Department of Driver's Services or Division of Motor Vehicles and find out what steps you should take to obtain a license with a new number.
Take steps to protect your credit
If your credit card numbers, bank information, or Social Security number is exposed to cybercriminals, it’s important to contact the credit bureaus — , Equifax, and TransUnion — to immediately set up a credit freeze. With a credit freeze, you will receive a PIN to unfreeze your credit. Using your information will make it difficult for anyone to apply for credit in your name. You can also implement a fraud alert that notifies potential creditors that you may have been a victim of fraud. Credit freezes and fraud alerts are free.
Also, you need to review your credit report regularly so you can spot any fraudulent activity. Every year, you can receive a free credit report from each credit bureau through AnnualCreditReport.com. To check your credit throughout the year, get one credit report from one credit reporting agency every four months.
If you spot fraudulent or suspicious activity, report it to the credit bureau immediately. Also, call the financial institution or credit card company related to the fraudulent or suspicious activity to report the new account and have it closed.
Related:
Make $500+ Your First Month With KashKick!
- Transparent information on each offer for earnings and tasks.
- Money is deposited quickly and securely
- Featured offers maximize earnings
- First-class referral program
Accept assistance from the breached company
When a data breach happens at a merchant, a credit company, or other business, it’s not uncommon for the breached company to offer assistance in negating the effects of the data breach. This could include free credit monitoring for a specific period, identity theft protection, reimbursement for any monies used to rectify the situation, etc. Unless there are reported problems with their offers, take advantage of their assistance to protect your personal and financial information.
File your taxes early
Every year, identity thieves file fraudulent tax returns using stolen Social Security numbers with the Internal Revenue Service. Oftentimes, the IRS and the identity theft victim are unaware of these scams until the victim of identity theft files a legitimate tax return. Only then does the IRS flag it as suspicious, notifying the victim that a tax return has already been filed using that Social Security number.
By filing early, you can hopefully beat any identity thieves from filing with your Social Security number creating a headache for you. If you file and receive a notice that a prior return has been filed, you must file an Identity Theft Affidavit with the IRS.
Be vigilant in monitoring your accounts
In addition to monitoring your credit reports throughout the year, you also need to closely monitor your bank and credit card accounts. Review your banking activity and credit card charges frequently to spot suspicious activity. If you see something questionable, call the financial institution or credit card company to report it so it can be resolved quickly.
What to do in case of identity theft
Although not the same as a data breach, discovering you are a victim of identity theft can be just as daunting. To protect yourself, you can follow many of the same steps outlined above, however, there are some additional steps you should take.
File a police report
If you discover someone has stolen your identity, contact your local law enforcement department and file a report. Although there likely is not much local law enforcement can do to track down the identity thief, you may need a police report when notifying some companies listed above that your personal information has been stolen.
Report the identity theft to the Federal Trade Commission
In addition to a police report, you should file a report with the FTC, which provides proof that someone stole your identity. Besides, the FTC will help you create a recovery plan with steps to repair the damage caused by identity theft. An identity theft report guarantees certain rights in resolving identity theft issues.
The bottom line
Knowing that your personal or financial information has been compromised is news you never want to receive. However, because cyber criminals work 24/7 to steal sensitive information, you likely will receive notice of a data breach at least once in your lifetime. When you do, taking quick action can help minimize any damage resulting from a data breach.
Confirming the breach, changing your passwords and security information related to all affected accounts, and notifying the credit bureaus are the first steps in protecting yourself from a data breach. Canceling and replacing debit or credit cards, filing your taxes early, and monitoring your accounts and credit reports will also help. Recovering from a data breach can be long and time-consuming, but it can be done.
Joy Wallet is an independent publisher and comparison service, not an investment advisor, financial advisor, loan broker, insurance producer, or insurance broker. Its articles, interactive tools and other content are provided to you for free, as self-help tools and for informational purposes only. They are not intended to provide investment advice. Joy Wallet does not and cannot guarantee the accuracy or applicability of any information in regard to your individual circumstances. We encourage you to seek personalized advice from qualified professionals regarding specific investment issues. Featured estimates are based on past market performance, and past performance is not a guarantee of future performance.
Our site doesn’t feature every company or financial product available on the market. We are compensated by our partners, which may influence which products we review and write about (and where those products appear on our site), but it in no way affects our recommendations or advice. Our editorials are grounded on independent research. Our partners cannot pay us to guarantee favorable reviews of their products or services.
We value your privacy. We work with trusted partners to provide relevant advertising based on information about your use of Joy Wallet’s and third-party websites and applications. This includes, but is not limited to, sharing information about your web browsing activities with Meta (Facebook) and Google. All of the web browsing information that is shared is anonymized. To learn more, click on our Privacy Policy link.
Images appearing across JoyWallet are courtesy of shutterstock.com.
Writer
Karon Warren is a freelance writer who has covered articles in finance, insurance and health for sites like Reviews.com, USA Today, Healthgrades, among others.
Share this article
