What to Do When You Get a Data Breach Alert
Finding out that your data may have been compromised can send chills down your spine. No one wants to learn that cybercriminals have accessed their personal information during a data breach. However, a data breach doesn’t have to stop you in your tracks. By being proactive in your response, you can take steps to stop cybercriminals before too much, if any, damage is done.
- What is a data breach?
- File your taxes early
- Be vigilant in monitoring your accounts
- The bottom line
What is a data breach?
A data breach occurs when someone without permission takes secure information they have no authority to access. Examples of a security breach include stealing credit card numbers from retailers, stealing email addresses and passwords from Internet service providers and stealing Social Security numbers from healthcare providers.
How to respond to a data breach
In many cases, you will receive notification of a data breach via email. Instead of panicking, this breach notification should be your starting point in addressing the data breach.
Confirm the data breach
One way cybercriminals try to steal your sensitive information is through phishing, or fake, emails. These emails may look like official emails, including company logos or official email addresses, but, on closer inspection, they are not. When hovering your cursor over links in the email, you’ll see website addresses that do not go to the company’s official website. Or the phone numbers may look suspicious. Therefore, it’s important to verify the email is legitimate.
To verify a data breach notification, do not click on any links in the email or call any listed phone numbers. Instead, go to the website of the breached company, and call the phone number listed for customer support. Let them know about the email you received and ask if it is legitimate. If they say no, delete the email and move on. If they say yes, ask them what steps you need to take next.
Determine what data was affected
Once you verify a data breach, find out what personal data was stolen. There are many types of data that could be involved. These include:
- Email address or password
- Credit or debit card numbers
- Banking information
- Social Security number
- Phone numbers
- Mailing addresses
- Dates of birth
- Security questions and answers
Knowing what data was involved in the data breach will help direct your next course of action. For instance, if your name, mailing address, or phone number was involved, you probably don’t have much to worry about. For most people, this information is readily available online through search engines or online phone books.
If your email was involved, it likely won’t result in much more than an increase in spam content in your junk folder. However, if your email password was also involved, that could be problematic, because anyone using it may be able to log into your email account and access even more sensitive information.
Of course, banking or credit card information, your Social Security number, and your date of birth are some of the most crucial pieces of personal information that could be used in identity theft, and, therefore, demand the most attention. These items can be combined with the less-sensitive information like your name and mailing address to apply for new credit cards, open new bank accounts or file fraudulent tax returns.
In fact, if your Social Security number is compromised, identity thieves can create great harm because they don’t necessarily need your mailing address or other personal information to start opening up new accounts or pose as you. You likely won’t be able to replace a stolen Society Security number with a new one, so it’s imperative to follow the steps below to protect it as much as possible.
Change all passwords for affected accounts
Regardless of the information stolen in the data breach, it’s a good idea to change the passwords and any security questions and answers for the related account. Make sure you have strong passwords that include upper and lower case letters, numbers, and at least one special character such as an exclamation mark. Pay attention to the account’s specific requirements for unique passwords, such as the minimum or the maximum number of characters in the password and which special characters are permitted.
Also, do not use the same password for more than one account. Of course, trying to remember many new passwords for several accounts can be difficult. To help you out, try a password manager such as LastPass or Dashlane to keep track of your passwords. Although not free, a password manager can provide peace of mind because you won’t have to keep up with multiple passwords.
Update your security questions and answers as well. Choose questions you haven't used before. In addition, don’t give out any information used as answers in those social media posts you see that ask to share personal information so your followers can “get to know you.” For example, don’t reveal the make and model of your first car, what street you lived on, or your first pet’s name. Cybercriminals continually troll social media posts looking for this type of information so they can hack into your accounts.
If you have the option to set up two-factor authentication, now is the time to implement it. This security process adds an extra layer of cybersecurity to the log-in procedure, making it harder for cybercriminals to access your accounts. There are several types of two-factor authentication. For instance, after entering your username and password, you may have a verification code sent to you by text or email to enter as an extra form of verification. Some companies use third-party two-factor authentication apps such as Google Authenticator, which provides a security code you must enter when logging into your account.
Update your accounts
If your credit or debit card numbers were stolen or your bank account information was compromised, call your credit card company or bank to cancel the compromised accounts and arrange for replacement cards or a new bank account number. Make these calls as soon as possible to ensure you are protected from fraudulent charges.
With credit cards, you can report a stolen card at any time, and you will be responsible for no more than $50 of fraudulent changes. If you spot fraudulent charges on your credit card bill, you will have 60 days to dispute them, which must be done in writing.
Debit cards are a bit different. You must notify the bank within two business days of finding out your card was stolen or used for fraudulent charges. If you do, you’ll be responsible for only $50 of those charges. However, if you wait, you could be responsible for up to $500. If you don’t report the stolen debit card or any fraudulent charges within 60 days, you could be responsible for all fraudulent charges.
If your driver’s license number was stolen, call your local department of driver's services or division of motor vehicles and find out what steps you should take to obtain a license with a new number.
Take steps to protect your credit
If your credit card numbers, bank information, or Social Security number is exposed to cybercriminals, it’s important to contact the credit bureaus—Experian, Equifax and TransUnion—to immediately set up a credit freeze. With a credit freeze, you will receive a pin number to unfreeze your credit. This will make it difficult for anyone to apply for credit in your name using your information. You also have the option of implementing a fraud alert that notifies potential creditors that you may have been a victim of fraud. Credit freezes and fraud alerts are free.
In addition, you need to review your credit report on a regular basis so you can spot any fraudulent activity. You can receive a free credit report from each credit bureau every year through AnnualCreditReport.com. To keep a check on your credit throughout the year, get one credit report from one credit reporting agency every four months.
If you spot fraudulent or suspicious activity, report it to the credit bureau right away. In addition, call the financial institution or credit card company related to the fraudulent or suspicious activity to report the new account and have it closed.
Accept assistance from the breached company
When a data breach happens at a merchant, a credit company, or other business, it’s not uncommon for the breached company to offer assistance in negating the effects of the data breach. This could include free credit monitoring for a specific time period, identity theft protection, reimbursement for any monies used to rectify the situation, and so on. Unless there are reported problems with their offers, take advantage of their assistance to protect your personal and financial information.
File your taxes early
Every year, identity thieves file fraudulent tax returns with the Internal Revenue Service using stolen Social Security numbers. Oftentimes, the IRS and the identity theft victim are unaware of these scams until the victim of identity theft files a legitimate tax return. Only then does the IRS flag it as suspicious, notifying the victim that a tax return has already been filed using that Social Security number.
By filing early, you, hopefully, can beat any identity thieves from filing with your Social Security number and creating a headache for you. If you do file and receive a notice that a prior return has been filed, you will need to file an Identity Theft Affidavit with the IRS.
Be vigilant in monitoring your accounts
In addition to monitoring your credit reports throughout the year, you also need to keep a close eye on your bank and credit card accounts. Review your banking activity and credit card charges frequently to spot suspicious activity. If you see something questionable, call the financial institution or credit card company to report it so it can be resolved as quickly as possible.
What to do in case of identity theft
Although not the same as a data breach, discovering you are a victim of identity theft can be just as daunting. To protect yourself, you can follow many of the same steps outlined above, however, there are some additional steps you should take.
File a police report
If you discover someone has stolen your identity, you need to contact your local law enforcement department and file a report. Although there likely is not much local law enforcement can do to track down the identity thief, you may need a police report when notifying some of the companies listed above that your personal information has been stolen.
Report the identity theft to the Federal Trade Commission
In addition to a police report, you should file a report with the FTC, which provides proof that someone stole your identity. In addition, the FTC will help you create a recovery plan with steps to repair the damage of identity theft. An identity theft report also guarantees you certain rights in resolving identity theft issues.
The bottom line
Finding out that your personal or financial information has been compromised is news you never want to receive. However, because cybercriminals work 24/7 to steal your sensitive information, you likely will receive notice of a data breach at least once in your lifetime. When you do, taking quick action can help minimize the damage, if any, resulting from a data breach.
Confirming the breach, changing your passwords and security information related to all affected accounts, and notifying the credit bureaus are the start of protecting yourself from a data breach. Canceling and replacing debit or credit cards, filing your taxes early, and monitoring your accounts and credit report also will go a long way to protect you from a data breach. Recovering from a data breach can be long and time-consuming, but it can be done.