Discovering that our personal identifiable information or financial data may have been exposed as a result of a data breach is not only disconcerting, it also tends to leave most of us confused about what specific actions we should take. Adding to this uncertainty, we often hear about these events from the news headlines rather than the company itself, and sometimes well after the incident occurs. To reduce the risk of becoming a victim of fraud or identity theft, we’re shedding light on proactive steps you should take once you learn that your sensitive information might have been exposed in a data breach.
Understand what a data breach is—and what it isn’t: A data breach occurs when sensitive, protected or confidential information is released to an untrusted environment. This could be the result of a hacking incident, theft of financial data at a point of sale terminal, lost or stolen materials, unintentional mishandling of information, or another type of malicious or accidental event. But as the consumer advocacy organization Privacy Rights Clearinghouse explains, a data breach does not necessarily mean that you will become a victim of identity theft. As the nonprofit clarifies, identity theft only takes place if the information is misused after it has been exposed.
Find out what information could have been compromised: Learning that your name and address have been stolen can be irritating, but as Paul Wagenseil from the online publication Tom’s Guide points out, theft of this data alone is not all that likely to cause serious damage. On the other hand, a breach involving your Social Security number or your debit card numbers along with your three-digit verification code are far more problematic, and call for a more robust course of action.
Monitor your accounts online and change your password: It’s generally recommended that you check your financial accounts regularly for any unauthorized charges, and this is particularly the case after a data breach. If your password was exposed, be sure to change it immediately, and if you have used this same password for other accounts, be sure to give them all new, unique passwords as well.
Contact your financial services provider(s): Once you learn that your debit or credit card information was exposed online or at a point-of-sale (POS) terminal, contact your bank, credit union or the financial institution that issued the card immediately. In most cases, you can find this toll-free number on the back of the card. Explain the situation and have them check for questionable activity on your account. Be sure that they cancel your card right away, and issue you a new one.
Order copies of your credit report and consider using fraud alerts: As you likely know, you’re entitled to one free credit report every year from each of the three major credit reporting agencies including Equifax, Experian and TransUnion. But if you’ve learned that confidential information has been exposed in a data breach, it can be a good idea to set up free fraud alerts as well. When you request a fraud alert from a credit bureau, they must include it on your credit report, and they are required to tell the other credit bureaus to do so as well. Once you set up the alert, you’ll also get a free copy of your credit report from all three credit bureaus. For full details on placing a fraud alert, visit the Federal Trade Commission’s site at https://www.consumer.ftc.gov/articles/0275-place-fraud-alert
Let any relevant government agencies know:
If you become aware of a breach in which your driver’s license or other government-issued identification (e.g. your passport) could be compromised, be sure to contact the agency to find out what to do. According to Privacy Rights Clearinghouse, they may tell you how to obtain a replacement, or they may place an alert on your file. In the case of a stolen Social Security number, the danger of it being used to open new accounts or a loan in your name can make it advisable to take further action by placing a free security freeze on your credit report. Just be sure that you understand the limits of what a credit freeze can do in terms of protecting you from identity theft. For example, it won’t prevent someone from stealing your tax refund or health insurance benefits. Get the facts on a credit freeze from Consumer Reports’ article “Why a Credit Freeze Alone Won’t Stop Identity Theft
Be wary of anyone who contacts you about the breach: Exercise caution if you receive a request for personal information following a data breach. Fraudsters often use these opportunities to dupe consumers into revealing sensitive personal data by posing as a representative of the organization that suffered the breach. Don’t reply to requests by email, phone or text for you to provide or verify your account number, password or other identifiable data. Instead, contact the organization directly on a phone number or email address that you know to be correct.
Consider enrolling in identity theft coverage: In some cases, companies that experience a major data breach will offer customers free identity or credit monitoring services for a certain length of time. These services can be helpful, but be sure you understand exactly what they cover, because you may want to opt for more comprehensive identity theft protection that you purchase on your own. As Consumer Reports explains, depending on the product and level of coverage, these services can monitor your identity, check the dark web for your information and even help to restore your identity.
Finally, if you do find that you become the victim of identity theft after a data breach, you’ll need to take decisive action to mitigate the damage. U.S. New & World Report offers excellent advice on this topic in “10 Things to Do After Your Identity Is Stolen.”