Data breaches are becoming increasingly more common as a growing number of companies are moving towards storing sensitive customer information on the cloud.
Imagine reading through your emails and finding a notification from a company you do business with or from your account monitoring service that your information was involved in a data breach. Even when we, as consumers, take precautions to protect our data, nothing we do can ever prevent others from inadvertently exposing our data. It's a sickening thought to face the reality that information you trusted to be private was exposed for criminals and anyone else to view, save, and distribute. It's terrifying to realize that because of the breach, you're much more likely to become a victim of identity theft.
When an organization who holds your information is breached, it's important to know what steps to take so that you can act quickly and without allowing panic and emotions to cloud your better judgment. Here are the steps that you can take to immediately protect your accounts and limit the damage associated with a data breach involving your information.
Confirm That Your Data Was, in Fact, Breached
An email stating that your personal information was breached doesn't always mean that your information was breached. Confusing? Let's sort this out: When news of a data breach emerges, criminals are known to pose as the breached company to try and fool people into providing their personal information under the guise that they're verifying their identity to secure their accounts. Don't fall for these fake emails. Instead, confirm with the breached company through their official website or by calling them on the phone to confirm the breach and confirm that your information was involved in the breach.
Check if your information has been leaked
Determine Exactly What Data Was Exposed
The type of data that was exposed is important to know because that information can help you best identify what steps to take next. For example, stolen credit card numbers can be canceled and replaced after any fraudulent charges are disputed. However, the dangers associated with a stolen Social Security number require much more effort to mitigate as this can lead to identity theft. The more sensitive the breached information was, the more you'll need to do to protect yourself.
Accept the Breached Company's Offer to Help
Following a data breach, most companies offer help to repair the damage and protect you for a set amount of time. This offer to help might include compensation for time and money spent in attempts to repair the damage yourself, a subscription to a credit monitoring service, or any other reparation deemed necessary to minimize the damage to your personal information.
Change Your Passwords and Security Questions
A common misconception is that it isn't necessary to change a password unless it matches the breached password exactly. However, using a password cracking technique called a Dictionary Attack, hackers can very quickly crack the password for any account that uses a similar password. Moving forward, make sure to use a different password for each website that involves a login, especially for those involving your financial accounts, your email account, and other sites that hold your sensitive data.
If your accounts have security questions used to verify your identity, make sure to change these as well, as they may have been made visible to others in data breaches involving login credentials. If any websites you use offer two-factor authentication, activate this to secure your accounts further.
Evaluate Who You Need To Contact Regarding the Breach & Take Action
Those who you'll need to contact about the breach will vary depending on what information was involved in the breach. Brainstorm each of the places you may need to contact and jot those down on a piece of paper so that you can make sure to be as thorough as possible.
For example, if your driver's license was breached, you'll need to contact the issuer of your driver's license, whether it's the DMV in the United States or the DVLA in Great Britain. If your social security number was breached, you'll need to contact the social security administration, your creditors, and an account monitoring service. If your financial accounts were involved, you'll need to contact the institutions you have financial accounts with, your creditors, and an account monitoring service.
Each of these contacts will let you know of the best steps to take to minimize future damage based on each of their industry best practices whether it be issuing a new card, flagging a credit card or driver's license to catch anyone trying to use it, or changing your Social Security number altogether.
Monitor Your Credit Report Regularly
If you have a credit history in the United States, make sure to review your credit reports for suspicious activity, like accounts created in your name, address changes, or changes in reported employment. Unlike credit checks done by prospective creditors, checking your own credit will not lower your credit score. All 3 nationwide credit reporting bureaus provide an accessible website that offers one free credit report per year at http://www.annualcreditreport.com/, and many banks and credit card issuers offer free continuous credit monitoring to their customers. When it comes to Social Security numbers, criminals may hold on to the number for a few years before taking any action in hopes that the owner of the breached Social Security number has let their guard down. Make sure that you continue checking your credit report regularly for years to come or utilize a credit monitoring service to alert you of any changes to your credit report. This critical step can alert you of identity theft before the situation gets too far out of hand.
If you find activity on your credit report that you don't recognize, immediately freeze your accounts with Experian, Exifax, and TransUnion to prevent additional accounts from being opened in your name and dispute each item on your credit report that you don't recognize.
File Your Taxes Early
In cases where your social security number or business TIN has been involved in a breach, it is especially important to file your taxes early. This ensures that any tax refunds owed to you aren't inadvertently sent to the fraudster and makes it more likely that the IRS will catch fraud in cases where a thief of your identity attempts to obtain a tax refund in your name.
Activate an Account Monitoring Tool
Not only should you check past breaches involving your account, but also sign up to a monitoring tool to get alerts on new breaches. When your data is exposed in one breach, your chances of being breached on other accounts increases. In addition, not all data breaches are made publically right away. Some are never announced publicly. Account monitoring tools scour the dark web for signs that your accounts were involved in breaches and, in some cases, can alert you of the breach before you hear of it from the company who caused the breach.
The Bottom Line
A breach of your data doesn't always mean that you'll become a victim of identity theft, but it does increase your chances of becoming a victim at any time in the future. With frequent data breaches becoming the new norm, the most important thing that you can do to protect yourself is creating a plan ahead of time so that you can quickly protect yourself when your data is breached.