5 Steps to Take After a Data Breach

According to the Identity Theft Resource Center’s 2023 Annual Data Breach Report, there were 3,205 publicly reported breaches in 2023 (1,404 more than in 2022, and 1,345 more than 2021). The 2023 breaches impacted 349 million victims. One of the most far-reaching of these breaches was the T-Mobile data breach (its second of 2023), which impacted more than 37 million people.

A data breach exposes confidential information of its victims, which can include Social Security numbers, account information, credit card numbers, passwords and more. If your personal information has been compromised, take these five steps to mitigate the damage.

Step 1: Read all alerts and notifications from the compromised company.

The business whose data has been compromised in the breach will generally reach out to all potential victims to notify them about the exposure. They may instruct all recipients to check for signs that their information has been exposed and/or direct them toward their next step. If you believe your information may have been compromised in a breach, it’s important to read every message you receive from the exposed company.

Be wary, however, of emails that ask you to either click a link or confirm your account details. Fake breach emails often appear after data leaks and are sent by hackers as an opportunity to steal more info. Before taking action, confirm the breach by visiting the organization’s web site.

Step 2: Alert your financial institution.

Next, let your financial institution know your account may have been compromised. This way, they’ll know to keep an eye out for signs of fraud and place an alert on your account. They’ll be watchful of requests to approve any large transaction or withdrawal, and will contact you if they notice any suspicious activity.

Be sure you have taken advantage of any alerts you can set up with your financial institutions, that notify you of transactions to your account, including balance activity, purchases, change of address/email.

Step 3: Change any exposed passwords.

A data breach can sometimes mean that more than one of your passwords has been compromised. It’s best to change as many as possible after a breach to keep information and money safe. The quickest way to do this is by using a password manager, which allows you to store unique, complex passwords for each account. Although it’s important to have a different password for each account, it’s best to start by changing passwords you know were a part of the data breach.

Step 4: Consider a credit freeze.

A credit freeze alerts lenders and credit companies to the fact that you may have been a victim of fraud. This added layer of protection will make it difficult, or impossible, for hackers to open a new credit line or loan in your name.

You can freeze your credit at no cost with all three of the major credit bureaus, Equifax, Transunion and Experian. You’ll need to provide some basic information and you’ll receive a PIN for the freeze. Use this number to lift the freeze when you believe it is safe to do so.

Step 5: File an identity theft report.

If your accounts have been compromised and you believe your identity has been stolen, file an identity theft report with the Federal Trade Commission (FTC) immediately. This will assist the feds in tracking down the scammers responsible for the data breach. It will also help you return your finances to their usual state as quickly as possible.

Take these precautionary measures to protect your information from future data breaches of any kind:

• Monitor your credit. It’s a good idea to check your credit accounts for suspicious activity on a regular basis. You may also want to sign up for credit monitoring, a service that will cost you $10-40 a month for the promise of notifying you immediately about any suspicious activity on your accounts.
• Use strong, unique passwords. Use a different password for each account, and choose codes that are at least eight characters long. Use a variety of numbers, letters and symbols–and vary your capitalization use as well.
• Use multi-factor authentication when possible, and non-password authentication, such as face recognition or fingerprint sign-in, for stronger protection.
• Stay vigilant to signs of scams. Staying up-to-date on the latest scams keeps and being aware of signs of phishing attempts, may help you recognize potential crimes before they happen.

Browse safely. Never share sensitive information online and always keep your security and spam settings at their strongest levels.