Data breaches are common today and they’re only increasing in frequency. Now that dozens if not hundreds of companies have your data, these breaches can affect your personal security. In light of that risk, you should know what to do if you’re involved in a data breach.
Businesses in all 50 states are legally required to tell you if your data was part of a breach. If you get one of these notifications in your email, double-check the sender and look the event up to verify it’s real. If it is, follow these seven steps.
1. Change Your Passwords
If you were part of a breach, the first thing you should do is change your passwords on every online account. Even though most people know better, 65% of users today use the same password or a variation across multiple accounts. That means if a hacker got a password to one of your accounts in a data breach, they could use it to access another one.
You can prevent breaches from spreading by using different passwords for each account. If you’re worried you’ll forget them — as 68% of people who reuse passwords are — try using a password manager to remember them for you.
“If a hacker got a password to one of your accounts in a data breach, they could use it to access another one”
2. Enable Multi-Factor Authentication
Using stronger passwords is an essential first step, but your security needs to go further. You should also enable multi-factor authentication (MFA) on any accounts that offer it to provide an additional layer of security.
MFA often works by sending you a text or email with a one-time code after you enter your password. It’s relatively simple but ensures even a breached password isn’t enough to break into your account. As a result, it stops up to 50% of account compromise attacks, so it’s worth the extra time.
3. Set Up a Fraud Alert
Next, it’s a good idea to contact one of the three credit bureaus — Equifax, Experian and TransUnion — to place a fraud alert on your credit report. When you do this, businesses must verify your identity before opening any new credit in your name. That extra verification step can prevent a cybercriminal from stealing your identity with breached information.
Fraud alerts are free and last for one year. You don’t have to contact all three bureaus, either. If you tell one to set up an alert, they will tell the other two to do the same.
4. Consider Freezing Your Credit
While you’re talking to the credit bureaus, you can go further and freeze your credit. Like a fraud alert, a credit freeze is free, but it goes a step beyond and makes it impossible to open a new line of credit in your name altogether.
Unlike a fraud alert, you’ll have to contact each credit bureau individually to freeze your credit. It’s also a more inconvenient option, as you won’t be able to open any new credit until you unfreeze it, but it’s more secure. Identity theft victims lose a median of $500, so it could be worth it to take this extra step.
“Identity theft victims lose a median of $500.”
5. Monitor Your Accounts
Even after taking these steps, you may still be vulnerable to further damage from the data breach. Consequently, you should keep a close eye on your bank accounts and any online profiles that hold your financial data. That way, you can spot potential threats sooner.
If you see something suspicious, like a purchase you didn’t make, contact your bank and explain the situation. You may have to cancel your credit or debit card to be safe. If you notice unusual activity on an online account, it’s also a good idea to change your password again, even if you’ve already done that earlier.
6. Protect Against Future Breaches
Once some time passes with no updates or suspicious activity, you’re likely in the clear for this data breach. However, that doesn’t mean you can become complacent about your security. Instead, take the opportunity to become more secure and prevent similar events in the future.
Using strong, unique passwords and MFA on all accounts is a good start. You should also consider what businesses you give your data to. Always make sure a service is trustworthy before giving it any permissions or information.
Even then, remember that 95% of data breaches are at least partially because of human error. That means even a secure service can mess up, so it’s best to give out as little information as possible in every instance to minimize the damage of a breach.
“Always make sure a service is trustworthy before giving it any permissions or information.”
7. Contact Relevant Authorities if Necessary
Finally, you may want to reach out to the authorities about the data breach. Maybe you haven’t heard anything from the company that experienced the breach or you’ve suffered some losses and wonder what to do next. Contacting law enforcement officials can help.
If you think you lost some sensitive information, you can report identity theft on IdentityTheft.gov to notify authorities and learn what to do. If nothing else, this ensures security professionals are paying attention to the case.
“If you think you lost some sensitive information, you can report identity theft on IdentityTheft.gov.”
Quick Action Is Key to Protecting Your Data
Data breaches can be highly damaging, and as an individual, you may feel helpless, but that’s not necessarily the case. If you follow these steps, you can keep your data and money safe. Time is of the essence when responding to a data breach notification. The sooner you take action, the safer you’ll be.