Seven Things to Do Right Away If You're a Victim of a Data Breach
In today's digital age, data breaches have become all too common and leave unsuspecting consumers vulnerable to a host of identity theft issues.
In today's digital age, data breaches have become all too common and leave unsuspecting consumers vulnerable to a host of identity theft issues. From AT&T to National Public Data, no industry seems to be safe from determined hackers. Last year alone, 17 billion records were exposed in reported data breaches, according to Flashpoint.com, a Washington, DC based cybersecurity risk management firm.
If you've been notified by your credit card company, a retailer you visit often or another trusted source that your sensitive information has been compromised, you'll need to act fast. Taking action within the first 48 hours is the difference between stopping identity thieves dead in their tracks or having them wreak havoc on your financial life for months to come, suggests Carrie Kerskie, president of Kerskie Group LLC, a Naples, Fla.-based company that helps identity fraud victims recover.
We've combed through our archive of tried-and-true advice, spoken with industry experts, and reviewed the Federal Trade Commission's consumer tips to find out what steps you should take immediately after discovering you're a data breach victim. Here's where to start.
1. Find out what information was compromised
Discovering that your sensitive personal information has been compromised can be scary. Even still, that's not an excuse to let panic stop you from taking the appropriate measures before it's too late. First, you'll want to find out what information was compromised, says Andrew Schrage, co-owner of the personal finance blog MoneyCrashers.com. This step is vital, because depending on the type of information that was exposed you may need to address it more urgently.
For example, in 2024 the UnitedHealth Group cyberattack at its Change Healthcare unit data breach included Social Security numbers, credit card data, bank account numbers, medical record numbers, providers, diagnoses, medicines, test results and more. An identity thief using your Social Security number to open new lines of credit can be detrimental to your credit history for months afterwards. In this scenario, you would want to immediately notify the major credit bureaus, your credit card provider, and your bank. But a data breach that exposes only phone numbers and e-mail addresses isn't nearly as severe and wouldn't warrant an immediate response.
If you are unsure about the appropriate course of action, go to the Federal Trade Commission's (FTC) IdentityTheft.gov/databreach website for recommendations on how to proceed based on the type of personal information that was exposed in any particular breach.
2. Change your passwords
Armed with your sensitive personal information, it may not take skilled hackers long to figure out the password to your e-mail or bank account — especially if it's something as simple as your birthday or pet's name. That's why you should change the passwords to all of your pertinent accounts as soon as possible.
To avoid having to remember a long list of online passwords, use a password manager. We often recommend LastPass, which uses a browser extension to store multiple account passwords and encrypts that information. To help make it easier, you'll only need to remember the LastPass password rather than a long list of passwords. The service includes a multifactor authentication login process. This means in addition to inputting your "master" password, you'll have to input a special code sent to a secondary device (such as a text message to your smartphone) before the login process is complete.
LastPass offers several different plan types including a free version. Their premium plans, which range in price from $3 to $7 per month, are available for personal or business use and include encrypted file storage.
3. Sign up for transaction alerts
To help prevent further fraudulent activity, be sure to sign up for transaction alerts for your bank and credit card accounts. In doing so, you'll be notified by e-mail or text message whenever there's a new charge to your account.
Be sure to set up the notifications for the lowest transaction amount possible. That's because crooks will test accounts with small charges first before making larger ones. If you start to see charges you don't recognize, contact your bank or card issuer immediately.
4. Initiate a fraud alert
For an added layer of protection, consider placing a fraud alert on your credit reports. (You can request a fraud alert if you've been a victim of a data breach or if your wallet, Social Security card or other form of personal identification has been lost or stolen, according to the FTC.) A fraud alert requires a business or financial institution to verify your identity first before issuing a new line of credit. It's free and remains active for one year. If necessary, you can even renew it.
- How to do it: Contact one of the major credit bureaus and request a fraud alert on your credit report. Each credit bureau is required to notify the other bureaus about the alert. Make sure your most recent contact information is on file.
5. Freeze your credit
If you want to lock down your credit even more, put a freeze on your credit (also referred to as a security freeze). With a freeze, potential new creditors aren't even able to access your credit history to determine if you're eligible for a loan or new credit card. When the time comes to lift the freeze — say, you're looking to purchase a home or buy a car — you can do so temporarily and reinstate the freeze later.
A credit freeze is free. To get started, you'll need to contact all three major credit bureaus (Equifax, Experian and TransUnion). The quickest way to do this is over the phone or online. You'll want to have your Social Security number, birth date and home address handy, because you'll be asked to supply this information to help verify your identity.
Managing a security freeze is simple, and in most cases you can do it on your own, Griffon Force's Kerskie notes. On Equifax.com, for example, you can log into your account to set up a freeze, lift it temporarily or cancel it.
6. Monitor your credit report
Chances are, you'll be on high alert in the weeks and months after your sensitive personal information has been compromised in a data breach. This is the time to be extremely vigilant and keep a close eye on your credit report. Doing this will help you flag any suspicious activity as soon as it happens.
There are several sites and online services where you can get a free copy of your credit report on a weekly, monthly or annual basis:
AnnualCreditReport.com: This is the only place where you can request a complete report from all three major credit bureaus annually. The report will be dense with text, and the level of detail can be overwhelming.
CreditKarma.com: Register to get weekly, comprehensive updates on your Equifax and TransUnion credit reports. The site also provides financial calculators and other resources to help you better understand your credit history.
Experian: You'll have to register and create an account on their website to receive a free updated Experian credit report every 30 days. You can also get notification alerts to help identify potentially fraudulent activity.
Also, don't underestimate the importance of carefully examining your banking and credit card statements, advises Kimberly Palmer, a personal finance expert for NerdWallet.com. "Sometimes the first sign of identity theft is an erroneous charge on a monthly statement," she says.
7. Beware of phishing scams
E-mail addresses and phone numbers are often included in data breaches. For example, contact information for 3 billion people was exposed in the National Public Data data breach this year. Armed with this information, crooks can target unsuspecting victims with e-mails, text messages or phone calls aimed at tricking them into divulging more personal information — or even collecting money. In many cases, they'll pose as official representatives of a financial institution or a federal government agency. They may try to pressure you on the spot into making a payment for an overdue bill or threaten legal action.
It's important to remember that a federal government agency, such as the IRS, won't ever call you and request payment of any sort over the phone. The IRS always sends notification via snail mail if there's a legitimate situation that needs to be addressed.
With potential e-mail scams, don't click on any links or open attachments that look suspicious. Doing so could infect your computer or smartphone with malware, allowing scammers to gain access to your device without your knowledge.
Lastly, never authenticate yourself over the phone when contacted by someone you aren't sure is who they say they are. If you're doubtful, look up the phone number for the institution this person is claiming to represent, and call it to see if it actually contacted you.
Get Kiplinger Today newsletter — free
Profit and prosper with the best of Kiplinger's advice on investing, taxes, retirement, personal finance and much more. Delivered daily. Enter your email in the box and click Sign Me Up.
Browne Taylor joined Kiplinger in 2011 and was a channel editor for Kiplinger.com covering living and family finance topics. She previously worked at the Washington Post as a Web producer in the Style section and prior to that covered the Jobs, Cars and Real Estate sections. She earned a BA in journalism from Howard University in Washington, D.C. She is Director of Member Services, at the National Association of Home Builders.
- Donna LeValleyPersonal Finance Writer
-
Being Nimble Is Key to This Fidelity Bond Fund's Outperformance
The Fidelity Total Bond ETF has done well over the long term as managers adjust to changing tides.
By Nellie S. Huang Published
-
Is a 55+ Community Right For You?
Before you sign on the dotted line, consider HOA fees and community culture.
By Lisa Gerstner Published
-
Seven Luxury Places to See the Northern Lights This Winter
The northern lights will be at their most captivating this winter. Fancy making them even more magical? From hotels on ice to glass cabins and mountain yurts, here are seven places to see the northern lights with luxury winter stays.
By Becca van Sambeck Published
-
Does a Farm Need a Different Homeowners Insurance Policy?
Homeowners insurance is all about providing the right tool for the right exposure, and life on the farm comes with different risks than life in the city.
By Karl Susman, CPCU, LUTCF, CIC, CSFP, CFS, CPIA, AAI-M, PLCS Published
-
How One Caregiver Is Navigating a Loved One's Dementia
She's spent many hours doing research and speaking with other caregivers to find her way to resources designed to help caregivers.
By Marguerita M. Cheng, CFP® & RICP® Published
-
October CPI Report Hits the Mark: What the Experts Are Saying About Inflation
CPI While the current pace of rising prices appears to have leveled off, the expected path of rate cuts has become less certain.
By Dan Burrows Published
-
Amazon Music Unlimited 3-Month Free Trial for Black Friday
Deal Get a free three-month trial Amazon's premium music subscription service for Black Friday.
By Sean Jackson Published
-
Can a Judge Tell a Father to Avoid Risky Triathlons for His Sons?
Mom wants Dad to quit participating in triathlons, which are known to have a higher risk of sudden cardiac death, but would a family law judge force him to stop?
By H. Dennis Beaver, Esq. Published
-
Time for Some Fall Financial Maintenance: Here's a Checklist
As you rake the leaves and clean the gutters, you should also consider tackling seven key year-end planning chores.
By Adam Frank Published
-
What You Will Pay for Medicare in 2025
Medicare premiums for 2025, and the cost of Medicare Part A, Medicare Part B and Part D premiums and deductibles, have gone up. Here is how much you'll pay in 2025.
By Donna LeValley Published