Seven Things to Do Right Away If You're a Victim of a Data Breach
In today's digital age, data breaches have become all too common and leave unsuspecting consumers vulnerable to a host of identity theft issues.
In today's digital age, data breaches have become all too common and leave unsuspecting consumers vulnerable to a host of identity theft issues. From AT&T to National Public Data, no industry seems to be safe from determined hackers. Last year alone, 17 billion records were exposed in reported data breaches, according to Flashpoint.com, a Washington, DC based cybersecurity risk management firm.
If you've been notified by your credit card company, a retailer you visit often or another trusted source that your sensitive information has been compromised, you'll need to act fast. Taking action within the first 48 hours is the difference between stopping identity thieves dead in their tracks or having them wreak havoc on your financial life for months to come, suggests Carrie Kerskie, president of Kerskie Group LLC, a Naples, Fla.-based company that helps identity fraud victims recover.
We've combed through our archive of tried-and-true advice, spoken with industry experts, and reviewed the Federal Trade Commission's consumer tips to find out what steps you should take immediately after discovering you're a data breach victim. Here's where to start.
1. Find out what information was compromised
Discovering that your sensitive personal information has been compromised can be scary. Even still, that's not an excuse to let panic stop you from taking the appropriate measures before it's too late. First, you'll want to find out what information was compromised, says Andrew Schrage, co-owner of the personal finance blog MoneyCrashers.com. This step is vital, because depending on the type of information that was exposed you may need to address it more urgently.
For example, in 2024 the UnitedHealth Group cyberattack at its Change Healthcare unit data breach included Social Security numbers, credit card data, bank account numbers, medical record numbers, providers, diagnoses, medicines, test results and more. An identity thief using your Social Security number to open new lines of credit can be detrimental to your credit history for months afterwards. In this scenario, you would want to immediately notify the major credit bureaus, your credit card provider, and your bank. But a data breach that exposes only phone numbers and e-mail addresses isn't nearly as severe and wouldn't warrant an immediate response.
If you are unsure about the appropriate course of action, go to the Federal Trade Commission's (FTC) IdentityTheft.gov/databreach website for recommendations on how to proceed based on the type of personal information that was exposed in any particular breach.
2. Change your passwords
Armed with your sensitive personal information, it may not take skilled hackers long to figure out the password to your e-mail or bank account — especially if it's something as simple as your birthday or pet's name. That's why you should change the passwords to all of your pertinent accounts as soon as possible.
To avoid having to remember a long list of online passwords, use a password manager. We often recommend LastPass, which uses a browser extension to store multiple account passwords and encrypts that information. To help make it easier, you'll only need to remember the LastPass password rather than a long list of passwords. The service includes a multifactor authentication login process. This means in addition to inputting your "master" password, you'll have to input a special code sent to a secondary device (such as a text message to your smartphone) before the login process is complete.
LastPass offers several different plan types including a free version. Their premium plans, which range in price from $3 to $7 per month, are available for personal or business use and include encrypted file storage.
3. Sign up for transaction alerts
To help prevent further fraudulent activity, be sure to sign up for transaction alerts for your bank and credit card accounts. In doing so, you'll be notified by e-mail or text message whenever there's a new charge to your account.
Be sure to set up the notifications for the lowest transaction amount possible. That's because crooks will test accounts with small charges first before making larger ones. If you start to see charges you don't recognize, contact your bank or card issuer immediately.
4. Initiate a fraud alert
For an added layer of protection, consider placing a fraud alert on your credit reports. (You can request a fraud alert if you've been a victim of a data breach or if your wallet, Social Security card or other form of personal identification has been lost or stolen, according to the FTC.) A fraud alert requires a business or financial institution to verify your identity first before issuing a new line of credit. It's free and remains active for one year. If necessary, you can even renew it.
- How to do it: Contact one of the major credit bureaus and request a fraud alert on your credit report. Each credit bureau is required to notify the other bureaus about the alert. Make sure your most recent contact information is on file.
5. Freeze your credit
If you want to lock down your credit even more, put a freeze on your credit (also referred to as a security freeze). With a freeze, potential new creditors aren't even able to access your credit history to determine if you're eligible for a loan or new credit card. When the time comes to lift the freeze — say, you're looking to purchase a home or buy a car — you can do so temporarily and reinstate the freeze later.
A credit freeze is free. To get started, you'll need to contact all three major credit bureaus (Equifax, Experian and TransUnion). The quickest way to do this is over the phone or online. You'll want to have your Social Security number, birth date and home address handy, because you'll be asked to supply this information to help verify your identity.
Managing a security freeze is simple, and in most cases you can do it on your own, Griffon Force's Kerskie notes. On Equifax.com, for example, you can log into your account to set up a freeze, lift it temporarily or cancel it.
6. Monitor your credit report
Chances are, you'll be on high alert in the weeks and months after your sensitive personal information has been compromised in a data breach. This is the time to be extremely vigilant and keep a close eye on your credit report. Doing this will help you flag any suspicious activity as soon as it happens.
There are several sites and online services where you can get a free copy of your credit report on a weekly, monthly or annual basis:
AnnualCreditReport.com: This is the only place where you can request a complete report from all three major credit bureaus annually. The report will be dense with text, and the level of detail can be overwhelming.
CreditKarma.com: Register to get weekly, comprehensive updates on your Equifax and TransUnion credit reports. The site also provides financial calculators and other resources to help you better understand your credit history.
Experian: You'll have to register and create an account on their website to receive a free updated Experian credit report every 30 days. You can also get notification alerts to help identify potentially fraudulent activity.
Also, don't underestimate the importance of carefully examining your banking and credit card statements, advises Kimberly Palmer, a personal finance expert for NerdWallet.com. "Sometimes the first sign of identity theft is an erroneous charge on a monthly statement," she says.
7. Beware of phishing scams
E-mail addresses and phone numbers are often included in data breaches. For example, contact information for 3 billion people was exposed in the National Public Data data breach this year. Armed with this information, crooks can target unsuspecting victims with e-mails, text messages or phone calls aimed at tricking them into divulging more personal information — or even collecting money. In many cases, they'll pose as official representatives of a financial institution or a federal government agency. They may try to pressure you on the spot into making a payment for an overdue bill or threaten legal action.
It's important to remember that a federal government agency, such as the IRS, won't ever call you and request payment of any sort over the phone. The IRS always sends notification via snail mail if there's a legitimate situation that needs to be addressed.
With potential e-mail scams, don't click on any links or open attachments that look suspicious. Doing so could infect your computer or smartphone with malware, allowing scammers to gain access to your device without your knowledge.
Lastly, never authenticate yourself over the phone when contacted by someone you aren't sure is who they say they are. If you're doubtful, look up the phone number for the institution this person is claiming to represent, and call it to see if it actually contacted you.
Get Kiplinger Today newsletter — free
Profit and prosper with the best of Kiplinger's advice on investing, taxes, retirement, personal finance and much more. Delivered daily. Enter your email in the box and click Sign Me Up.
Browne Taylor joined Kiplinger in 2011 and was a channel editor for Kiplinger.com covering living and family finance topics. She previously worked at the Washington Post as a Web producer in the Style section and prior to that covered the Jobs, Cars and Real Estate sections. She earned a BA in journalism from Howard University in Washington, D.C. She is Director of Member Services, at the National Association of Home Builders.
- Donna LeValleyPersonal Finance Writer
-
What's Better Than Investing in Crypto? These 'Boring' Picks
Cryptocurrency may be good for a thrill, but older investors are better off with assets like bonds, guaranteed annuities, CDs and maybe dividend-paying stocks.
By Ken Nuss Published
-
Four Actions to Lessen Retirement Stress for Women (and Men)
Saving for retirement is anxiety-inducing for everyone, especially women. Following this four-part action plan can help improve your financial security.
By Nicole Stokes, CLTC®, CLU®, ChFC®, M.A., RICP® Published
-
Year-End Retirement Tax Planning Actions if You Have $1 Million or More
Consider implementing these four strategies before December 31 to potentially improve your tax situation for this year and the future.
By Joe F. Schmitz Jr., CFP®, ChFC® Published
-
25 Financial Moves to Consider Before December 31
Tidying up your financial house before the New Year kicks off will put you in a great position to have a financially satisfying and successful 2025.
By Jonathan I. Shenkman, AIF® Published
-
Five Side Hustles You Could Turn Into a Full-Time Business
You might be able to capitalize on your expertise in ways you haven't thought of, possibly even leading to quitting your 9-to-5 job to do what you love.
By Anthony Martin Published
-
Rebound in Jobs Growth Keeps Fed on Track: What the Experts Are Saying
Jobs Report No nasty surprises in the November payrolls data leaves a quarter-point cut in play.
By Dan Burrows Published
-
Who Works to Make Your Insurance Work?
Ensuring a smooth insurance process takes more than just your insurance agent or broker — many talented people are busy behind the scenes.
By Karl Susman, CPCU, LUTCF, CIC, CSFP, CFS, CPIA, AAI-M, PLCS Published
-
Amazon Prime Flight Deals Offers $25 Plane Tickets for Young Adults
Amazon partners with StudentUniverse to offer $25 flights to young adults with certain Amazon Prime accounts.
By Sean Jackson Published
-
Three Charitable Giving Strategies for High-Net-Worth Individuals
If you have $1 million or more saved for retirement, these charitable giving strategies can help you give efficiently and save on taxes.
By Joe F. Schmitz Jr., CFP®, ChFC® Published
-
The Wealth-Building Powers of Health Savings Accounts (HSAs)
Health savings accounts could be the most underutilized wealth-building tool out there. Here’s who should use them and how to maximize their benefits.
By Eric Roberge, Certified Financial Planner (CFP) and Investment Adviser Published