How you should respond to a major data breach

Data breaches can strike at anytime and they affect customers of companies large and small. So, what happens when your private information falls into undesirable hands, and what sort of action should you take?

It depends on what sort of data is compromised.

If there’s a breach at your bank or credit union, federal law requires them to inform customers, and 46 states have laws requiring other companies – like, say, Target, which experienced a data breach in 2013 – to do the same.

A data breach doesn’t necessarily mean you’ll become a fraud victim, but Javelin Strategy & Research says one in three data breach victims also become a fraud victim in the same year.

So, when your private data falls into the wrong hands, here’s what you can do to put your best foot forward and fight off fraud.

After a breach, beware of phishing scams

If your email address is among the data compromised by a breach, be suspicious of emails requesting information or requesting you to click on a link.

Fraudsters will pounce on  the opportunity to profit from confusion surrounding a company’s data breach. In response to the Target breach, hackers sent widespread emails telling consumers they could request a security freeze on their accounts. In reality, the emails were actually a phishing scam aimed at extracting more personal information from consumers.

The advice here: If you think you’re a victim of a breach, do your own leg work and reach out to the breached company yourself by visiting its website and accessing supporting information.

Think about where you used your password

If your password is compromised, change it immediately on the account in question.

If you use the same password for other accounts, change those, too.

This is another instance where a password manager like mSecure can come in handy: You can easily check whether the same password is being used at different online retailers, online banking websites, and other digital locations.

Request new credit cards and debit cards

A major consumer breach first calls for consumers to perform a daily check of credit card statements and bank accounts. Look for unfamiliar purchases or fraudulent transactions, and then report any problems to your bank. Often, the company will send data breach notification letters to its affected customers with next steps.

While some creditors will automatically reissue cards to affected customers in large breaches, you may need to reach out to the creditor yourself and ask for a new card and a new number. You won’t be liable for any purchases made with your breached card number.

For debit card holders, cancel your card and change your pin. And if your bank account number was part of a breach, close the account and open a new one with a new number.

Track the use of your Social Security number

If the compromised data includes your Social Security number, then you’ll need to contact one of the major credit reporting agencies so a fraud alert can be placed on your account.

This alerts lenders to take extra precaution and verify personal information before credit is issued. Often, the company that is the victim of the breach will offer free monitoring services, which you can use to be alerted of any use of your Social Security number.

Regardless of what data is compromised, you’ll be better off if you practice good digital hygiene. Read more about these best practices in our blog post: Avoid these pitfalls when storing private information.

Related Reading

Avoid these pitfalls when storing your private information

For many people, today’s password system just isn’t working. There are too many passwords to remember. The passwords you do have aren’t strong enough. And there’s one security breach after another where your private data can suddenly become at risk. So, how do most people handle the overwhelming number of…

Read more