What to Do After a Data Breach

Finding out that you’ve been exposed to a data breach can be a scary moment. We assume our data is encrypted and safe, but over the past few years we’ve discovered that even some of our most trusted institutions are vulnerable. The Home Depot breach of 2014 affected more than 50 million, Target’s 2013 breach compromised 40 million accounts, and Yahoo’s 2013 data breach left 3 billion accounts vulnerable. Names, email addresses, phone numbers, dates of birth, passwords and security questions were all up for grabs. The watershed moment when a large portion of Americans truly woke up to the dangers of a data breach was the Equifax breach in 2017: 147.9 million U.S. consumers’ personal information was stolen.

Between January and August 2018, the Identity Theft Resource Center reported 864 data breaches in the United States alone. By the end of 2018, the number of records exposed reached 446.52 million in the U.S. While we’re powerless to completely stop these breaches, what we can do is proper damage control. Knowing how and when to act can be a lifesaver. Plus, it’s important to remember that you’re usually not alone in these targeted attacks.

First steps

Not every state law is the same so you might not necessarily receive a notification of your exposed data. It’s a good idea to familiarize yourself with your state’s data breach notification legislation, which you can easily check using this map. If you do receive a notification, the first thing to do is to read entirely what you’ve been sent. Figure out which information has been compromised and take careful notes. It’s also important to note that many companies offer free credit-monitoring services after data breaches. Always take advantage of this free option if it’s available. Depending on which information was exposed, your next steps may vary.

Password and usernames

If this information is exposed, immediately change both your username and password as well as your security questions. It doesn’t matter if just one or the other was compromised, it’s smart to change both. Remember to change passwords and usernames for other accounts on other websites that might have the same or similar answers. You should also use a password manager on all your devices. For more information on password protocol, check out our easy guide here. Plus, you can enable two-factor authentication on your accounts, making it harder to get into your account without the six-digit code. We have a quick breakdown here of how that works as well. These are great methods of protection whether your information has been exposed or not.

Another tip for the extra cautious: You can create a specific email just for password recovery. If you ever find yourself locked out of an account and clicking the ‘forgot password?’ button, it’s more secure to send password recovery emails to a different email than your main one. If hackers logged into your central account, they might be able to use the recovery emails to get into other accounts.

Bank and credit card accounts

If your bank or card information was exposed, it’s crucial to immediately review every transaction over the past couple months to make sure you have no unauthorized charges. If you do, report them immediately to your bank. Most of the time you’ll be prompted to cancel the card and open a new one. And usually you’ll be able to get back any money that may have been stolen. Break your old card in half and your new one should be on the away immediately. If you’re traveling or purchasing in places where you’re especially vulnerable to credit card theft, you can also use burner cards. These cards are connected to your bank account but aren’t actually debit cards, and usually have a specific limit in place.

Social security number

If your social security number is stolen, the effects can be both immediate and long-lasting. For that reason, you should both act quickly and follow up down the road just to make sure. Right away, you can submit a fraud alert and ask for a credit freeze. For these tasks, you’ll need to work with the major credit bureaus: Equifax, Experian, and TransUnion. You can unfreeze your credit anytime, it just takes a quick call to your credit bureau of choice again. In the long term, you should keep track of your credit reports to make sure no new accounts are opened or changed. Thieves can also file a tax return under your name and receive your refund. You can file a 14039 Form or sign up for a credit-monitoring service like Credit Karma to keep track of any new or changed credit lines.


Driver’s license number

If your driver’s license number is exposed in a data breach, you should immediately contact your local Department of Motor Vehicles (DMV) so they can flag your number before it can be used. You’ll probably have to get a new ID, but it will likely be a quicker process than new registration. Exposed driver’s license numbers can lead to identity theft, so be sure to act quickly.

These are each of the major data points that can get exposed in data breaches. With each of them acting quickly is usually the key. If you’re reacting to a data breach, remember to be careful. Scammers can be relentless and you’ll need to be meticulous to block them off. If you happen to get a phone call notifying you of a data breach, be extra careful. Some scammers will pretend to be representative of a breached exposed company, and try to obtain more of your data. To be extra sure, go straight to the exposed company’s secure website, or call them, to double check before saying a word.

It’s not usually the case, but breaches like these can lead to identity theft, so if you find your information being used after a data breach you’ll need to file a formal report of identity theft with the Federal Trade Commission (FTC) by filling out a FTC Identity Theft Affidavit. You should also file a report with your local police department so as to have records for everything and confirm that you have in fact been the victim of identity theft. Once you do that, log all dates and phone calls you make, keep a receipt of all email or tangible mail sent and received, and create a specific file for all the copies of documents and reports you may have. Be your own ally and record, and you’ll be better off in the end.

Our blog brings you tips on data privacy and how to best manage your data everywhere. Get ready to claim your data.