What to Do After You’ve Been Exposed to a Data Breach
The idea of your personally identifiable information being swept up in a data breach sounds terrifying, but in today’s world, security isn’t perfect and it’s bound to happen at one point or another. However, take a breath, as a data breach isn’t the end of the world, even if your personal information is exposed in the process.
We’re going to explain exactly what is a data breach and what to do after a data breach if your information has been compromised. By immediately taking the correct actions, you can reduce the change of your data being used for malicious purposes.
What Is a Data Breach?
A data breach occurs when information is taken or stolen without proper authorization. In the digital world, these break-ins occur when malicious individuals illegally gain access to computer systems.
Data breaches can be the result of poor data security, but even the most secure systems can become compromised. When a data breach occurs, a malicious individual or group of individuals are usually able to exploit a software vulnerability or human error.
To help protect yourself against data breaches, learn how to guard against and prevent identity theft.
In the United States, businesses are required to disclose data breaches once they are discovered, and have up to 90 days to do so. This is a much longer allowance than in many other countries, such as the UK where breaches must be reported within 72 hours.
What Can Be Exposed in a Data Breach?
Nearly any type of sensitive data can be exposed in a data breach including usernames, passwords, emails address, physical addresses, phone numbers, birth dates and other forms of user data relevant to the platform.
The information that is exposed will depend on what information you have provided the breached company, as well as the particular system which has been compromised.
More serious data breaches that can lead to identity theft can involve your driver’s license number, credit card information, bank account number, private medical information, or your Social Security number (SSN).
No matter what type of information is exposed in a breach, the most critical factor is that you respond promptly to get your stolen information under control.
How Do You Protect Yourself After a Data Breach?
A data breach can feel overwhelming, but we are going to take you through five essential steps to take if you have been notified of a security breach to ensure that your identity and information remains secure.
1. Figure Out What Information Has Been Compromised
The most important reaction you should have to any data breach is to first find out what information has been stolen. When you are notified by a company that their system(s) have been compromised, the company should state exactly what data was accessed. If not, it is critical to reach out to the company and ask what information of yours is at risk.
Less sensitive information, such as usernames, passwords, email addresses, phone numbers, birthdays and physical addresses, require less action than if your Social Security number or medical information has been accessed. We’ll discuss how to address each of these bits of information shortly, but first you need to understand what has been stolen.
2. Increase Your Digital Security
Just as if your house was robbed, one of the first actions to take is to beef up your online security. Begin by changing your password on any platform that has been compromised; this will prevent anyone from accessing your account if your old password surfaces online.
Additionally, you’ll want to enable Two-Factor Authentication (2FA) on the website if that security option is available. By enabling 2FA, you need not only your password to login, but a second secure code that is generally texted to or emailed to you at the time of login.
By merely upgrading your security information on a compromised system, you can prevent any stolen passwords from being of any use to malicious individuals. The updates will also help protect you from future security breaches.
3. Change Your Compromised Information
In addition to changing your password and updating your security settings whenever a system is breached, there may be other information you’ll want to update. Essentially, if any stolen information is changeable, you’ll want to update it to prevent it being of any use to those who gain hold of it.
Obviously, we don’t recommend that you move your home if your physical address is compromised and you don’t need to change your phone number if that is exposed. If it’s information that you could have found in the White Pages a decade ago, you can probably take a breath even if it is exposed.
However, information tied to a credit card account or bank account should be changed. If you have been notified that your credit or debit card information has been compromised, it is best to call your bank or credit card company to freeze the card and order a replacement. Again, the goal here is to render any information that may have been stolen unusable.
A healthcare data breach can seem devastating if your data makes it onto the black market. Remain calm and follow the steps outlined here. Contact the health system for more assistance.
Your driver’s license number and Social Security number can’t be changed, but we’ll go over how to keep a closer eye on that information for any possible sides of fraud or misuse.
4. Closely Monitor Your Important Accounts
If your driver’s license or Social Security number is compromised, that is a more serious breach. In these events, it is critical that you keep a close eye on your credit report as someone may attempt to open an account in your name. Obtaining a free credit report is a great place to start after any data breach notification or fraud alert.
The three major credit bureaus, Experian, Equifax, and TransUnion, offer subscriptions for keeping a close eye on your credit reports. These subscriptions commonly include alerts whenever new accounts are opened or your information has been used to apply for additional credit, so they can be powerful tools after a data breach.
You can also employ a credit freeze, so that your credit information is unable to be accessed. By contacting the three credit bureaus or visiting their websites, you can put a hold on your information so that anyone attempting to apply for credit will be locked out.
Just remember that you will need to unlock your information if you ever want to legitimately open new accounts and need access to your credit reports.
5. Register for Identity Theft Protection if Needed
If sensitive information, such as your Social Security number, has been compromised and someone has attempted to use it, it may not be a bad idea to register for identity theft protection services.
While expensive, these services can keep a close eye on your credit report as well as offer insurance for individuals whose information is under attack. Some top companies, such as Aura Identity Guard and IDShield, offer up to $1 million in fraud protection.
Additionally, breached companies may offer free theft protection services to affected individuals.
By accepting free theft protection services, you may be agreeing to terms that prevent you from suing the company in the future for further damages. If unsure, contact a lawyer with questions.
Frequently Asked Questions (FAQs)
In 2013, department store chain Target was involved in one of the largest security breaches in history. Hackers stole 40 million credit and debit card records, along with 70 million customer records during the holiday season.
Target notified affected individuals about three weeks after the breach occurred and four days after they had noticed it themselves. The data breach cost Target $18.5 million and the company provided free credit monitoring services for affected customers.
According to the Identity Theft Resource Center, the most common source of data breaches in 2021 was phishing attacks. These attacks typically involve someone pretending to be a trusted individual to lure victims into revealing sensitive information. Other leading causes of data breaches include ransomware and malware attacks.
The first thing to do is determine exactly what information has stolen. Then change the passwords and increase security on all those accounts. This could include freezing credit or debit cards. You can also reach out to the breached company for more advice. Then monitor your accounts closely for any unauthorized activity. Lastly, if needed, contact an identity theft protection company.
There isn't much more you can do beyond following the five steps given above to help secure your information and keep an eye on your data.
You may be able to reach out to the affected government agency for more advice; begin by visiting that agency's official .gov website to learn more.
Michael Archambault is a senior writer with The Penny Hoarder specializing in technology.