Victim of a Data Breach? What is it and Steps to Take
You just received a letter telling you that a business you frequent has experienced a data breach and your personal information may have been compromised. Stay calm and read the notification carefully. The letter you received may or may not give a full picture of what occurred. because the amount of information that companies are required to pass on to the consumer varies from state to state. Unfortunately, receiving a letter like this is becoming a lot more common.
So, what exactly is a data breach and how does it affect you? According to the IRS, a data breach is the intentional or unintentional release or theft of secure personally identifiable information. It can be the improper disposal of information into a trashcan before shredding or a criminal’s cyber-attack. Additionally, the IRS explains it can happen at any place of business regardless of size.1
That means a person’s identity, financial or personal information has been compromised. This can include account numbers, social security numbers, driver’s license numbers, home address, phone numbers, email and password combinations, medical records, fingerprints, full face identity, and behavioral data such as preferences and online activity. Often this ends up on the dark web, where it is sold. The dark web is a part of the internet that isn’t indexed by search engines, nor can you access it with a conventional browser. Identity protection agencies monitor the dark web looking for personal information. However, your information cannot be removed from the dark web.
It is possible to protect yourself from others using your information for illicit gains. Here are some tips for keeping yourself safe after a data breach.
- First, initiate a fraud alert with each of the three credit bureaus, Equifax, Experian, and TransUnion. It will stay on your credit report for one year.
- Contact your financial institutions. Let your banks and credit card companies know your personal information was part of a data breach so they can monitor your accounts for unauthorized usage.
- Change Passwords. It is always good to change your passwords regularly, but it is important to do so after a data breach. Passwords should contain at least eight characters, upper and lower case, numerals, and symbols. Don’t reuse passwords. This last point cannot be emphasized enough.
- Use two factor authentication for an extra layer of protection.
- Check credit reports. You can get a free annual credit report from each of the three credit bureaus through AnnualCreditReport.com or by calling 1-877-322-8228 (TTY: 1-800-821-7232).
- Freeze your credit. Contact each of the three credit bureaus and ask them to freeze your accounts. No one, not even you, will be able to open a new account. You can unfreeze them if you want to get a new car loan, credit card, etc.
- Stay alert. Data breaches are not always caught right away. Stay vigilant to phishing scams and monitor all accounts regularly.
- Stay Informed. Follow up with the organization that has been breached to see if there are any updates or if they are offering potential identity theft protection services.
- If monitoring your accounts yourself seems like a daunting task, consider hiring an identity protection service that can do it for you.
- Check out these resources on how to further protect yourself at ftc.gov/features/identity-theft
Lastly, if you are a victim of identity theft, IdentityTheft.gov can help you recover with an action plan that includes a checklist of steps to take and sample letters to report the incident to the credit bureaus.
1https://www.irs.gov/identity-theft-fraud-scams/data-breach-information-for-taxpayers