Data breaches happen. Some are worse than others, but any time your sensitive information ends up in the wrong hands, it’s important to take swift action and mitigate damages. What follows is a quick cheat sheet to help you navigate situations involving compromised data. With any luck, you’ll never have to use it!
Update Your Passwords
Hopefully, you create unique passwords for every account, so that in the event of a security breach involving login credentials, the thieves in question won’t gain additional access to other accounts. Regardless, a breach of any kind serves as a good opportunity to update passwords and install a password manager, if policy allows. (You should definitely have one for your personal use.) While you’re in there, be sure to enable two-factor authentication, if available, which requires the use of a secondary code to access an account even if you have the correct password.
Identify What Kind of Data Was Impacted
When organizations suffer a breach, they typically inform customers and clients of the type of data that was compromised. This information is imperative because it helps you identify where you’re most vulnerable and gives you an idea of which steps to take next. If it was financial data, contact your banks and credit card companies. If it was personal data, contact credit reporting bureaus. If it was usernames and passwords, update accounts accordingly.
Obviously, there’s not much you can do about “permanent” data like your phone number and home address, but if that info was stolen, stay alert for an uptick in junk mail and spam calls, both of which can lead to fraud. In one of the worst-case scenarios, compromised personal info results in identity theft. The steps below will help alleviate that concern, but here’s additional info on what to do you if you believe your ID has been stolen..
Alert Financial Institutions and Credit Bureaus
With most major credit cards, you won’t be held responsible for fraudulent charges but, as mentioned above, with enough info, cybercriminals can steal your identity and open accounts in your name. To prevent this from happening, inform your banks, credit card companies, and all credit reporting bureaus of the event ASAP.
In the case of credit bureaus, consider placing a freeze on your credit, which locks up your report so no one can run credit checks on your behalf. For more info on how credit freezes work and how to use them check out the FTC’s website. We recommend freezing your accounts any time highly sensitive personal information was stolen, such as Social Security numbers and government ID numbers. At the very least, you should place a fraud alert on your accounts, which you can do by contacting the three major reporting agencies:
- Equifax Fraud Department – 1-800-525-6285
- Experian Fraud Department – 1-888-397-3742
- TransUnion Fraud Department – 1-800-680-7289
For those outside of the United States, Wikipedia has a list of worldwide credit bureaus here: https://en.wikipedia.org/wiki/Credit_bureau
Take Advantage of Credit Monitoring Services
In a lot of cases, the comprised organization will offer free credit report monitoring services for all impacted individuals. Take advantage of these services, most of which will immediately alert you to any changes on your credit reports, such as when new accounts are opened. It won’t necessarily protect you from cyber-thieves, but it allows you to take immediate action if you suspect fraudulent activity.
Stay Alert for an Uptick in Phishing Attacks
Armed with a bunch of personal information, cybercriminals will attempt to leverage that data to gain your trust in spear phishing campaigns. Unlike typical phishing campaigns that often use generic language and are easy to spot, spear phishing is much more advanced and sometimes tailored to specific individuals. As always, treat any requests for sensitive info or money with a high degree of skepticism. Keep in mind that tax and government agencies will never email you asking for payments. And if you receive phone calls or text messages claiming your financial accounts have been compromised, don’t reveal any info or click on any links. Call the number on your card or visit the institution’s legitimate website instead.
Closely Monitor Financial Accounts
Monitoring your accounts for unauthorized transactions is something you should do routinely, but it takes on added priority after a data breach. Even though some financial institutions will alert you of potentially fraudulent activity, it’s your responsibility to keep tabs on your accounts and take the appropriate action if you don’t recognize a charge.