You’ve received that dreaded email or letter from a service you use: There has been a data breach, and your information may have been compromised.
It has probably happened to you before, because data breaches happen often. These notifications tend to at least instruct customers to change their passwords, but depending on the level of breach and the sensitivity of information kept by the service, customers may be told to monitor their bank accounts or may receive free identity theft protection.
It can seem overwhelming and inconvenient, but the plan of action in such a scenario is pretty straightforward.
First, make sure the data breach is real. You shouldn’t be asked to verify personal information via email, so if that’s what a message requests, don’t respond. Check the service’s website for news about a breach or reach out to customer support for details.
Changing passwords should be another early action, but don’t overlook this important step: Change your email password. If someone has compromised an account tied to your email, your email could be a potential target for hackers. You don’t want to send new-password notifications to an unsecure email address, so that password is the first that needs to change.
Even if you didn’t receive notification from a service that has experienced a data breach, you should change your password as a precaution. When a company gets hacked, it’s usually in the news, so if you hear of something that could affect you, be proactive.
While you shouldn’t use a password for multiple accounts, people commonly do. Be sure to update any account that may use the same password as the compromised one.
Monitor Your Money
Consumers should regularly review their bank accounts, credit reports and credit scores as a way of staying on track with financial goals and looking out for irregular activity, which could point to fraud.
For victims of a data breach, this is especially important. Someone has your information, and it’s not always clear what the thieves are capable of doing with it. Look for credit card transactions you didn’t make or correspondence from an unfamiliar company — these could be signs of identity theft.
Consumers are entitled to free annual credit reports from the three major credit reporting agencies: Experian, Equifax and TransUnion. These reports should reflect accurate personal information, but if something is amiss, it should be disputed immediately. Watching credit scores for sudden changes will also help uncover fraudulent activity, and consumers can do this by signing up for Credit.com’s free monthly Credit Report Card.
Many banks also allow customers to set up alerts for transactions of a certain dollar amount, which can help them spot transactions they didn’t make.
See What They’re Offering
In some cases, the company that held your information will offer services in response to a data breach, like discounts on their own products. Compromised companies often arrange for their customers to receive a yearlong credit monitoring or identity theft protection membership.
While you can monitor your credit on your own, using techniques described above, these services provide tools such as alerts, identity theft insurance, a support team, credit reports and credit scores for free or at a discount. The free, extra protection could be helpful if your information was compromised.
But the risk isn’t gone after a year, because once your information is stolen, there’s no knowing where it may be. This is why regular credit monitoring is important, though consumers can also pay for protection after a complimentary membership has expired.
Regardless of the method, individuals should always watch their personal information closely and know that risks after a data breach do not go away with time.