What to Do After a Data Breach

Steps to take after a data breach

If you think you’re a victim of a data breach, it’s critical that you act immediately.

“After a data breach is discovered, emotions are high and clear thinking is at a low point,” said Brad Lassiter, CEO of LastTech, a cybersecurity company in New York. “It's important to keep a cool head.”

These steps can help you secure your data and file official reports while implementing preventive measures to avoid future breaches.

1. Secure your accounts

The first step is to secure your accounts to prevent further damage or loss. The process can vary, depending on the type of personal data affected.

» DISCOVER: How to prevent identity theft

2. Monitor financial activity

Regardless of the type of data breach, you should always check your credit score and report. You can obtain a free credit report from AnnualCreditReport.com.

“Bank and financial accounts should be checked frequently for suspicious charges, unexpected loan demands, or unfamiliar activity,” said James Turgal, VP of global cyber risk and board relations at Optiv.

If there are any accounts that don’t belong to you, report them immediately at IdentityTheft.gov.

3. Place a fraud alert or credit freeze

You can also place a free fraud alert or credit freeze on your account. For extra protection, you can initiate both a credit freeze and a fraud alert simultaneously.

Fraud alert

A fraud alert requires creditors to confirm new credit with you before approving or opening any accounts. However, creditors can still see your credit report.

There are three types of fraud alerts:

• Initial fraud alert: An initial fraud alert lasts one year. However, it can be renewed without cost.
• Extended fraud alert: An extended fraud alert lasts seven years and requires you to file either an FTC identity theft report or a police report. It requires credit bureaus to remove you from marketing lists for unsolicited credit and insurance offers for five years.
• Active-duty fraud alert: An active-duty fraud alert is for members of the military who are on active duty. It prevents any new credit in your name and removes you from marketing lists for unsolicited offers for two years. It’s free and lasts only one year but is renewable.

Credit freeze

A credit freeze prevents any new lines of credit from being opened in your name. It also prevents access to your credit report.

However, a credit freeze also prevents you from obtaining any new credit. Therefore, you must remove the freeze before applying for credit, such as a new credit card, home mortgage or even a rental home.

A credit freeze lasts until you lift it. Simply contact each credit bureau to place or lift the freeze.

To file a dispute and place a fraud alert or credit freeze, contact the major credit bureaus.

Contacts for Data Breach Reporting

4. Protect your identity

It’s also critical that you take steps to prevent identity theft in the future. There are several ways to lower your chances of being affected by a data breach again.

Avoid scams. To avoid scams, never share your personal information with any unexpected calls, texts or emails. Also, don’t click any links or open attachments from emails you don’t recognize.

File your taxes early. By filing your taxes early, you lower the chance of tax identity theft. This happens when scammers try to use your SSN to steal your tax refund or get a job.

Use strong passwords. Create long passwords that combine letters, numbers and special characters to make it harder to guess. Don’t repeat passwords on multiple sites in case one becomes compromised.

“Password refreshes, multi-factor login, and closing open vulnerabilities make a stronger foundation,” explained Rafay Baloch, CEO of RedSecLabs.

Enable multi-factor authentication. Enable multi-factor authentication on all accounts. This requires additional authentication beyond a password for access.

“By enabling multi-factor authentication, you can essentially mitigate credential-stuffing attacks,” said Adam Govier, founder of Exploitr, “where cyber attackers will attempt to login with passwords they’ve obtained from previous data breaches on different platforms.”

Update programs and sign up for notifications. Be sure to update all software and apps regularly to ensure the strongest security protocols. Sign up for the Notify Me service provided by HaveIBeenPwned.com so you can receive automatic notifications if your email is found in a data breach.

Turgal adds another consideration: child identity theft. “Parents and guardians should be especially alert for warning signs of child identity theft,” he said. Be mindful of collection calls for debts incurred in a child’s name, unexplained insurance bills or medical records, or IRS notifications indicating a child’s Social Security number was used on another tax return.

5. Consider credit monitoring

Credit monitoring can help you stay on top of your credit by sending notifications when your credit is accessed. This can include a credit card company, a mortgage company or a personal loan lender. It can also include late payments that may affect your credit score and history.

You may already have access to free credit reporting through a credit card company, but if not, you can access your credit report at AnnualCreditReport.com. You can also sign up for credit monitoring services from reputable services like Experian, TransUnion and Credit Karma.

“There are several dozen steps you can take to reduce the likelihood of a data breach, but it is not a one-time fix,” warned Lassiter. “It's an ongoing battle against criminals and awareness. With concerted effort, breaches can be reduced in frequency and impact.”

» COMPARE: Best identity theft protection services