If you’re wondering what steps to take after a data breach, you’re not alone.
The Equifax breach, announced in September 2017, potentially affects 145.5 million, leaving nearly half of the U.S. population wondering what to do next. And data breaches are only becoming a more common occurrence.
Since January 2005, there have been more than 7,790 breaches, with well over 1.05 billion records stolen, according to the Identity Theft Resource Center. And 2016 alone saw a record number of data breaches — 1,093 . That’s up from 781 in 2015. With so many breaches, knowing whether you’re personally affected can get confusing. Fortunately, many companies will notify you if there’s a chance that your information was compromised. Or in the case of the Equifax data breach, Equifax offers a portal to check and see if your credit information was stolen.
Here are six steps to take after a data breach if your information was compromised:
Step 1: Evaluate the stolen data
Start with the question, “How can this data be used against me?“, says Devon Ackerman , senior director of cyber security and investigations at Kroll, a global provider of risk solutions.
For example, if your username and password for a specific medium was exposed, consider where else you may have used that same username and password and change it regardless of where it was used, notes Ackerman.
If it’s personal financial information, contact the financial institution that holds the credit card, debit card or account and evaluate your options.
“Financial institutions are well-versed in handling and responding to account compromises and have a whole host of options available to assist private citizens,” says Ackerman.
Keep in mind that some information is inherently more sensitive. Stolen names and street addresses are less concerning than stolen email addresses, dates of birth and payment card account numbers. And stolen Social Security numbers, financial account numbers and payment card security codes are the most concerning.
Overall, evaluating the data that was stolen can help point you towards your next action.
Step 2: Check your credit reports
If information was stolen that could put your finances or identity at risk, make sure to check your credit reports and analyze your credit history. By Federal law, you’re permitted a free credit report from each of the three major credit bureaus once per year. You can check your reports at AnnualCreditReport.com.
Look for any sign of fraudulent activity. That includes any activity or new accounts that you don’t recognize. And if you do find something that looks suspicious, contact the credit bureau immediately.
Step 3: Monitor credit card statements
Keep an eye out for any suspicious activity. If you find a purchase you don’t recognize, call your issuer immediately. They’ll cancel your current credit card, issue a new one and refund the amount of the fraudulent purchase.
By law, the most you’ll pay for unauthorized charges on your credit card is $50 . And many credit card companies will completely waive your responsibility for any fraudulent charges.
Step 4: Consider a credit freeze
When you place a freeze on your credit, you restrict access to your credit report. In turn, it makes it much more difficult for identity thieves to open new accounts in your name, according to the Federal Trade Commission. To be clear, placing a credit freeze on your account doesn’t prevent you from doing things like opening new credit accounts or buying a home. It acts as protection to keep tabs on any potential fraudulent activity after a data breach. You will need to lift the freeze before you apply for a new credit card, auto loan or mortgage.
The cost to place and lift a freeze on your credit varies by state. If you decide to freeze your credit, you’ll need to do it at directly with all three credit bureaus.
Here’s where you can freeze your credit:
• Equifax: 800-349-9960
• Experian: 888 397 3742
• TransUnion: 888-909-8872
Step 5: Place a fraud alert on your files
Whether or not you’ve yet been a victim of identity theft, you may want to consider putting a fraud alert on your accounts. This free service from the credit bureaus requires creditors to call and confirm anytime a credit request is made in your name.
There are a couple of different types of fraud alerts.
- An “initial fraud alert ” is a good identity theft prevention measure if your Social Security card or other personal financial information is stolen. It will protect your credit for 90 days. You can place an initial fraud alert by contacting one of the three credit bureaus and making a request.
- Victims of identity theft can place an “extended fraud alert ,” which protects credit for seven years. You’ll need to fill out an Identity Theft Report first and then contact a credit bureau.
Step 6: Be vigilant about prevention
Prevention is possibly the best method of security. It pays to know what personal information of yours is publicly available.
“It would be wise for consumers to consider that whenever their information is outside of their control, it is not as secure as it can be when it’s under their control,” says Ackerman.
Indeed, in the digital world in which we now live, much of the information about us as private citizens is collected and organized, notes Ackerman. And that means if you want to remain anonymous, says Ackerman, you should be mindful when providing information about yourself through sign-up forms, social media accounts or other online mediums.
In addition, the Federal Trade Commission also recommends filing your taxes early, in case a scammer uses your Social Security number for a tax refund or a job.