What to do when you’ve become a victim of a data breach

Your personal information may be secure most of the time, but data breaches can happen to anyone — from individuals to even large corporations. Personal and financial data is the new currency in today's world, so cyber criminals are continuously looking for ways to access and sell it online. If you’ve noticed suspicious activity on any of your financial or online accounts, you may have been the victim of a security breach. Quick action can help to minimize any permanent damage.

What's a Data Breach?

Despite taking measures to secure data, hackers can find "virtual back doors" in computer systems to gain access to your personal and financial information. “Back door” means they are able to access computer programs by bypassing security mechanisms like firewalls.

Data breaches can happen on multiple levels, such as through a large retailer that has your credit card information on file or by a hacker who finds a way to access your personal computer or files. Credit card numbers, bank account data, email passwords and social media information are all fodder for cyber criminals.

Your information is valuable; a stolen credit card number that originated in the United States, along with the CVV number, billing address, date of birth and all other relevant information can sell for around $35 on online criminal marketplaces, like the dark web. If you scale up those numbers, the payoffs start getting larger.

First Steps

Taking fast action to secure your accounts can help to minimize the damage of a data breach. Notify your credit card companies and financial institutions right away to have your cards cancelled and your bank accounts frozen. Change the passwords to all of your online accounts, including email, social media and any other website that requires login data. The more information a hacker can obtain about you, the larger payoff he or she may have when selling your credit card numbers. That's why securing your personal data is crucial.

Identity Theft Prevention

The effects of a data breach can be long-term after the initial occurrence, since thieves will continue to try to use your accounts. Taking proactive actions can offer protection and help minimize any future damage. File a police report as soon as possible after discovering the data breach in order to officially document that you have been a victim of identity theft.

Protect Your Credit

Placing a credit freeze (also known as a security freeze) on your credit report prevents a bank or credit card company from retrieving your credit report. In most cases, this prevents a fraudulent loan or credit application from being approved. If you feel you need to freeze all your credit files, you’d need to place one for your credit report at each of the 3 major credit bureaus. This is necessary because of the extra-stringent security features that come with a credit freeze. Each freeze you place stays in force until you decide to remove it or temporarily lift it to apply for credit.

Also consider putting a fraud alert in your name through one of the three major credit bureaus to help protect against future breach attempts. This is a less-drastic measure than a credit freeze and lets potential creditors know you suspect you may be an identity theft victim. Unlike with credit freezes, all you need to do to get a fraud alert on all 3 major credit bureau report files is to let one of them know. That bureau will then inform the other two.

There are three different types of fraud alerts:

• Initial Fraud Alert, which lasts for at least 90 days and is typically used when you fear you’ve been the victim of ID theft
• Extended Fraud Alert, which lasts for 7 years and is usually used when you know you’ve been an ID theft victim.
• Active Duty Military Alert, which lasts for 1 year and is used by military personnel seeking to minimize their risk of fraud or ID theft while they’re deployed.

Another thing you can do is engage an identity theft protection service, which can alert you if someone tries to use your personal or financial data for any reason. Finally, you should diligently monitor all online accounts for suspicious activity.

Document Everything

Though it may be tiring, document every communication that you've had with any organization about the data breach. Whether you speak to a credit card company over the phone, talk in person to a bank representative or have an email conversation with a creditor; record the date, company name, person you communicated with, topic of conversation and any outcome or next steps needed. Keeping clear, concise records can help should there be any legal repercussions due to the breach.