A data breach can be a frightening experience. If it’s the first time you’ve ever been notified that your personally identifiable information (PII) has been exposed, it’s important to take immediate action to protect yourself from potential identity theft or other harm. Here’s a step-by-step guide on what to do:
1. Assess the Damage
- Review the breach notification: Companies are required by law to inform you about the breach and provide details on what data was exposed. Understand exactly what information was exposed. This could include your name, address, Social Security number, credit card details, login credentials or other sensitive data.
- PII on the dark web: The dark web is a portion of the internet that is not indexed by search engines like Google. It’s often accessed through specialized browsers like Tor, which helps to mask users’ identities, and it used for both legitimate and illicit activities. You can subscribe to services that can continually monitor the dark web and notify you if your PII is found, but unfortunately there’s no way to remove such information.
2. Consider Freezing Your Credit
- Contact a credit bureau: Reach out to Equifax, Experian, and TransUnion to place a security freeze on your credit report. This will help prevent new accounts from being opened in your name.
3. Monitor Your Accounts
- Review your bank and credit card statements: Look for any unauthorized transactions or charges.
- Check your credit report: Regularly monitor your credit report for signs of identity theft, such as new accounts or inquiries you didn’t authorize. See AnnualCreditReport.com for more information.
4. Secure Your Accounts:
- Update passwords for affected accounts: If your passwords were compromised, change them immediately. Use secure, unique passwords for each account.
- Enable two-factor authentication: Add an extra layer of security to your online accounts by using two-factor authentication (2FA), which requires a code sent to your phone or email in addition to your password.
5. Stay Informed
- Consider credit monitoring or identity theft protection services: The company where your data was exposed may offer to pay for credit monitoring service for a year or two. Companies that offer such service often try to upsell additional paid services such as identity theft protection assistance and/or insurance.
6. Expect phishing attempts in the wake of data breaches
How phishing attempts work:
- Leveraging Fear: Scammers may send emails or texts claiming to be from the affected company, offering assistance or updates about the breach. These messages often contain a sense of urgency, urging recipients to click on links or provide personal information.
- Exploiting Stolen Data: If the breach involved the exposure of personal details, scammers may use this information to personalize their phishing attempts, making them seem more legitimate.
- Offering False Security Measures: Phishing messages may offer “security solutions” or “identity theft protection services” that are actually scams designed to steal additional information.
- Impersonation Scams: Scammers with information about you may contact you and claim that they are a representative with a governmental agency, financial institution, security department of a well-known company, or even friends or family. To “prove” their legitimacy they will likely tell you information about yourself – such as your social security number or birthdate – in hopes that they will gain your trust.
How to spot phishing attempts:
- Verify the Sender: Be cautious of emails or texts from unfamiliar senders, even if they appear to be from a legitimate company. Check the sender’s email address carefully for any typos or inconsistencies.
- Watch for Suspicious Links: Avoid clicking on links in unsolicited emails or texts. Instead, type the URL directly into your web browser to ensure it’s legitimate.
- Be Wary of Urgent Messages: Scammers often create a sense of urgency to pressure victims into making quick decisions. If you receive a message demanding immediate action, take a step back and verify the information before responding.
- Never Provide Personal Information: Never share your personal information, such as passwords, Social Security numbers, or credit card details, in response to unsolicited requests.
What’s a legitimate form of notification?
- Most scams come as an email, text message or phone call. Scammers can use electronic methods inexpensively and fool many people quickly. Phone numbers, websites and email addresses used by the scammers can be changed quickly if needed.
- A letter in the postal mail is most likely legitimate. The time, effort and expense to send a letter in the mail is most often done by legitimate companies. Letters in the mail usually contain information that can be verified because it does not change from what’s on paper. If it did contain fraudulent information, it would likely be shut down by the time you receive and read the letter receive in the mail.
By following these steps, you can help minimize the damage caused by a data breach and protect yourself from potential identity theft or scams. Remember, remain calm but staying vigilant and taking proactive measures can make a significant difference in your security. Data breaches are a fact of life in today’s interconnected world.