What to do If Your Personal Data Has Been Compromised
A data breach occurs when someone gains unauthorized access to your personal data. It can occur intentionally or accidentally. Personal information may include your name, Social Security number, date of birth, contact information, medical records, and other sensitive information.
- If your data is breached, learn as much as you can about the incident, change your passwords, and consider using tools like password managers and two-factor authentication for extra security.
- Keep an eye on your financial accounts for any unusual activity and check your credit reports regularly to spot any unauthorized actions.
- If you’re affected by a data breach, you can take steps like placing a fraud alert or freezing your credit to prevent new accounts from being opened in your name.
- Stay alert for signs of fraud, such as unexpected bills or account activity, and explore your legal options, including joining a class-action lawsuit if your data was part of a large breach.
Cybercriminals who steal your personal information sell it on the dark web or use it themselves to open accounts in your name, impersonate you, and even commit crimes using your identity. They can drain your bank account, destroy your credit rating, ruin your reputation, and cause extreme emotional distress. If you have received notification or suspect a data breach has exposed your personal information, you must act quickly to protect yourself.
Learn About the Breach
The first step to protecting your identity is to find out as much as possible about the breach. The more you know, the better your chance of protecting your identity. Learning all you can about the breach can also help you prevent future theft of your personal information.
If you receive a notification from a company whose data was breached or a credit monitoring service, the notification should provide as much information as is known. If the breach was large, you may also be able to learn more details through the news media.
What Type of Personal Information Was Accessed?
The following information is considered private, and unauthorized access to any of it counts as a data breach:
- First and last names
- Social Security numbers
- Bank account numbers
- Credit card numbers
- Private medical data
- Email addresses
- Phone numbers
- Street addresses
- Passwords
- Security questions and answers
- PINs
Knowing which information was illegally accessed can guide the type of action you need to take. The worst case scenario is that your Social Security number, date of birth, and financial or medical information were compromised. This will require more protective action than if only your email address was stolen.
Who Accessed Your Information Without Authorization?
The consequences of the data breach will vary widely based on who accessed the information and why. If the party is a cybercriminal, assume they will use your information to steal your identity. However, even if your data was breached accidentally, you must take steps to protect your identity.
How Did The Breach Happen?
Knowing how the breach happened can provide a better sense of whether your private information has fallen into the wrong hands.
What Is The Company Doing To Prevent Another Data Breach?
You have a right to know if the company has taken steps to secure your data and prevent another leak.
Change Your Passwords
If you were part of a data breach connected in any way to an online account, you must change your passwords to prevent further harm. If you use the same login credentials on other sites, you should change all those passwords. Cybercriminals who access one account could easily log into other accounts for which you use the same credentials.
While juggling multiple passwords can be overwhelming, it is much more secure than using the same one everywhere. Consider using a password manager to safely store your passwords. These tools will allow you to log in from your device without entering your password each time. This is the only secure way to store passwords. Never write down your passwords, especially in corporate settings.
Two-Factor Authentication
For an added layer of security, enroll in two-factor authentication on every account that offers this option. Two-factor authentication requires you to take an extra step after entering your password to confirm your identity when accessing the account. The extra step could be any of the following:
- Entering a code sent to you via text, email, or phone call
- Responding to a push notification on your mobile device
- Using biometric data, such as face recognition or a fingerprint
- Entering a code from an authenticator app on your phone
Monitor Financial Accounts
Most banks and credit card companies offer fraud protection features, including the ability to sign up for alerts. These could include alerts for the following:
- Purchases above a specified dollar amount
- Online credit or debit card purchases
- Unusual purchases
- Low balances
Check your account balances and activity at least monthly to ensure all transactions are yours. Notify your bank or credit card issuer immediately if you notice any transactions you don’t recognize.
Check Credit Reports
Federal law gives you the right to request copies of your credit report once every 12 months from Equifax, Experian, and TransUnion—the three major credit reporting agencies. You can obtain your reports by visiting AnnualCreditReport.com and answering the security questions. Your reports will be made available to you online. If you cannot answer all of the security questions, the reports will be sent by mail.
Due to the financial disruptions caused by the COVID-19 pandemic in 2020, all credit reporting agencies offer free weekly credit reports through AnnualCreditReport.com.
You can also receive a free copy of each credit report and subscribe to credit monitoring services by establishing an online account at each of the credit bureau’s websites:
You may have to pay a fee for the credit monitoring service.
Many banks and credit card companies offer credit monitoring services with free access to your credit score or credit report. You can also access these services through the credit bureaus themselves or free credit monitoring services like Credit Karma. These services also send notifications when changes occur on your credit report.
Submit a Fraud Alert On Your Credit Reports
Adding a fraud alert to your credit report makes it harder for anyone to open accounts in your name when a credit check is required. You can place a fraud alert on all three of your credit files by contacting Equifax, Experian, or TransUnion. When you place a fraud alert on one of your credit files, it automatically propagates to all three.
Fraud alerts expire after one year, but you can renew them. When you place a fraud alert, businesses must contact you to verify your identity before issuing credit. Placing a fraud alert also qualifies you to receive a free copy of your credit report on a one-time basis.
If you have been a victim of identity theft, you can place an extended fraud alert on your credit reports. Extended fraud alerts last seven years, and you are entitled to two free credit reports from each bureau within the first year.
Freeze Your Credit File
A credit freeze is the most secure way to ensure no one can establish accounts in your name. During a credit freeze, no one, including you, can apply for credit unless you have the freeze removed, which you can do temporarily. Credit freezes do not expire. Unlike fraud alerts, you must call each credit bureau to place a credit freeze.
Stay Wary of Red Flags
If you notice any of the following strange occurrences, your personal data may have been breached:
- You have received an email or text message asking you to enter a code to verify your account. Such a message means someone has logged into an account using your username and password, and your two-factor authentication is the only thing stopping them from accessing it.
- You have received notifications from your credit card companies or financial institutions about suspicious account activity.
- You have lost access to one or more of your online accounts. This situation could mean a data thief logged into your account and changed your password.
- You have received unexpected bills or phone calls from bill collectors regarding loans or other accounts you never opened.
- You have noticed inquiries or accounts you do not recognize on your credit report.
- You have noticed unauthorized purchases through your credit card, merchant, or bank accounts.
- Your doctor has questioned you about a medical condition you do not have.
- You have been denied credit or told your credit score is low despite having no adverse credit history.
Research Your Legal Options After a Data Breach
If your information was stolen in a data breach, you may be entitled to file legal action for your financial damages, emotional distress, and risk of imminent harm. If the data breach was large, you may have the option to join a class action lawsuit. The advantage of a class action lawsuit is that you can receive compensation without having to do anything.
However, if there is a high volume of class members, the compensation could be nominal. An individual lawsuit could yield significantly more, but you must prove your data was breached and you suffered damages. We can connect you with a data breach lawyer, who can explain your legal options and determine the best for you.
If you suspect your personal information has fallen into the wrong hands, contact Class Action U today.
"*" indicates required fields
