What Do I Do in Case of a Data Breach?

Stephanie Faris
Brandon King
September 15, 2023

One of the scariest facts about data security is that as a normal user you are not the sole determiner of your fate. You can do everything right, take all the precautions you’re capable of, and be as careful as humanly possible…and sometimes it won’t matter, because one of the companies you’ve had to give your failed at something on their end.

A close-up on an abstract design of a display, which is warning about a cyber attack. Multiple rows of hexadecimal code are interrupted by red glowing warnings and single character exclamation marks. The image can represent a variety of threats in the digital world: data theft, data leak, security breach, intrusion, etc...

Particularly if the company has access to a lot of your very sensitive information (such as bank information, social security number, and so on) this can be disheartening as you could end up paying the price for someone else’ mistake.

Still, you do have recourse if you’re the victim of a major data breach.

Keep Calm

One of the potentially comforting things about major data breaches like this is that a lot of people’s information is going to be gathered all at once. 

In the past couple of years, as an example, Experian has suffered two major data breaches. An unspecified number (“tens of millions”) of people in the United States were affected by an Experian data breach in April of 2021, and in August of 2020 reportedly a whopping 24 million people and 793, 000 businesses in South Africa had their data stolen…and surprisingly easily, to boot.

These incidents are far from the most expansive breaches of a credit company, but they are the most recent.

This is of course terrible, and at least mildly horrifying. However, the upside is that that means someone has to sort through those tens of millions of entries worth of data and decide which ones are the highest value and therefore are worth selling.

This means that in the worst-case scenario (your information is sold) you have some time to prepare and take preemptive measures (such as enacting a credit freeze). If you’re lucky, nothing will ever come from it at all, and this is statistically the most likely option.

Still, you shouldn’t let your guard down just because of that.

A close-up on an abstract design of a display, which is warning about a cyber attack. Multiple rows of hexadecimal code are interrupted by red glowing warning text. Part of the display is reflected on a shiny surface. The image can represent a variety of threats in the digital world: data theft, data leak, security breach, intrusion, etc...

Always Stay Alert

If you suspect you might be a victim of a data breach, keep an eye out for any suspicious stealing identity activity.

Usually, the company that has been breached will send you a notification that there has been a breach. Whether they do this in a timely fashion is another matter as they often alert customers long after the window has passed to take basic precautions.

This means you always need to be on the lookout for anything strange.

If you get alerts from the IRS you aren’t expecting or strange notifications from lenders, those are things you should not ignore. If you’re not in the habit of reading all your mail before throwing it away, that’s a habit you should definitely cultivate. Even if you think it’s just another useless piece of junk mail telling you you’re pre-approved for a loan or something you should double-check to make sure it’s not something else (and then should probably shred it anyway).

Likewise, make sure you have alerts from your bank and the like activated and that you pay close attention to them as well.

Keep a close eye on all transactions associated with all of your accounts. Bank accounts and credit cards, obviously, but also some things you might not expect like your Amazon account. In certain circumstances, someone could, for example, open an Amazon credit card in your name and start making surreptitious purchases using it. This may be harder to notice.

Something else worth keeping an eye on is unexpected, sudden drops in your credit score. This will usually happen because people are trying to take out loans or open credit cards in your name (creating new queries) or throwing your debt-to-credit ratio completely out of whack.

It helps to have access to monthly credit reports from at least one of the major bureaus (Experian, Equifax, and Transunion). Most identity theft protection services provide this as a side benefit, but you can also get regular credit updates from websites like Credit Karma for no charge.

Notify Authorities

Once you’ve confirmed that your identity is actually compromised, there’s a fair few people you need to contact.

The first should be information-gathering missions. You’ll want to contact the Social Security Administration and get a copy of your wage earnings report. Cross-reference this with your own records and make sure things line up.

Likewise, contacting your health insurance provider is a good idea to make sure no medical fraud is being committed.

Then, file an identity theft report with the Federal Trade Commission (FTC) at IdentityTheft.gov. You can file an identity theft report with them which makes it harder for people to actually do anything with your information. They’ll ask for as many details as you can possibly give them: what information has been breached, how it has been misused, and so on so be prepared with that information.

Likewise, you should file a police report. Something may or may not come from it, but it’s always worth doing.

Finally, you can choose to send a fraud alert to any of the three major credit companies (Experian, Equifax, and Transunion) to let them know your identity has been compromised and how. You only need to send the report to one, and they are obligated by law to pass this on to the other two, no matter which one you contact.

What Does a Fraud Alert Do?

Basically, a fraud alert makes it more difficult to open credit accounts in your name because it adds an extra layer of authentication required before an account will be opened. The business in question is required by law to take extra steps to verify your identity before opening the account. You can also request a free credit report from each bureau within that year.

Normally, this lasts for a year. However, you can also apply for an extended fraud alert which lasts a full 7 years and allows you to request your credit report twice from each bureau every year within that time.

It also has a nice extra benefit: it blocks you from receiving unsolicited credit and insurance offers for 5 years though you can opt out of this as well.

Keep in mind an extended fraud alert is only available as an option if you have already filed an FTC identity theft report.

Enact a Credit Freeze

Putting a freeze on your credit makes it much more difficult (nearly impossible, in fact) for anyone to open new accounts in your name since they would need to have the specific password or PIN you used to enact the freeze (or lock, if you have access to that capability) to do anything involving your credit.

This does also, of course, prevent you from doing anything, but it’s a small price to pay for safety unless you have some absolutely vital need to take out a new loan or something in the time you would need to protect your credit.

Keep in mind this option is semi-redundant with filing a fraud alert, as they serve much the same purpose, but credit freezing can usually be done a bit easier if you have access to an identity theft protection service since it can be done online from a convenient space.

Cyber security IT engineer working on protecting network against cyberattack from hackers on internet. Secure access for online privacy and personal data protection. Hands typing on keyboard and PCB

Remember to Use Your Identity Theft Protection Service

If you’re enrolled in an identity theft protect plan, you will of course want to avail yourself of the advantages of these services.

Depending on who your provider is and what types of services they offer you have a ton of options here.

The first and foremost thing you’ll want to take advantage of, though, is simple: their customer support and identity restoration services.

The people who can give you the most direct and immediate aid are going to be these customer service reps, as everyone else you can contact is going to be a whole lot slower in responding to your problems.

All identity theft protection services come with some kind of insurance as well, so you want to make sure you remember that if you start feeling financial repercussions.

And, of course, it can’t be overstated how useful having the identity alerts active is. You just need to make sure you’re actively monitoring your account for any alerts; don’t trust the alerts to get pushed through to your email or something like you normally might. Start checking the service’s alerts page daily, at least.

Be Patient

Once you’ve done everything you can, the best thing you can do is to slow down and try not to worry. From that point, everything is pretty much out of your hands, and being too stressed out about it is not helpful.

✎ Related Article: How Did The MOVEit Data Breach Happen?