A Company with Your Data Got Hacked - Now What?
If you suspect your personal information has been exposed during a data breach, here's what you should do to protect your data, bank accounts, and more.
It’s been a big year for security breaches, with Equifax’s data breach leading the most recent headlines. In those circumstances, it can feel like you have no control over your own information. But there are still steps you can take to make it difficult to grab (or use) your financial info, from varying your passwords to freezing your credit.
Here are some smarts steps to take after the breach has happened:
Accept That Your Data Has Been Hacked
There have been more than 14 billion data records lost or stolen since 2013—so there’s a very good chance your data is out there somewhere, even if you haven’t been directly affected by one company’s data breach. It’s no longer about keeping your information private—but about making it harder for criminals to misuse it.
Find Out What Was Taken
If possible, find out what information was breached. If it was a credit card or account number, request a card with a new number—and don't forget to update any bills that were automatically being charged to that account. Was it your username and password? Change your password immediately.
Sign Up for Fraud Protection
Once they’ve been hacked, many companies offer customers a complimentary subscription to a monitoring service for a year or two. There’s no downside to taking them up on this offer.
Change Your Passwords
If you’re using the same password on all your accounts, you’re making yourself vulnerable if one username and password gets hacked. (Hint: They now have access to all your accounts since you likely use the same username also.) Use a password generator to create more secure passwords or—because most people can’t remember the passwords that come from password generators—follow some basic strong password rules:
- Use a minimum of 12 characters.
- Include numbers, symbols, lower-case and upper-case letters
- If you must use dictionary words, use words that don’t go together (like grasspencil versus redbarn).
- Use unusual substitutions. You’re not going to fool anyone with your “Camp1ng” password.
Then use a password manager, such as Dashlane or Keeper Password Manager & Vault, to store all your passwords for safe keeping. (Because who can remember all those hard-to-guess passwords, anyway?)
Freeze Your Credit
Freezing your credit—now free with all three credit bureaus—keeps new credit from being opened in your name. So even if a criminal has your name, birth date, and Social Security number, they can’t get an auto loan or apply for a new credit card while pretending to be you. The freezing procedure is different at each bureau, but a quick google of “freeze credit” with each bureau’s name—TransUnion, Experian and Equifax—should take you to the right page. If you need to apply for credit in the future, you’ll have to lift each freeze temporarily, but it’s worth the hassle to lock down your credit now.
Experts also recommend freezing credit at two additional bureaus: Innovis and NCTUE (National Consumer Telecom Utilities Exchange).
File Your Taxes Early
If there's a chance that a criminal could use your Social Security Number to file taxes in your name, it would behoove you to file early in the season before that can happen.
Closely Monitor Your Accounts
Even if you’re extra cautious, it’s still possible that a hacker could use your information—credit card numbers, for instance, or bank account information. Check statements frequently for activity you don’t recognize and report fraud as soon as you see it.
Be Alert for Anything Strange
There are a variety of types of identity theft, and it’s not always financial. You might find that someone has filed a tax return in your name, for instance, or submitted an insurance claim by pretending to be you. Watch the mail for overdue bills you don’t recognize (don’t just throw them away) and pay attention to calls from bill collectors, who may be trying to collect on a debt that a fraudster has piled up. Watch your email, also, for suspicious activity—such as unusual emails from companies you frequent.
Although it's highly likely that your data is out there and available to criminals, it doesn't mean you have to make yourself vulnerable to identity theft or other kinds of fraud. Taking the right precautions and staying vigilant can go a long way toward making your information tough to use.
The views expressed by the authors are not necessarily those of Fifth Third Bank, National Association and are solely the opinions of the authors. This article is for informational purposes only. It does not constitute the rendering of legal, accounting, or other professional services by Fifth Third Bank, National Association or any of their subsidiaries or affiliates, and are provided without any warranty whatsoever. Deposit and credit products provided by Fifth Third Bank, National Association. Member FDIC.