From health care companies to delivery companies, insurance to payment apps, it seems that no one is safe from a data breach any more. And that means it's only a matter of time before you get a data breach notification letter in the mail — and you're not alone. Even my 5 year old child received one before they made it out of kindergarten.
If you haven't gotten one yet, or are just receiving your first one, don't let it raise your heart rate. If you don't yet have any identity theft protection, be assured, that's going to be one of the top recommendations we make below, but there are other good steps to take to make sure you and your data stay as safe as possible after a breach.
Here's what you can do once you've gotten a data breach notice:
1. Verify that the notice is legitimate
It sounds awful but it's true — some phishing attempts will try to capitalize on data breaches by sending out fake notifications in order to scam you out of your personally identifiable information (PII). So, first things first, make sure to verify that the breach is in fact legitimate.
Check the company's website or call the company's phone numbers found via official channels to confirm the breach. Alternatively, if the breach is already widely known, make sure that the information given in the breach letter is legitimate by checking it against the information online, usually filed with an Attorney General's office.
2. Change your passwords and enable MFA
This should always be the first step after you know your data has been involved in any data breach because it's the best way to protect your accounts and your data. Make sure you're updating your passwords to any affected accounts and using a password manager if you weren't already.
Additionally, make sure you're using two-factor or multi-factor authentication on any account that offers the feature, as it's often the best line of defense between your information and a hacker.
3. Place a fraud alert and a security freeze on accounts
You can do place a fraud alert by contacting any one of the major three credit agencies: Equifax, Experian or TransUnion. Ask for one to be placed on your credit report to indicate to creditors that your account has been exposed to fraud or may be a target for fraudulent activity.
On the other hand, a security freeze will stop anyone from opening any new credit cards or credit activity in your name without your explicit action — that can make it hard if you're the one who wants to open a new account, but it's better than finding out someone else was able to.
4. Monitor accounts closely
If you weren't already keeping a close eye on all your account activity, now is the time to start. Make sure you're watching out for any suspicious or unusual behavior, like transactions you don't recognize, new accounts, or log ins you don't remember.
Depending on your account, you may have a way to set alerts or have options in a security center that give you recommendations on how to protect your account as well.
5. Get your credit report
There are three major credit agencies — Equifax, Experian, and TransUnion — and each will get you a free copy of your credit report when you visit annualcreditreport.com. This will also help you keep an eye out for any unusual activity or unfamiliar accounts that may have been opened in your name.
6. Accept any offered identity protection services
Often after any data breach, the company involved will offer at least 12 months of free identity theft protection or monitoring services for free to those who have been exposed or affected. If that's you, you should absolutely take advantage of those services.
If you have already paid for annual identity theft subscriptions and find yourself involved in a data breach, sign up for what is offered and make sure you update or check in on your subscription services so they can better monitor your data. Remember, these services work best if you've signed up for them ahead of time, so look into one, even if it's just at the basic level. They could alert you to your data being sold online, or help you get your identity back in order after a breach.
7. Protect your digital security
Lastly, make sure your digital security is in order: Use a password manager, change or update your Wi-Fi password, make sure you're well educated about phishing and vishing attacks and update your operating system software. You should also ensure that you have a robust security measures in place with a quality antivirus program. Making sure that your devices are protected when you're online is always a good step as well.
The best thing to do after you get a data breach letter is to stay calm, and make sure you're checking all these steps. Going forward you'll want to make sure you're staying safe by not falling for any phishing attempts: Don't click on anything in any texts or emails that you're not expecting to receive no matter how convincing it looks, don't give out any personal information over the phone to any strangers, and be extremely suspicious of any communications that attempt to pressure you into giving out information, clicking on links or downloading anything.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
More from Tom's Guide
- These iCloud Calendar invites look legitimate but are tricky phishing attacks – here’s how to tell
- Roblox announces age verification features for in-game communications —what you need to know
- TP-Link router flaws lets botnets attack Microsoft 365 accounts — check yours now
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
