Here’s What You Should Do After a Data Breach

1. Stay Alert

If your personal information was exposed in a data breach, the breached company is likely to notify you. (If they operate in any of the 50 states, they're compelled by law to do so.) If you receive a breach notice, retain all documents and take recommendations they provide seriously.

Be aware that data breaches are not always detected immediately, so by the time you receive a notice, your information may have been available to criminals for some time. With that in mind, hang on to any unusual mail or emails, such as IRS tax notices, bills or statements from unfamiliar lenders.

2. Secure Your Accounts

Starting with any accounts specified in the breach notification, update the passwords and PINs you use to log in to your bank and credit card accounts. Accounts affected directly in a breach are obviously at greatest risk, but access to any of your personal information heightens the risk that your other accounts could be compromised.

If you aren't already doing so, start implementing these good password hygiene practices to mitigate account security risks:

• Don't reuse passwords. Use unique passwords for each of your online accounts. Otherwise, a thief who's obtained login information for one account could be able to use the same information to gain access to others.
• Consider a free password manager. These easy-to-use apps generate highly secure, unique passwords and remember them for you. All you have to remember is one master password. There are many free options available, but password managers that charge a subscription fee may provide more robust features.
• Enroll in a two-factor authentication. This requires you to get a confirmation code via text message or email before each login, to prove you're you. It adds a small step to the sign-in process, but it makes it much harder for password thieves to gain access.

3. Initiate a Fraud Alert

A fraud alert notifies any lender processing a credit application in your name that you may be a victim of fraud or identity theft and requests that they verify the applicant is really you before moving ahead with the application.

When you add a fraud alert to your Experian credit report (or to your report at either of the other two national credit bureaus, TransUnion or Equifax), the alert is automatically applied to your credit reports at all three bureaus.

A fraud alert will stay on your credit report for one year. You can renew the fraud alert when it expires. If your worst suspicions are confirmed and you find you're victimized by fraud, you can apply an extended fraud alert that lasts seven years before requiring renewal.

4. Monitor Your Financial Accounts and Credit Reports

Keep tabs on your bank and financial accounts and set up any available alerts to notify you of activity on the account. Staying aware of unusual or unexpected activity on your account lets you detect potential scams early and allows you to report or investigate them promptly.

Checking your credit report also can help you identify any unusual activity related to credit fraud and identity theft, such as the creation of loan or credit card accounts you don't recognize and the addition of unfamiliar addresses to your personal information. You can check your credit report for free through Experian, and check your reports from all three credit bureaus for free at AnnualCreditReport.com.

Free credit monitoring from Experian automates the process of checking your Experian report by sending you emails or text messages anytime there's new activity on your Experian credit report.

5. Freeze or Lock Your Credit File

Though potentially more inconvenient than a fraud alert, you might consider applying a free security freeze, which limits access to your credit report at a specific credit bureau. You have the right to freeze your Experian credit report here and can separately freeze your credit reports at Equifax and TransUnion.

Freezing your credit at all three bureaus helps protect your credit file from scammers and other criminals who may apply for credit in your name. However, it will also prevent creditors from accessing your credit for legitimate credit applications. If you want to allow a lender to view a frozen credit report (as when applying for a credit card or loan), you must first "thaw," or unfreeze, your credit reports.

Locking your credit file is another way to protect yourself from fraudulent credit applications being submitted in your name. You can lock and unlock your Experian credit file with CreditLock, which is included with Experian CreditWorks℠ Premium. Similar services are offered at the other credit bureaus.

6. Stay Vigilant to Signs of Scams

Data exposed during a breach creates a serious fraud risk. Sensitive information that could wind up in the hands of criminals or on the dark web after a data breach includes:

• Your full names
• Email addresses
• Your date of birth
• Biometric data
• Passwords and passcodes
• Mailing addresses
• Your Social Security number

Criminals can use this information to commit targeted acts of phishing by convincing you their communications are from a legitimate source (such as your bank or a government official). Their goal may be to con you into handing over more sensitive information, or to trick you into providing access to your financial accounts.

Fraudsters can also use information exposed in a breach to commit synthetic identity theft—the fabrication of new, false identities using pieced together sensitive information. They then use these fake personas to commit credit fraud or other illegal financial schemes.

Staying up to date on the latest scams can help you stay defensive. Also, beware common signs of phishing attempts, including:

• Messages that urge you to act immediately using implied or explicit threats, such as "act now to avoid losing access to your account" or "this is your final chance to extend your home warranty."
• Unusual sender email addresses
• Attachments from companies or organizations that don't typically include them
• Requests for information the sender should already have (for example, your bank requesting you confirm your account number).

The Bottom Line

Exposure of your personal information in a data breach is a downside to the convenience of digital transactions and e-commerce. It's wise to be prepared in case it happens to you, and to act quickly if it does to minimize the potential damage.

If you're the victim of a breach, take a breath, try not to panic and follow these steps. If you confirm your data has been stolen or misused, act immediately and report the matter to appropriate authorities.