The thought of your personal details being swept up in a data breach is alarming, but in our connected world security isn’t flawless and breaches are likely to occur at some point. Fortunately, there are steps you can take to protect yourself and limit damage.
Most recently, AT&T endured a major incident that exposed the information of 73 million current and former customers, including account holders’ Social Security numbers. The carrier is investigating how the leak happened and says the data appeared on the dark web roughly two weeks ago. AT&T is advising customers to reset account passcodes and closely monitor their accounts.
If your data was included in this breach, follow the guidance below carefully.
We’ll define what a data breach is and outline what to do after a breach if your details were compromised. Acting promptly and appropriately can reduce the likelihood that your information will be misused.
What Is a Data Breach?
A data breach happens when information is accessed or taken without authorization. In the digital realm, these incidents occur when attackers illicitly penetrate computer systems.
Breaches can stem from inadequate security, but even highly protected systems can be infiltrated. Typically, attackers exploit software weaknesses or human mistakes to gain access.
In the U.S., companies must inform affected parties when a breach is discovered and generally have up to 90 days to report it. That’s a longer window than in several other nations, like the U.K., where breaches must be reported within 72 hours.
What Kind of Data Can Be Leaked?
Almost any sensitive information can be revealed in a breach, such as usernames, passwords, email addresses, mailing addresses, phone numbers, birthdates and other account-related data.
The specific details exposed depend on what you provided the breached organization and which system was compromised.
More severe breaches that may lead to identity theft can include your driver’s license number, credit card details, bank account numbers, medical records or your Social Security number (SSN).
No matter the type of data exposed, the crucial thing is to act quickly to regain control of your stolen information.
How to Protect Yourself After a Data Breach
A data breach can be daunting, but here are five key steps to follow if you’ve been told your data was exposed. These actions will help safeguard your identity and personal information.
1. Determine Exactly Which Data Was Exposed
Your first response to any breach should be to identify what information was taken. When a company notifies customers of a breach, it should specify what data was accessed. If that detail isn’t provided, contact the company and ask which of your records were at risk.
Less sensitive items like usernames, passwords, email addresses, phone numbers, birthdays and addresses demand different responses than if your Social Security number or medical records were accessed. We’ll cover how to handle each type of information, but the first step is confirming what was taken.
2. Strengthen Your Online Security
Much like changing the locks after a home burglary, beefing up your online defenses is essential. Start by updating passwords on any accounts tied to the breached service. This helps stop anyone from using old credentials to gain access.
Also enable Two-Factor Authentication (2FA) wherever possible. With 2FA, logging in requires not only your password but a second verification code typically sent via text or email.
Simply improving security settings on a compromised account can make stolen passwords useless to attackers. These upgrades will also help guard against future incidents.
3. Replace or Update Compromised Details
Besides changing passwords and tightening security settings after a breach, you should update any other changeable information that was exposed. If stolen data can be altered, do so to render it useless to those who obtained it.
There’s no need to move if your address appears in a breach, and you likely don’t need a new phone number just because it was exposed. If the data is something that could be found in phone directories years ago, the risk is usually lower.
However, if credit or debit card data was leaked, contact your bank or credit card issuer to freeze the card and request a replacement. The objective is to neutralize any information that could be weaponized by criminals.
Your driver’s license number and Social Security number can’t be swapped out, but we’ll explain how to monitor those more closely for signs of misuse.
4. Monitor Critical Accounts Carefully
If your driver’s license or Social Security number were exposed, that’s a more serious situation. In such cases, vigilantly review your credit reports since someone could try to open accounts in your name. Requesting a free credit report is a smart initial step after receiving a breach notice or fraud alert.
The three major credit reporting agencies—Experian, Equifax and TransUnion—offer monitoring subscriptions that alert you when new accounts are opened or when your data is used for credit applications, making them useful after a breach.
You can also place a credit freeze to prevent access to your credit file. By contacting the three bureaus or visiting their sites, you can lock down your information so anyone attempting to apply for credit will be blocked.
Keep in mind you’ll need to lift that freeze if you want to legitimately apply for new credit and allow access to your reports.
5. Sign Up for Identity Theft Protection If Necessary
If highly sensitive details like your Social Security number were exposed and there are signs someone tried to use it, consider enrolling in an identity theft protection service.
Although these services can be pricey, they monitor your credit closely and often provide insurance for victims of identity fraud. Leading providers, such as Aura Identity Guard and IDShield, advertise up to $1 million in fraud coverage.
Sometimes companies responsible for breaches will offer complimentary identity protection services to impacted customers.
Also, for guidance on recovering from other disasters that may affect your personal records, see what to do after a house fire.
Frequently Asked Questions (FAQ)
In 2013, retailer Target experienced one of the most notable breaches on record. Hackers captured 40 million payment card numbers and 70 million customer records during the holiday shopping season.
Target informed affected customers about three weeks after the incident and four days after detecting the breach. The event cost Target $18.5 million, and the company providedfree credit monitoring services for those impacted.
Per theIdentity Theft Resource Center, phishing was the leading cause of breaches in 2021. These scams involve fraudsters impersonating trusted sources to trick people into giving up sensitive information. Ransomware and malware were also top contributors to breaches.
The initial move is to identify exactly what data was taken. Then change passwords and increase security on those accounts, which could include freezing credit or debit cards. Contact the breached company for its guidance, monitor your accounts for unauthorized activity and, if necessary, engage an identity theft protection service.
Beyond the five steps outlined above, there’s little more you can do other than remain vigilant and act on any suspicious activity quickly.
If a government agency is involved, you can consult that agency for further direction. Start by visiting the official .gov site for the relevant department.
Daniel Harlan is a senior technology writer with Savinly specializing in consumer security.
