5 Essential Steps to Take to Protect Yourself After a Data Breach

A woman looks surprised when she looks at her laptop at home.
Getty Images

ScoreCard Research

The idea of your personal information being swept up in a data breach sounds terrifying, but in today’s world, security isn’t perfect and it’s bound to happen at one point or another. However, there are steps you can take to protect yourself.

Most recently, AT&T suffered a significant breach that compromised the data of 73 million current and former customers, including account holders’ Social Security numbers. The company has launched an investigation into the source of the data leak and said the data was released on the dark web about two weeks ago. AT&T is urging their customers to reset their account passcodes and keep an eye on their accounts.

If your information was disclosed in this breach, you’ll want to follow our recommendations carefully.

We will explain what a data breach is and what to do after a data breach if your information has been compromised. By immediately taking the correct actions, you can reduce the chance of your data being used for malicious purposes.

What Is a Data Breach?

A data breach occurs when information is taken or stolen without proper authorization. In the digital world, these break-ins occur when malicious individuals illegally gain access to computer systems.

Data breaches can be the result of poor data security, but even the most secure systems can become compromised. When a data breach occurs, a malicious individual or group of individuals are usually able to exploit a software vulnerability or human error.

In the United States, businesses are required to disclose data breaches once they are discovered and have up to 90 days to do so. This is a much longer allowance than in many other countries, such as the U.K., where breaches must be reported within 72 hours.

What Can Be Exposed in a Data Breach?

Nearly any type of sensitive data can be exposed in a data breach, including usernames, passwords, email addresses, physical addresses, phone numbers, birthdates and other forms of user data relevant to the platform.

The information that is exposed will depend on what information you provided the breached company, as well as the particular system that was compromised.

More serious data breaches that can lead to identity theft can involve your driver’s license number, credit card information, bank account number, private medical information or your Social Security number (SSN).

No matter what type of information is exposed in a breach, the most critical factor is that you respond promptly to get your stolen information under control.

How Do You Protect Yourself After a Data Breach?

A data breach can feel overwhelming, but we are going to walk you through five essential steps to take if you have been notified of a security breach to ensure that your identity and information remain secure.

1. Figure Out What Information Has Been Compromised

The most important reaction you should have to any data breach is to first find out what information has been stolen. When you are notified by a company that its systems have been compromised, the company should state exactly what data was accessed. If not, it is critical to reach out to the company and ask what information of yours is at risk.

Less sensitive information, such as usernames, passwords, email addresses, phone numbers, birthdays and physical addresses, require less action than if your Social Security number or medical information has been accessed. We’ll discuss how to address each of these bits of information shortly, but first you need to understand what has been stolen.

2. Increase Your Digital Security

Just as if your house was robbed, one of the first actions to take is to beef up your online security. Begin by changing your password on any platform that has been compromised. This will prevent anyone from accessing your account if your old password surfaces online.

Additionally, you’ll want to enable Two-Factor Authentication (2FA) on the website if that security option is available. By enabling 2FA, you need not only your password to log in, but a second secure code that is usually texted or emailed to you at the time of login.

By merely upgrading your security information on a compromised system, you can prevent any stolen passwords from being of any use to malicious individuals. The updates will also help protect you from future security breaches.

3. Change Your Compromised Information

In addition to changing your password and updating your security settings whenever a system is breached, there may be other information you’ll want to update. Essentially, if any stolen information is changeable, you’ll want to update it to prevent it being of any use to those who gain hold of it.

Obviously, we don’t recommend that you move your home if your physical address is compromised and you don’t need to change your phone number if that is exposed. If it’s information that you could have found in the White Pages a decade ago, you can probably breathe easy even if it is exposed.

However, information tied to a credit card account or bank account should be changed. If you have been notified that your credit or debit card information has been compromised, it is best to call your bank or credit card company to freeze the card and order a replacement. Again, the goal here is to render any information that may have been stolen unusable.

Your driver’s license number and Social Security number can’t be changed, but we’ll go over how to keep a closer eye on that information for any possible signs of fraud or misuse.

4. Closely Monitor Your Important Accounts

If your driver’s license or Social Security number is compromised, that is a more serious breach. In these events, it is critical that you keep a close eye on your credit report as someone may attempt to open an account in your name. Obtaining a free credit report is a great place to start after any data breach notification or fraud alert.

The three major credit bureaus, Experian, Equifax and TransUnion, offer subscriptions for keeping a close eye on your credit reports. These subscriptions commonly include alerts whenever new accounts are opened or your information has been used to apply for additional credit, so they can be powerful tools after a data breach.

You can also employ a credit freeze, so that your credit information is unable to be accessed. By contacting the three credit bureaus or visiting their websites, you can put a hold on your information so that anyone attempting to apply for credit will be locked out.

Just remember that you will need to unlock your information if you ever want to legitimately open new accounts and need access to your credit reports.

5. Register for Identity Theft Protection if Needed

If sensitive information, such as your Social Security number, has been compromised and someone has attempted to use it, it may not be a bad idea to register for identity theft protection services.

While expensive, these services can keep a close eye on your credit report as well as offer insurance for individuals whose information is under attack. Some top companies, such as Aura Identity Guard and IDShield, offer up to $1 million in fraud protection.

Additionally, breached companies may offer free theft protection services to affected individuals.

Frequently Asked Questions (FAQ)

What Is an Example of a Data Breach?

In 2013, department store chain Target was involved in one of the largest security breaches in history. Hackers stole 40 million credit and debit card records, along with 70 million customer records during the holiday season.

Target notified affected individuals about three weeks after the breach occurred and four days after the retail chain had noticed it. The data breach cost Target $18.5 million, and the company provided free credit monitoring services for affected customers.

What Is the Most Common Cause of a Data Breach?

According to the Identity Theft Resource Center, the most common source of data breaches in 2021 was phishing attacks. These attacks typically involve someone pretending to be a trusted individual to lure victims into revealing sensitive information. Other leading causes of data breaches include ransomware and malware attacks.

What Do I Do if My Personal Information Has Been Compromised?

The first thing to do is determine exactly what information has been stolen. Then change the passwords and increase security on all those accounts. This could include freezing credit or debit cards. You can also reach out to the breached company for more advice. Then monitor your accounts closely for any unauthorized activity. Lastly, if needed, contact an identity theft protection company.

What Should I Do About Government Data Breaches?

There isn’t much more you can do beyond following the five steps listed above to help secure your information and keep an eye on your data.

You may be able to reach out to the affected government agency for more advice. Begin by visiting that agency’s official .gov website to learn more.

Michael Archambault is a senior writer with The Penny Hoarder specializing in technology.