If you find out your data has been breached, don’t panic. It’s important to keep a level head and figure out what you can do to protect yourself and your bank accounts as much as possible from any misuse of your information.
With that in mind, here are some action steps you can take after a data breach.
1. Update your passwords
The first thing you may want to do after a data breach is change your passwords. If a hacker has your account login user name and your password, they could wreak a lot of havoc in a very short amount of time. So it may be wise to change passwords for:
- Bank accounts
- Credit card accounts
- Email accounts
- Social media accounts
- Any accounts that you’ve linked a debit card, credit card or bank account to
- Any accounts that you use to access financial information (such as insurance accounts, investment accounts, credit monitoring accounts, etc.)
When updating passwords, pick a strong password that includes a combination of upper- and lowercase letters, numbers and special characters. Using a password manager can help you keep track of passwords that you use online.
2. Activate multi-factor authentication
Multi-factor authentication adds another layer of security protection for your online financial and personal accounts, beyond just creating a strong password.
For example, you may need to enter a special code you receive by text or email in order to complete the login process when multi-factor authentication is turned on. Or you may need to scan a QR code to finish logging in.
It can take a little time to set up multi-factor authentication but it can be worth it to keep your information out of the hands of hackers.
3. Monitor account statements and report unauthorized transactions
Following a data breach, it’s important to pay close attention to bank account statements and statements for other financial accounts. Specifically, you should be looking for any suspicious transactions or unauthorized purchases, as those can be a sign of fraud.
If you spot a purchase or transaction you don’t recognize, it’s important to report it as soon as possible. This is important not only for preventing further unauthorized activity but also for minimizing your liability for those charges. If someone steals your debit card number but not your card and uses it to make fraudulent purchases, you’re not liable for them if you report those transactions within 60 days of your statement being sent to you, per federal law.
You can also set up banking alerts to notify you each time there’s new activity on your account. For example, you may be able to set up alerts for new debit transactions, new external accounts linked to your account, failed login attempts or changes to your password or personal information.
Pro tip: If your bank account includes card locking as a feature, you can log in online or through your mobile app to disable your card and prevent additional purchases.
4. Place fraud alerts with credit bureaus
Anyone who suspects fraud can place a fraud alert on their credit reports. When a fraud alert is in place, it requires businesses to verify your identity before opening credit accounts in your name.
If you want to place a fraud alert on your credit reports after a data breach you can contact any one of the three major credit bureaus, Experian, Equifax or TransUnion. The credit bureau you place the fraud alert with has to notify the other two bureaus to do the same.
Fraud alerts are free and they stay in place for one year. If you’ve had your identity stolen and completed an FTC identity theft report, you can place an extended fraud alert which is good for seven years.
5. Review credit reports annually
Following a data breach, it’s a good idea to keep an eye on your credit reports. You can get a copy of your credit report once per year free from each of the three major credit bureaus. You’ll need to request your free credit reports through AnnualCreditReport.com.
When reviewing your credit reports, look for anything out of the ordinary, including:
- Credit accounts you don’t recognize
- Inquiries for new credit you don’t remember making
- Judgments or other public records
- Changes or updates to your personal information
If you spot anything that looks suspicious, you can reach out to the credit bureau that’s reporting the information to report fraud and dispute the information.
Pro tip: Consider placing a credit freeze on your credit reports, which would prevent any new accounts from being opened in your name.
6. Sign up for credit monitoring or identity theft protection if available
Credit monitoring services can help you track changes to your credit score month to month. For instance, if an identity thief opens a new credit card account in your name, the inquiry would show up on your credit report which could drop your score by a few points.
There are plenty of free credit monitoring services to choose from, though others charge a fee. Comparing the monitoring services offered and the costs, if any, can help you decide which service to use.
You may also be able to take advantage of identity theft resolution or protection through your credit card. A number of cards offer built-in protections and solutions to help you resolve identity theft if your card is used to make unauthorized purchases or cash advances.