If you’ve ever received a letter saying that you’re part of a data breach, you’re not alone. According to a report in Security Week News, over 700 million records containing personal information were breached in 2015, about twice the number of people in the U.S. With numbers like those, most of us will see a breach notification letter sooner or later. If you do receive a breach notification letter, the most important thing is not to panic. Here are the things you should and shouldn’t do if you are part of a data breach.
First and foremost, don’t start canceling your accounts and causing yourself a lot of work. Getting a breach letter doesn’t necessarily mean that someone has stolen your identity. Notification letters are required by law for breaches of a certain size or involving certain kinds of information such as health records. According to Javelin Research, about 13 million Americans became victims of identity theft in 2015. That’s a lot, but way fewer than the 700 million records exposed in breaches.
Second, take some steps to stop criminals from using your identity:
- Sign up for any free credit monitoring or identity theft recovery services offered in the letter. If something does go wrong, recovery services will save you many stressful hours trying to restore your identity.
- Read the letter carefully to find out what information was exposed, so you know what to watch for. If credit card numbers were taken, your credit card company may automatically cancel your card and issue a new one, but watch your credit card statement carefully for any fraudulent charges. If medical records were stolen, check your Explanation of Benefits from your medical insurance for evidence of someone using your coverage. If your Social Security number was stolen, be on the alert for unrequested credit cards, and file your taxes early so thieves can’t file in your name and take your refund. If passwords were stolen, change them!
- Wait a month or so after you get the notification letter, then start regularly checking your credit report for any unauthorized credit card or loan activity. If you see problems, report them right away to the organization involved, to your identity protection service company, and to law enforcement.
- Set up alerts on your credit cards and bank accounts so you will be automatically notified of transactions over a certain limit.
Finally, be on the lookout for fake data breach letters or emails asking you to confirm your personal information. Ironically, identity thieves sometimes use big breaches in the news to try to steal personal information from people who may not have even been part of the breach. And if the organization that was breached doesn’t offer you identity protection services, this might be a good time to consider getting your own coverage, just in case you become one of the 13 million Americans each year who does fall prey to identity thieves.