Victim of a Data Breach? What Should You Do?

If you have been a victim of a data breach, you need to understand that there are differences between the types of breaches and the potential for both financial fraud and/or identity theft.

1. Understand what kind of breach occurred. You can read PRC’s Fact Sheet 17b: How to Deal with a Security Breach or take a look at our Chronology of Data Breaches for examples of the types of breaches. Depending on the breach specifics and the state in which you live, you may receive a breach notification letter that describes what happened.  You might also find out about a breach through media reports.

2. Find out what type of information was compromised. Was it credit or debit card information, account numbers, medical information, passwords, email addresses, Social Security numbers, or another type of personal information that was put at risk?  Once you know what type of information has been compromised, you can take the appropriate steps to try to avoid any damage.

3. Take steps to protect yourself.  Even though you didn’t lose the information yourself, don’t depend on the company that was breached to protect you from further headache. Often a breached company will offer credit monitoring services at no charge to the breach victims.  However, not all credit monitoring services are created equal, and sometimes they provide people with a false sense of security.  Depending on the type of breach, you will likely want to take additional precautions.

The two most common types of fraud resulting from a data breach are described below:

Existing Account Fraud. When your bank, financial, credit card or debit card account information is compromised, you may become a victim of existing account fraud. This type of breach typically affects only your current account(s). Obtaining your credit report or using a credit monitoring service usually will not reveal unusual activity resulting from existing account fraud.  

If the breach results in your account being used for fraudulent purchases, that activity will show up on your monthly account statements. It’s important to note that fraudulent charges will not result in a report to the credit bureaus unless, for some reason, you become in default on the account. So, if you take advantage of a breached company’s offer of free credit monitoring for a breach that involved your existing accounts, you will have a false sense of security if you believe that the free credit monitoring will ensure you’ll be notified when fraudulent activity occurs on your existing account(s).

To watch for this type of breach, you should carefully check your account statements on a regular basis. Most financial institutions make it easy for customers to access their accounts online for an immediate view of all activity. Be sure the computer or mobile device you use for online access is properly secured.  You may also be able to set alerts so you are contacted when a certain type of activity occurs. If you do find unusual activity, contact the financial institution immediately.  

New Account Fraud.  New account fraud happens when a fraudster obtains your Social Security number (SSN) and opens new accounts using your identifying information. Therefore, if your SSN is breached, it is important to keep close tabs on your credit reports.

If the breached company is offering free credit monitoring, you should take advantage of the offer, but not depend on it fully.

In addition, you should immediately place a fraud alert on your credit reports when you learn that your SSN has been compromised.  When you establish the fraud alert, you will receive a follow-up letter from each credit bureau.  Each letter will explain how you can order a free copy of your credit report from that credit bureau. We suggest that you do so and carefully review each credit report.  If you see any unusual activity on your report, contact the credit bureaus immediately.  Read our guide for further information.

4. Don’t fall for phishing scams.  Fraudsters will often use the information they gain about you to try to trick you into giving them more information.  NEVER give your Social Security number or financial account information to someone who calls or emails you asking for it.  Even if you think it may be legitimate, take the time to verify for yourself.  Criminals can spoof phone numbers to look like they are coming from anywhere, so don’t trust your Caller ID. 

5.  If you are offered credit monitoring, take advantage but understand its limitations.  There are a few things to note regarding the offer of free credit monitoring. Remember that credit monitoring services differ, and some may be more comprehensive than others.  These are some of the questions you may want to ask:

  • Find out if the credit monitoring service is monitoring all three of your credit bureau reports – Equifax, Experian, and TransUnion.
  • Find out what kind of information they are monitoring.
  • Understand what and how the credit monitoring service will be communicating to you regarding your account.
  • Ask how often, and for how long, you have access to the information and how you may dispute items that are not yours.
  • Ask if they will be alerting you to any unusual activity and involve you in the resolution of any problems.

6. Seek assistance if you feel overwhelmed. If you have further questions or complaints regarding data breaches, please contact us.  If you are the victim of identity theft, read our guides or contact the Identity Theft Resource Center for one-on-one assistance.