Seven Things to Do After a Data Breach

7 Things to Do After a Data Breach

By Michael Peterson
In September 21, 2019

Capital One. Marriott.  Panera. Target. Twitter. Facebook. The U.S. military. 

What do all of these companies and organizations have in common? They’ve all been the targets of massive data breaches – breaches that affected millions of users and exposed everything from names and addresses to account numbers, passwords, and Social Security numbers.

And those are just a few of the most publicized breaches in recent years. Here’s a sobering statistic: Between 2005 and 2018, a staggering 446.5 million records were exposed due to data breaches.

Chances are, you’ve already been affected by a breach or two. And if you haven’t? It’s probably only a matter of time. We’re not trying to scare you – we promise! But the reality is, data breaches are a very real threat. And while you can’t prevent your sensitive information from falling into the wrong hands, you can take active steps to protect yourself from fraud or identity theft.

Here are seven things you should do if a data breach happens to you:

  1. Get the facts. Who was affected by the breach? Was it customers in certain parts of the country? People who shopped at certain stores or used specific websites? What kind of information was exposed? There’s a big difference between a list of contact information and a list of usernames and passwords. When did the breach happen? How long has your private information been, well, less than private? And, most importantly, what is the breached company/organization doing about it?  Check the company’s website or visit the Federal Trade Commission’s website – it’s a great resource for information related to privacy, consumer protection, and incidents like data breaches. 
  2. Change your passwords. Keep in mind that a data breach doesn’t automatically mean that your passwords were compromised. Better safe than sorry, though – especially if you tend to use the same password (or even a few variations of the same password) for everything. Pro tips: Don’t choose anything too obvious (we’re looking at you, PASSWORD and 12345).  If you have the option, enable two-step verification – it’ll provide an extra layer of protection.
  3. Double-check your account information. One common technique used by hackers and cybercriminals is to log into your online account and make changes to your mailing address, email address, or phone number – and send all account-related communication (think: monthly statements, new cards, and alerts about unusual activity) somewhere else. Make sure you’re not falling victim to this scheme by logging into your account and verifying that all your particulars are, in fact, still yours.
  4. Freeze your credit and/or file a fraud alert. These protective measures can help prevent someone from opening new credit card accounts or taking out loans in your name. Both services are available through the three major credit reporting bureaus. And while the two services are similar, there are a few key differences to be aware of: 

A credit freeze prevents anyone from accessing your credit report without your permission. There’s no charge to freeze your credit, and the freeze lasts until you decide to lift it. To freeze your credit, you’ll need to contact each credit reporting bureau (Equifax, Experian, and TransUnion) separately.

A fraud alert doesn’t prevent lenders from accessing your credit report, but it does require that lenders contact you immediately if someone tries to open an account using your personal info. You only need to contact one of the credit reporting bureaus to set up a fraud alert, and the alert will last for one year (but you can always choose to extend it).

check your credit report
  1. Check your credit report. By law, everyone is entitled to one free credit report per year from each of the three major reporting bureaus – and if you’ve got concerns about a credit breach, now’s the time to take advantage of this free service. Look for red flags like unfamiliar credit inquiries, accounts you don’t recognize, or delinquent or unpaid debts. You can get your free credit report here.
  2. Request new credit or debit cards. If you’re concerned that your account number has been compromised in a breach, contact your bank or credit card lender and ask them to issue you a replacement card with a new account number. (Just remember not to close your account – that’s a credit score killer!)
  3. Be wary of unsolicited communications from your lender or bank. Don’t assume that an email is legit just because it mentions a recent credit breach. Scammers have mastered the art of creating official-looking emails, complete with company logos. Our advice? Don’t reply directly or click on any links provided in these emails. Instead, log on to your lender’s website or call their customer service number directly. 

Data breaches are stressful – combatting cybercrime requires vigilance. You don’t have to go it alone, though: The helpful team at can advise you through a data breach and help you reestablish your good credit standing.

Mike is the author of “Reality Millionaire: Proven Tips to Retire Rich” and he has been published in a variety of local and national publications including Entrepreneur Magazine, Deseret Morning News, LDS Living Magazine, and Physicians Money Digest. He holds a B.S. in business administration from the University of Phoenix.

Click "More" for important American Credit Foundation client transition information