What Should I Do After a Data Breach?
After a data breach, victims need to take a deep breath and decide what the next logical steps should be to limit the damage. It’s okay to feel wronged when negligent security has compromised your personal data. Taking legal action is a good option, but you also need to take certain actions to help minimize the initial fallout and prevent identity theft and other forms of fraud.
So what are the most important next steps you should take following a data breach? First, every data breach incident is unique and you need to consider your specific situation. After you have confirmed that a security breach has occurred, and your data has been compromised, begin with trying to answer the following questions:
- What type of data breach compromised my personal information?
- Is there evidence of my data having been sold?
- What data was exposed in the breach?
- Has my Social Security number and financial information been impacted?
- Has there been any fraudulent charges or other signs of identity theft?
Data Breach Confirmation
Most people learn about a data breach from news reports or a notification letter. If you have been notified by mail or email about a possible data breach, check with the company first to confirm there has been a security incident. It is important to gather information from the proper channels because scammers may contact you following a breach, or even if there has not been any security breach at all.
Contact the breached company, not any third party involved, to learn more about the extent of the damage. Ask them what they are currently doing and what they are they going to do to help secure your information. Be wary if they tell you no data has been leaked, because sometimes even encrypted data can be stolen and sold.
Document everything you know about the breach and everyone from the company you speak to.
What Kind of Data was Stolen?
Find out exactly what kind of data was compromised or stolen. The type of information exposed matters because while a stolen credit card and can be easily canceled, it’s not exactly easy to get a new Social Security number.
Besides, hackers can do a lot more with unique data like a social security number than a credit card account. The most common data leaked includes:
- Phone Numbers
- Social Security numbers
- Personal Health Information
- Bank and credit card information
- Driver’s License numbers
- Biometrics data
Protecting Yourself from Identity Theft & Fraud
Unfortunately, after your data is stolen, you may always be at risk of future identity theft. But, you can protect yourself to some degree by taking appropriate measures, beginning with proper identity theft coverage. Consider subscribing to an ID Theft Recovery service as soon as possible. Additional ways to combat fraud include:
- Contact your Contacts: Inform your friends, family and any business contacts if your email or phone number has been hacked.
- Immediately change online financial account logins and replace credit and debit cards.
- Obtain free credit reports from AnnualCreditReport.com to look for illegal activity.
- Contact the credit bureaus and tell them to place a fraud alert on your file. Consider a credit freeze for your accounts, which can make it more difficult for someone to open a new account in your name.
- Filing your taxes early so scammers cannot use your Social Security number to file a fraudulent tax return.
- If your driver’s license number was leaked, you may contact your Division of Motor Vehicles and they can flag anyone trying to use it.
After a confirmed security breach it is time to change and strengthen your passwords, login info and other online security. This is especially important for victims of any web-service provider data breach, stolen email accounts, or if your current or former employer has been impacted.
When considering a new password, get creative and do not use common information like your birthday or family names. Add symbols and numbers. Do not use the same password for different online accounts. Establishing a two-factor authentication or using a password manager like LastPass or Keeper Security is also a good option.
Make sure you are on a secure network and not on the same system that was hacked before you log in and change passwords. Hackers can leave malware behind in some cases that can record any new information entered on your computer.
Accept the Breached Company’s Assistance
Regardless of how upset you are after having you personal data stolen due to preventable negligence, if the responsible company offers to help repair the damage and protect you for a certain amount of time, accept the offer. It is now common after a data breach for a company to offer all victims free credit file monitoring and identity theft protection.
What Happens to Data After a Data Breach?
The criminals behind most data breach events are after money, and once they are able to obtain a large volume of personal information, they usually put it up for sale on various online forums, typically on the dark web.
The dark web is a hidden layer of the internet, inaccessible on normal search engines–specific software is required to access it. The Dark Web is popular with cybercriminals as it offers anonymity and is mostly untraceable.
Once data is obtained, criminals can use it to file fraudulent tax returns, file for unemployment, open credit card accounts, and apply for various loans.
How Much is Your Data Worth?
The value of specific data changes frequently, though according to Experian, here are some common pieces of information sold on the Dark Web and what they’re generally worth:
- Social Security number – $1
- Online payment information – $20 – $200
- Credit or debit card – $5 – $110
- Drivers license number – $20
- Loyalty accounts – $20
- Diplomas – $100 – $400
- Passports – $1000 – $2000
- Subscription services – $1 – $10
- Medical records – $1 – $1000
Data Breach & Data Theft Lawsuits
Even if you feel like your information is safe for now, once personal information is stolen and leaked to the dark web, the fraud risks remains as long as that information remains at large.
It’s important to stay alert after a data breach and watch for signs of fraudulent activity. If you happen to see unusual activity on your accounts, take the appropriate actions described above to help protect yourself. If you want more information on what to do when a data breach impacts you, visit the FTC identity theft website.
After a data breach turns your life upside down, remember that you are not the only victim. There are millions of Americans who suffer from data privacy events every year, and in turn, seek legal action for compensation and to hold companies accountable for negligent security systems.
The Lyon Firm is actively involved in numerous data privacy cases and has experience filing data security claims on behalf of plaintiffs nationwide.
[contact-form][contact-field label=”Name” type=”name” required=”true” /][contact-field label=”Email” type=”email” required=”true” /][contact-field label=”Website” type=”url” /][contact-field label=”Message” type=”textarea” /][/contact-form]