Protect Your Identity and Data

Preventing a Data Breach (and What You Can Do if It’s Too Late)

  • 5 Minute Read
  • Shares

Data breaches are not a new phenomenon – but they are becoming more common as hackers use more sophisticated technology to gain access to government, medical, corporate and retail databases.

In recent years, identity thieves have stolen tens of millions of credit card numbers from major retailers; Social Security numbers and personal health information from insurance companies; potentially embarrassing personal information from dating sites; and hundreds of thousands of tax returns from the IRS. As helpless as these situations may make you feel, you can take steps to make yourself less vulnerable to a data breach – and follow specific actions to minimize the impact if you do fall victim.

Five steps to make yourself less vulnerable to a data breach

You may not have control over the security measures used by the companies and organizations that are targeted by hackers and hacking companies, but there are some things that are in your control. Follow these best practices for prevention techniques to make your information less vulnerable to a breach:

1. Use "safer" ways to pay online.

Technologies such as PayPal® or Apple Pay® are generally considered safer ways to make online payments than giving your credit or debit card information directly to a business. These payment companies store your information but don’t release it to retailers when you make a payment.

2. Use your credit card instead of your debit card.

Credit cards have more guaranteed federal protections than debit cards, so you’re more likely to get your money back if your credit card is used fraudulently. If you do use a debit card, ask the cashier to process it as a credit card instead of a debit card, which means you’ll sign for your purchase instead of entering your PIN into a keypad. That way, if your card number is stolen, at least the thieves won’t be able to enter your PIN to withdraw money from an ATM.

3. Pay in cash more often.

The best way to protect your credit and debit card information during transactions? Don’t use cards at all. As a bonus, when you use cash you're less likely to make impulse buys.

4. Limit the personal information you give out.

If you’re asked to supply personal information like a phone number, email address, Social Security number or physical address, find out why it’s needed. Don’t hesitate to ask how it will be kept safe, whether it will be shared and with whom. Keep in mind that if companies and retailers don’t have your information, it can’t be stolen if they are hacked.

5. Check your financial accounts and credit reports regularly.

Check for any red flags that could signify a credit card data breach or other type of identity theft. And if your credit card company offers it, sign up to receive a text or email if a suspicious transaction is made on your account.

What to do if you suspect your information has been stolen in a data breach

If you notice irregularities on your credit report, start having issues with your credit cards and bank accounts, shop at a store that was in the news for a credit card data breach, or use an insurance company who had records stolen, follow these steps:

1. Don’t wait to be notified.

Most states require breached companies to notify customers, but you may not receive the notification immediately. If you see a report that a company you’ve done business with has experienced a data breach, take steps immediately to protect yourself even if they haven’t contacted you to inform you that your data specifically was compromised. Just because your personal information was exposed doesn’t necessarily mean it will be used fraudulently, but you should still take the following precautions.

2. Reset your passwords.

Reset your passwords for your account with the breached company, as well as for any credit cards or bank accounts you may have used with that company. If you use the same password on other websites or for other accounts, change those as well (but remember that in an ideal world all your passwords should be unique).

3. Check all of your financial accounts.

Check all of your financial accounts line-by-line every few days for the next several weeks to make sure there are no unauthorized transactions. Even if the breach was for something unrelated to your financial accounts (like a breach of your medical insurance provider), thieves may have stolen enough personal information — such as your Social Security number and birthdate — to infiltrate your accounts.

4. Notify your bank or credit card company immediately if you find any unauthorized transactions.

The amount of debit card liability for fraudulent transactions depends upon when it’s reported. If reported within two business days, you are liable up to $50. If reported after more than two business days, but less than 60 days after your statement is sent, you are liable for up to $500. So be sure to check your accounts regularly and act quickly! Ask your bank to cancel your card and send you a new one, especially if the fraudulent charge is on a debit card.

5. Place a fraud alert.

Contact at least one of the three credit bureaus and ask them to file a (free) fraud alert. This will make it harder for someone to fraudulently open an account using your identity. The bureau you contact is required to tell the other two, so you only have to contact one of the following:

You should get a letter from each of the three credit bureaus confirming that they placed a fraud alert in your file.

6. Consider a credit freeze.

According to the FTC, credit freeze takes things a step further than a fraud alert. It is designed to “lock down” your credit files so that no one – including you – can access your credit report to open new accounts. To freeze your credit, you must contact each of the three credit reporting agencies separately, and it stays in place until you remove it. To do that, you’ll need to use the PINs that you get from the credit reporting agencies. It’s very important that you write these PINs down and keep them in a safe place. 

7. Order a credit report.

Visit to order your free report. If you’ve already ordered one this year, you can pay to get another report right away or you can request a second free report due to fraud, but that process may take longer. Once you receive your report, note any fraudulent accounts or transactions on the report.

8. Beware of scams.

When big data breaches are reported in the media, thieves sometimes use the opportunity to send emails, post on social media or make phone calls offering to “help” with the situation in hopes of getting personal information from you. They may even claim to be from the business that experienced a breach. You should never click on those links, and don’t give out any personal information. If the email looks credible, call the company (using the number listed on mail you have received from them or on their actual website) or go to their website to determine if the offer is legitimate.

9. Contact the company where the data breach occurred.

Often these companies will offer credit monitoring and identity restoration services free to their impacted customers, usually for up to a year or two.


All Learning Center Topics

View all Learning Center topics.

Legal Glossary

Find definitions of legal terms.