Protect Your Identity and Data

What to Do After a Data Breach

  • 7 Minute Read
  • Shares

News of a data breach is never good — especially if your data was involved. Here are some ways to protect sensitive personally identifiable information, such as your Social Security number and financial accounts, to help ensure it doesn’t end up in the wrong hands.

Create a fraud alert.

After a data breach, one of the most important things you can do is make it harder for thieves to open accounts under your name. A solid first step is to place a fraud alert on your credit file.

When you have a fraud alert on your credit file, businesses have to try to verify your identity before they extend new credit. Usually, that means calling to check if you’re at a particular store attempting to take out new credit. To place a fraud alert, contact one of the three major credit reporting agencies:

Whichever one you contact is required to notify the others. Fraud alerts last for 90 days.1

If you become a victim of identity theft, you can place an extended fraud alert on your file. An  extended fraud alert:

  • Is a free service that can extend a fraud alert for seven years.
  • Provides you with two free credit reports within 12 months from each of the three nationwide credit reporting companies.
  • Requires that credit reporting companies take your name off marketing lists for prescreened credit offers for five years.2

To create an extended fraud alert:

  • You first have to create an Identity Theft Report with the Federal Trade Commission. You can do this at
  • Once you have your Identity Theft Report, contact one of the three main credit reporting agencies and ask for an extended fraud alert. The agency will likely have you complete a request form, and they are responsible for contacting the other two agencies.  
  • When you do that, make sure you include your Identity Theft Report.2

Consider a credit freeze.

A credit freeze takes things a step further than a fraud alert. It’s important to consider whether you need to place both an alert and a freeze on your credit report, as a freeze is more stringent and requires additional action on your part. For example, a credit freeze:

  • Is designed to “lock down” your credit files so that no one – including you – can access your credit report to open new accounts.4
  • Stays in place until you remove it. To do that, you’ll need to use the PINs that you get from the credit reporting agencies.4 It’s very important that you write these PINs down and keep them in a safe place.
  • May involve a fee each time you freeze or unfreeze your account with each reporting agency, based on state law. However, in most states, they are free for identity theft victims.4

Under certain circumstances, such as the need to open a new account, applying for a job, etc., you can request the freeze be lifted for a specific period of time or for a specific party. Also, note that certain entities, such as government agencies or existing creditors, may still have access to your credit report.5

To freeze your credit, you must contact each of the three credit reporting agencies separately at the links or numbers below:

They’ll request your name, address, date of birth, Social Security number and other personal information.6

Get a copy of your free credit report.

Order a report as soon as possible after you learn of the data breach. This will help you:

  • Check your credit history so you can make sure nothing is wrong with your credit report now.
  • Identify any new (and potentially inaccurate) information that appears on your report.

The U.S. government requires each of the three credit agencies to give you a free annual credit report. While several organizations, companies and websites offer free credit reports, note that is the only site authorized by federal law to ensure banks, lenders, and other financial companies treat you fairly.

Keep an eye on your financial accounts.

Monitor all of your financial accounts yourself regularly at least once a month — and more often if you feel your data may have been exposed to a breach or if you are a victim of identity theft. This may include credit card accounts, mortgages, home equity loans, bank accounts and more.


Check for unrecognizable or frequent withdrawals, including transactions that involve a small amount, as hackers often test the account to see if it is still active. It’s a good idea to frequently change your online passwords for all your online financial and social media accounts, as well as ensuring you have the latest version of security software installed on your phone and computers. 

If you find a problem (like fraudulent charges, account changes you didn’t OK, etc.), contact the financial institution immediately so they can help you take steps to protect your account.

Consider an identity theft monitoring service.

Identity theft monitoring lets you know when personal information you’ve provided — like your Social Security number, bank account information, driver’s license or other personal information — is being used.

For example, it can alert you when your information shows up in:

  • Change of address requests.
  • Court or arrest records.
  • Orders for new utility, cable, or wireless services.
  • Payday loan applications.
  • Check cashing requests.
  • Social media.

Websites that identity thieves use to trade stolen information.7

Stay vigilant.

Even after the initial data breach scare has passed, it’s important to stay on top of your credit. This will help you protect your credit rating and prevent identity theft.

Consider these tips:

  • Opt out of prescreened credit offers. This will help you reduce the amount of junk mail you get and prevent thieves from getting their hands on these offers. To opt out of prescreened credit offers, call 888-5OPTOUT (888-567-8688) and follow the instructions.
  • File your tax return as soon as possible each year. Another risk to victims of a data breach is the possibility of having someone else using their Social Security numbers to tax returns and receive a refund check. Filing your tax return as quickly as possible will help prevent this. When an identity thief files your tax returns before you do, the tax return you file yourself comes under suspicion as it is a second return filed for the same taxpayer,8 which creates even more problems. So be persistent about asking your employers and/or clients for your W-2s, 1099s, etc.

If you think someone has accessed your tax returns, contact the IRS Identity Protection Specialized Unit at 800-908-4490 right away. (Note that the IRS will never initiate contact with you by phone or email — only postal mail. If you get a call or email out of the blue from someone claiming to be with the IRS, it’s almost certainly a scam. If that happens, call the IRS directly at the 800 number above.)9

  • Keep your critical documents in a safe deposit box. If your identity is stolen, your birth certificate, passport and other important papers (such as citizenship documents, if applicable) are your last line of defense. Keep these documents in a secure, fire-proof place. Your bank’s safe deposit box is usually the safest place.
  • Check your free credit report each year. Remember, the three main credit reporting agencies have to give you a free credit report every year. Take advantage of this every year at


[1]Place a Fraud Alert. Federal Trade Commission.

[2] Extended Fraud Alerts and Credit Freezes. Federal Trade Commission.

[3] Report identity theft, Federal Trade Commission,

[4]Fraud alert or credit freeze — which is right for you? Federal Trade Commission,

[5]Credit Freeze FAQs, Federal Trade Commission, September 2017.

[6] Credit Freeze FAQs, Federal Trade Commission,

[7] Identity Theft Protection Services, Federal Trade Commission,

[8]The Importance of Filing Taxes Early," Identity Theft Resource Center. Sam Imandoust, 2017.

[9] Tips for Taxpayers, Victims about Identity Theft and Tax Returns, IRS,


All Learning Center Topics

View all Learning Center topics.

Legal Glossary

Find definitions of legal terms.