Security incidents like data breaches happen all the time, and more than half a billion personal records were stolen in 2018 alone. While you shouldn’t panic immediately, it is a good time to be proactive about protecting your personal information – because hackers aren’t going to give up any time soon. Not when there’s money to be made off everything from your date of birth to Social Security number to yes, even your home address and phone number.
If you find out your personal data has been compromised, or just want to be safe in case it ever is, keep the following information in mind.
What is a data breach?
Commonly referred to as a ‘hack’, data breaches occur when there is unauthorized access to an organizations database of customer or user information. Breaches actually occur in many forms: through hacking, poor database security, the loss or stealing of physical equipment and even the accidental publish of private data.
What could happen?
Even if your information is never actually used by identity thieves, the breach can still affect you in inconvenient and time-consuming ways:
Bank cards are cancelled and re-issued. A breach can prompt a retailer or financial institution to cancel and re-issue the cards you have. You’ll want to watch your mail carefully since notices and explanations may look like a mass mailing, so it’s easy to dismiss it as unimportant. Also, once you do have a new card, you’ll need to update the info anywhere you may be using that card as an online payment.
Missed monthly payments. If you have automatic monthly payments, you may be contacted by loan originators, creditors or your bank regarding late payments because your card was cancelled, your account was closed or assets were frozen. You’ll want to be vigilant so that no late payments put a dent in your credit score.
What can you do to prevent it?
You may not have control over the security measures used by the companies and organizations that are targeted by hackers and hacking companies, but there are some things that are in your control. Be vigilant and prevent your information from being subjected to a data breach and related identity theft:
1. Change your passwords.
Use unique passwords for all online accounts. When passwords are reused, one business data breach can open up vulnerabilities across many completely unrelated websites, such as a retail account or banking website.
2. Use "safer" ways to pay online.
Technologies such as PayPal® or Apple Pay® are generally considered safer ways to make online payments than giving your credit or debit card information directly to a business. These payment companies store your information but don’t release it to retailers when you make a payment.
3. Use your credit card instead of your debit card.
Credit cards have more guaranteed federal protections than debit cards, so you’re more likely to get your money back if your credit card is used fraudulently. Credit card companies cannot hold you liable for fraudulent purchases made on their cards. This makes it a lot easier and quicker to recoup losses than when using a debit card and trying to get those losses back from a bank.
If you do use a debit card, ask the cashier to process it as a credit card instead of a debit card, which means you’ll sign for your purchase instead of entering your PIN into a keypad. That way, if your card number is stolen, at least the thieves won’t be able to enter your PIN to withdraw money from an ATM.
4. Pay in cash more often.
The best way to protect your credit and debit card information during transactions? Don’t use cards at all. As a bonus, when you use cash you're less likely to make impulse buys.
5. Check your financial accounts and credit reports regularly.
There may be red flags that could signify a credit card data breach or other type of identity theft. Review debit and credit statements for odd charges, even small ones. Cyber criminals often test accounts with small transactions (called "pings") to make sure they are active. And if your credit card company offers it, sign up to receive a text or email if a suspicious transaction is made on your account.
What if your information has been stolen?
If you notice irregularities on your credit report, start having issues with your credit cards and bank accounts, shop at a store that was in the news for a credit card data breach, or use an insurance company who had records stolen, follow these steps:
Don’t wait to be notified. Most states require breached companies to notify customers, but you may not receive the notification immediately. If you see a report that a company you’ve done business with has experienced a data breach, take steps immediately to protect yourself even if they haven’t contacted you to inform you that your data specifically was compromised. Just because your personal information was exposed doesn’t necessarily mean it will be used fraudulently, but you should still take the following precautions.
Reset your passwords for your account with the breached company, as well as for any credit cards or bank accounts you may have used with that company. If you use the same password on other websites or for other accounts, change those as well (but remember that in an ideal world all your passwords should be unique).
Check all of your financial accounts line-by-line every few days for the next several weeks to make sure there are no unauthorized transactions. Even if the breach was for something unrelated to your financial accounts (like a breach of your medical insurance provider), thieves may have stolen enough personal information — such as your Social Security number and birthdate — to infiltrate your accounts.
Notify your bank or credit card company immediately if you find any unauthorized transactions. The amount of debit card liability for fraudulent transactions depends upon when it’s reported. If reported within two business days, you are liable up to $50. If reported after more than two business days, but less than 60 days after your statement is sent, you are liable for up to $500. So be sure to check your accounts regularly and act quickly! Ask your bank to cancel your card and send you a new one, especially if the fraudulent charge is on a debit card.
Place a fraud alert. Contact at least one of the three credit bureaus and ask them to file a (free) fraud alert. This will make it harder for someone to fraudulently open an account using your identity. The bureau you contact is required to tell the other two, so you only have to contact one of the following:
Equifax®, 1-888-766-0008
Experian®, 1-888-397-3742
TransUnion®, 1-800-680-7289
You should get a letter from each of the three credit bureaus confirming that they placed a fraud alert in your file.
Consider a credit freeze. According to the FTC, credit freeze takes things a step further than a fraud alert. It is designed to “lock down” your credit files so that no one – including you – can access your credit report to open new accounts. To freeze your credit, you must contact each of the three credit reporting agencies separately, and it stays in place until you remove it. To do that, you’ll need to use the PINs that you get from the credit reporting agencies. It’s very important that you write these PINs down and keep them in a safe place.
Order a credit report at annualcreditreport.com. If you’ve already ordered one this year, you can pay to get another report right away or you can request a second free report due to fraud, but that process may take longer. Once you receive your report, note any fraudulent accounts or transactions on the report.
Beware of scams. When big data breaches are reported in the media, thieves sometimes use the opportunity to send emails, post on social media or make phone calls offering to “help” with the situation in hopes of getting personal information from you. They may even claim to be from the business that experienced a breach. You should never click on those links, and don’t give out any personal information. If the email looks credible, call the company (using the number listed on mail you have received from them or on their actual website) or go to their website to determine if the offer is legitimate.
Contact the company where the data breach occurred. Often these companies will offer credit monitoring and identity restoration services free to their impacted customers, usually for up to a year or two.
What can you do to stay safe in the future?
First things first: Limit the amound of personal information you're willing to share. If you’re asked to supply personal information like a phone number, email address, Social Security number or physical address, find out why it’s needed. Don’t hesitate to ask how it will be kept safe, whether it will be shared and with whom. Keep in mind that if companies and retailers don’t have your information, it can’t be stolen if they are hacked.
Here are a few more tips from one of ARAG’s own IT security analysts:
- Erase a device’s memory before it is discarded. Have an IT professional ensure that your data is completely removed from any device you discard.
- Encrypt your home wireless network. Protect all of your wireless networks using “WPA2” security.
- When you send confidential data electronically, encrypt the data using passwords that combine letters, numbers, and symbols. Look into an encryption service when sending confidential information.
- Encrypt all digital storage devices at the disk level. Use encryption to protect all data, regardless of the content or storage type, including storage in the “cloud.”
- Mobile devices should be equipped with commands that deactivate the device if connected to the Internet if they’re lost or stolen. Use the common services offered by your phone provider to encrypt and lock your device and allow for wiping all data from the device if it is lost or stolen.
- For access to office networks, use a security process that requires two forms of identification to access secure client data. Make sure that you protect your office computers by requiring that they all have strong passwords.
- Talk to an IT professional when you have questions. If you are unfamiliar with setting up any of the technical safeguards needed to protect your confidential information, hire a competent IT Security professional and test your systems with an annual audit of your security.
Taking proactive steps on your own is a great start. When you’re ready to do more, there are people who can help. Much like you have health insurance to pay for a doctor, legal insurance helps to pay for a lawyer if and when you need one. Some plans even include additional identity theft coverage for additional protection.
Discover how legal insurance can reduce stress in your everyday life.
