8 Things To Do When You Get a Notice About a Data Breach

Black_Kira / Getty Images/iStockphoto

Commitment to Our Readers

GOBankingRates' editorial team is committed to bringing you unbiased reviews and information. We use data-driven methodologies to evaluate financial products and services - our reviews and ratings are not influenced by advertisers. You can read more about our editorial guidelines and our products and services review methodology.

20 Years
Helping You Live Richer

Reviewed
by Experts

Trusted by
Millions of Readers

Data breaches are happening at an alarming rate as more and more data is stored in the cloud. In 2023, 82% of breaches involved data stored in the cloud, according to an IBM report as reported by The Wall Street Journal. 

In short, cybercriminals are exploiting a common weak spot: Many organizations lunge at the opportunity to store data on the cloud without necessarily comprehending all that goes into keeping this precious data — including data about your finances — safe. 

Recently, major companies, including AT&T, Ticketmaster and Bank of America, have been victims of data breaches. According to the Federal Register, for data breaches that affect 500 or more customers, or for which a carrier cannot determine how many customers are affected, organizations must file individual, per-breach notifications in up to seven business days. 

Now the question is this: “What do you, the customer, do when you get a notice that a company you’ve done transactions with in the past has been hit by a data breach?”

GOBankingRates spoke with cybersecurity experts to get answers. Make the following eight moves upon getting a notice about a data breach.

Also see four tips to better protect your identity online from financial scams.

Confirm the Data Breach Is Real 

The first thing you need to do when you get a notice about a data breach is to confirm it’s real.

“Verify that this isn’t fake news and that the company you are utilizing truly was breached,” said Damir J. Brescic, chief information security officer at Inversion6, a cybersecurity risk management provider. 

Carefully Review the Notice To Understand What Info Was Compromised

Once you verify that the notice is real, carefully review it. You need to do this so that you understand exactly what type of information was compromised in the breach. Was it Social Security numbers? Passwords? You need to know.

“This will help you assess your risk and determine your next steps,” said Bruno Farinelli, senior director of operations and analytics at ClearSale, a fraud management and chargeback protection services company. 

Change Your Passwords

You should be changing your passwords regularly anyway, but if you get a notice about a data breach that compromised login credentials, change your passwords immediately. 

“Use strong, unique passwords for each account and consider using a password manager to keep track of them,” said Marcelo Barros, global director at Hacker Rangers, a gamification platform for user education and engagement in information security. 

“Changing your passwords is crucial because compromised passwords can lead to further unauthorized access if not addressed promptly, especially if you use the same password for different accounts,” he said. 

Alert Relevant Institutions and Monitor Your Accounts Closely

After receiving a notice about a data breach, notify your credit card companies, bank and any other institutions where you have accounts that might be affected. 

“If your credit card information has been stolen, they may cancel the old card and issue a new one to prevent fraud,” Barros said. 

Check All Your Financial Statements 

You must immediately start monitoring your bank accounts, credit card statements and any other financial accounts for unusual or unauthorized activity in the wake of a data breach. 

“Set up alerts with your financial institutions if possible,” Barros said. “If you spot any unfamiliar charges, contact your financial institutions immediately to report and address the issue.”

Request a Credit Freeze

If any financial information, such as credit card numbers, was leaked in a data breach, request a freeze on your credit by the top three credit vendors (TransUnion, Equifax and Experian). 

“This is a good practice for digital consumers to use that creates friction for fraudsters,” said Jim Routh, chief trust officer at Saviynt, a company that provides cloud-first identity governance and access management solutions. “The downside is that you will need to turn the freeze off when you seek a mortgage, loan or new credit card.”

Don’t Panic 

This isn’t so much a move to make as it is a move to not make: panic! Don’t waste your mental energy freaking out about this. It happens, and there are ways, as we’ve shown, to deal with it. 

Amy Nofziger, the director of victim support at AARP, told CNBC not to panic when you’re involved in a data breach, as they are common and your information is likely already out there.

Watch Out For Scams 

Scamsters are always looking for ways to prey on you. A data breach can empower them, so it’s important to be vigilant. 

“Any personal details which were included in the breach can be used by threat actors to try to ‘trick’ you,” said Michael Cocanower, CEO of AdviserCyber, a company that provides cybersecurity and compliance solutions for registered investment advisors. 

“For example, if medical information is included in a breach, a threat actor may call you and reference a recent medical appointment you had or diagnosis you received,” Cocanower said. “You assume that because they have that information the call must be ‘legitimate’ but it is not. Stay vigilant. No matter what someone tells you, just hang up and call back at a number you locate on their website — not a number that anyone has provided to you.” 

Share This Article: