Dealing With Data Breaches
Steps to take if your data has been breached
This page is a supplemental resource to the live Spring 2024 FLEX session with Hsiawen Hull and Mike Gunther. If you were unable to attend the live session, you can catch the recording here:
Understanding and Protecting yourself from data breaches
- Check for Communication
If your information was identified in a recent data breach, the state of California requires that impacted organizations send notices to impacted individuals within a 'reasonable time frame.' The only requirment for this notification is to send it via physical letter (snail mail ). Often times, these communications containtime sensitive requirments, so make sure you keep an eye out for these notices.
- Notify your bank and order replacement cards
If the data breach includes banking or credit card information, contact your bank to cancel your existing cards and replace them immediately to minimize fradulent use of your cedit cards or account numbers.
- Freeze your credit
All three major credit bureaus allow you to "freeze" your credit, meaning no one (not even you) can start new accounts or use your Social Security number (SSN) without first thawing your SSN. This can be time consuming, but is a good solution if you aren't planning on making major purchases or opening new accounts any time soon. This is also helpful if the account impacted was for a minor.
[More info at nerdwallet]
- Fraud Alert and Awareness
ALERT: If you suspect your information may be at risk, you can alert potential creditors that they should verify your identity before issuing new credit in your name. Some companies may also provide additional services to alert you when your information appears online.
[More info at nerdwallet]
AWARENESS : Credit reports from the three big credit bureaus are available for free on a weekly basis. You can manually review the reports here:
[https://www.annualcreditreport.com/index.action]
- Monitor Your Information
- Look for charges you don't recognize.
- Sign up for alerts about credit transactions (push notifications, email, or text).
- Dispute charges immediately.
- Balance your checking accounts to identify discrepancies and unknown charges.
- If your bank offers it, enable alerts for unusual activity.
- Passwords, Passwords, Passwords
SECURE: Remember password best practices which recommend long, complicated passphrases unique to each account. Use a secure password manager to help keep track of user credentials. Password Manager systems, like LastPass, help simplify the organization, management, and use of your passwords.
CHANGE: Consider changing your passwords on vulnerable accounts to something stronger, making sure to include as many complicated combinations of upper/lower cases, symbols, and numbers as possible. Renewing your password can also prevent threat actors from further accessing your accounts. For more tips, check the October 2022 Powered On Newsletter.
AUTHENTICATE: Enable 2FA (two-factor authentication) or MFA (multi-factor authentication) on any and every account where it is available. This adds another layer of security through logging in; that way, even if a threat actor has your password, they won't be able to access your account without that second step!
Additional resources mentioned in the live session:
- [https://www.identitytheft.gov/#/Info-Lost-or-Stolen] - Did you recently get a notice that says your personal information was exposed in a data breach? Did you lose your wallet? Or learn that an online account was hacked? Depending on what information was lost, there are steps you can take to help protect yourself from identity theft.
- [https://consumer.ftc.gov/articles/what-know-about-medical-identity-theft] - Learn what medical identity theft is, how to protect yourself against it, and how to know if someone is using your medical information.
- [https://takeitdown.ncmec.org/] - To help remove or stop the sharing of nude, partially nude, or sexually explicit images or videos of minors.