Skip to main contentSkip to footer

Dealing With Data Breaches

Steps to take if your data has been breached

This page is a supplemental resource to the live Spring 2024 FLEX session with Hsiawen Hull and Mike Gunther. If you were unable to attend the live session, you can catch the recording here:

Understanding and Protecting yourself from data breaches


  1. Check for Communication
    If your information was identified in a recent data breach, the state of California requires that impacted organizations send notices to impacted individuals within a 'reasonable time frame.' The only requirment for this notification is to send it via physical letter (snail mail ). Often times, these communications containtime sensitive requirments, so make sure you keep an eye out for these notices. 

  2. Notify your bank and order replacement cards
    If the data breach includes banking or credit card information, contact your bank to cancel your existing cards and replace them immediately to minimize fradulent use of your cedit cards or account numbers.
  3. Freeze your credit
    All three major credit bureaus allow you to "freeze" your credit, meaning no one (not even you) can start new accounts or use your Social Security number  (SSN) without first thawing your SSN. This can be time consuming, but is a good solution if you aren't planning on making major purchases or opening new accounts any time soon. This is also helpful if the account impacted was for a minor. 
    [More info at nerdwallet]

  4. Fraud Alert and Awareness
         ALERT: If you suspect your information may be at risk, you can alert potential creditors that they should verify your identity before issuing new credit in your name. Some companies may also provide additional services to alert you when your information appears online. 
    [More info at nerdwallet]
         AWARENESS : Credit reports from the three big credit bureaus are available for free on a weekly basis. You can manually review the reports here:

  5. Monitor Your Information
    • Look for charges you don't recognize.
    • Sign up for alerts about credit transactions (push notifications, email, or text).
    • Dispute charges immediately.
    • Balance your checking accounts to identify discrepancies and unknown charges.
    • If your bank offers it, enable alerts for unusual activity. 

  6. Passwords, Passwords, Passwords
    SECURE:  Remember password best practices which recommend long, complicated passphrases unique to each account. Use a secure password manager to help keep track of user credentials. Password Manager systems, like LastPass, help simplify the organization, management, and use of your passwords.

    CHANGE: Consider changing your passwords on vulnerable accounts to something stronger, making sure to include as many complicated combinations of upper/lower cases, symbols, and numbers as possible. Renewing your password can also prevent threat actors from further accessing your accounts. For more tips, check the October 2022 Powered On Newsletter.

    AUTHENTICATE:  Enable 2FA (two-factor authentication) or MFA (multi-factor authentication) on any and every account where it is available. This adds another layer of security through logging in; that way, even if a threat actor has your password, they won't be able to access your account without that second step!


Additional resources mentioned in the live session: