Unfortunately, in today’s world, data breaches happen. Companies and websites get hacked, or scammers trick people—maybe even you—into revealing important information.
If you think your data has been stolen, your first step shouldn’t be to panic.
Instead, take a deep breath and follow these steps so you can regain control over your information and minimize any potential damage:
1. Figure out what information was stolen. Not all data is created equal. Some information about you is commonly available, but then there is personal identifying information.
If the leaked information would appear in a phone book, odds are, you’re only at risk of getting more junk mail. However, personal identifying information is a different story—it’s very sensitive because, if it falls into the wrong hands, it could cause substantial embarrassment, inconvenience or harm.
Your birthdate, social security number, and payment information are all personal identifying information that is part of your unique identity. If any of this information is stolen, you have reason to be concerned and take action.
2. Change your password(s)—immediately. And resist the urge to make them too simple or easy. Instead, make sure they meet the following best practices:
- Have at least 12 characters.
- Include symbols, numbers and a mix of capital and lowercase letters.
- Do not contain personal information.
- Do not have words straight out of the dictionary.
- Is completely unique/not-used elsewhere.
Meeting all of these criteria—and actually remembering each and every password—can be a bit of a challenge. If you’re struggling, consider using a password manager such as LastPass, Dashlane 4, or Sticky Password which are all recommended by PC Magazine. If you use the same password at other websites, change those passwords immediately as well.
3. Watch for any suspicious account activity. Even though you changed your password, someone else could have had access for long enough to do some damage. Keep close tabs on your accounts and report any unusual activity immediately such as:
- Unexplained withdrawals
- Missing bills or mail
- New and unexplained bills or medical claims
- Calls from debt collectors about debts that aren’t yours
- Unfamiliar accounts on your credit report
- Stores rejecting your checks
- The IRS notifying you that more than one tax return was filed in your name
Tip: If you do spot something odd, save all documentation until the situation has been resolved.
4. Consider calling your bank and credit card companies. If you think financial information has been stolen, let your banking institutions know. They can place a fraud alert on any accounts locking them from any fraudulent activity. Most credit card companies will issue you a new card to replace a stolen one.
Tip: Record the date of each call as well as the names and telephone numbers of everyone you speak with. If something falls through the cracks, it gives you proof to back up your claims.
5. Contact the credit bureaus. You can also place a fraud/credit alert on your name at the major credit reporting agencies. An alert makes it much harder for a thief to open new accounts in your name because businesses must take extra steps to verify your identity. A fraud alert lasts 90 days, is free to do, and includes a free credit report. You can find contact information for all the credit reporting companies on the FTC website.
Tip: With a credit alert, anyone can still run a credit check on you or open account without your authorization (assuming they have the correct information to provide). A credit freeze locks your credit file, preventing anyone from accessing your information—including you—without your authorization (which can take a few days). Credit freezes usually cost between $5-10.
6. Consider using an identity recovery service. If you believe you’ve been a victim of identity theft, some companies offer services to help you report and recover. An alternative to a paid service are the free, interactive recovery plans the FTC offers to help you handle the credit bureaus, debt-collectors, the IRS and more.
For more information about recovering from identity theft, visit identitytheft.gov.